hello dosto , aaj ki is post me ham baat karne bale ki aap SQL INJECTION help se kisi bhi website ko kese hack kar sakte ho guys .To agar ap meri photo pheli bar padh rahe ho to i think apne meri pheli post nai padhi hogi jisme mene SQL INJECTION ke bare me btaya tha ki SQL INJECTION kya hota he aur ap kese kisi bhi website ko sql injection ke jariye hack kar sakte ho to guys aap is post ko padhne se phele us post ko jarur read karle usse apko basic knowladge mil jaygi mene us post me SQL INJECTION ATTACK ke bare me bahut deep me btaya he
HACK WEBSITE USING SQL INJECTION IN KALI LINUX
so guys jese ki mene apko phele btaya tha ki sql injection unhi website ko hack karta he jo sql vulnerable hoti he so eshi website apko find karni hoti he usme koi query dalna jo me apko phele post me bta chuka hu so ham ap start karte he ki eshi sites ko kali linux se kese hack karte he so guys lets start
1. sabse phele apne kali linux ka terminal open kare aur type kare "sqlmap" aur enter kar de so sql injection ki command chalu hi jaygi
2. so jese hi sql ki command chalu ho jaygi then apko type karne he sqlmap -u and then website ka name dalkar --dbs laga dena he guys dbs ka means hota he database ye sab type karne ke bad enter kar de .
for ex.. sqlmap-u http://www.xyz.com --dbs
3. guys jese hi ap enter press karoge sql injection se puri website ka database scan hone lagega aur apki screen me 2 ya 3 bar permission mangega to ap yes type karte chalna
4. sari process complete hone ke bad apko database ke columns show hone lagega .so inme se ek column me hamara username aur password store hoga so chalo dekhte he
5.then guys ab hamko in column ko scan karna he kyuki inhi kisi column me hamara password hoga so column ko check karne ke liye hamhe command type karni hogi .
for example -sqlmap -u http://"website full url " -D bible_hostory --tables
guys jese ki me first column scan kar raha hu to mene first column ka name dala ho sakta he apki website ke case me ye alag ho so ap apne column ka name put kare
6. ye command success hone ke bad hamko us column ke andar ki sari tables mil gai guys jesa ki ham jante he ki password column ke andar tables me hota he then ham tables ko scan karege, to hamare case me administrator bali tables me hame user aur pass milega kyuki yaha hi ham login karte he then apko command likni hogi
sqlmap -u "http://www.websitename.com/' -D bible_history --T administrators --column
GUYS APKE CASE ME SAB KUCH SAME RAHEGA BASS APKA -D BADAL JAYGA --T BADAL JAYGA AUR WEBSITE NAME BHI CHANGE HO JAYGA .YE SIRF EXAMPLE KE LIYE HE
7.guys ab hamko administrator ka password chaiye then hamko command type karna he sqlmap -u http://"website name " -d "database name " -t "table name " --columns and enter
8. guys jese hi apne enter kiya apko us table ke andar ka pura data mil gya hoga jesa ki ap dekh sakte ho yaha apko user mil chuka he password mil chuka he sirf apko unhe dump karna he so guys kese dump karte he chalo me apko btata hu .
9. so hamko yaha sabse phele user name dump karna he admin_username me store he jo isko dump karne ke liye apko command type karni padegi
for example sqlmap -u http://"website url" -d "database name " -t "table name" -c "column name " (yaha column name bo he jisko hame dump karna he) then --dump and enter
10. ap dekh sakte ho hamko user name mil gya lekin ab hamko password chaiye hoga jisse ham login kar paye so ap hamko password dump karna he so apne dekha tha ki password admin_password name ke column me store tha so ab ham isko dump karege so chalo
11. so jese hamne user name dump kiya tha wese hi hame password dump karna he guys
for example sqlmap -u http://"website url" -d "database name " -t "table name" -c "column name " (yaha column name change ho gya means admin_password aagya ) then --dump and enter
guys ap dekh sakte ho ki kis tarha hamne sql injection ki help se kisi bhi website ko hack kar diya .ab ap kis user aur password ka use karke website me success full enter kar sakte ho .
i hope apko ye post accha laga hoga so guys ham apke liye eshi hi aur post late rahege us liye apko hamare post ki notification on karna hoga .
No comments:
Post a Comment