How to hack website-with-sqlmap-in-kali

KALI HACKING TUTORIALS

 $R.K.M.$ HACKER

In the previous tutorial, we hacked a website using

nothing but a simple browser on a Windows

machine. It was a pretty clumsy method to say the

least. However, knowing the basics is necessary

before we move on to the advanced tools. In this

tutorial, we'll be using Kali Linux (see the top

navigation bar to 􀀮nd how to install it if you haven't

already) and SqlMap (which comes preinstalled in

Kali) to automate what we manually did in the

Manual SQL Injection tutorial to hack websites.

Now it is recommended that you go through the above tutorial once so that you can get an idea

about how to find vulnerable sites. In this tutorial we'll skip the first few steps in which we find

out whether a website is vulnerable or not, as we already know from the previous tutorial that

this website is vulnerable.

 .Kali Linux

First off, you need to have Kali linux (or backtrack) up and running on your machine. Any other

Linux distro might work, but you'll need to install Sqlmap on your own. Now if you don't have

Kali Linux installed, you might want to go to this page, which will get you started on Beginner

Hacking Using Kali Linux

 .Sqlmap

Basically its just a tool to make Sql Injection easier. Their oficial website introduces the tool as

-"sqlmap is an open source penetration testing tool that automates the process of detecting and

exploiting SQL injection flaws and taking over of database servers. It comes with a powerful

detection engine, many niche features for the ultimate penetration tester and a broad range of

switches lasting from database fingerprinting, over data fetching from the database, to accessing

the underlying file system and executing commands on the operating system via out-of-band

connections."

A lot of features can be found on the SqlMap website, the most important being - "Full support

for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite,

Firebird, Sybase and SAP MaxDB database management systems." That's basically all the

database management systems. Most of the time you'll never come across anything other than

MySql.

Hacking Websites Using Sqlmap in Kali linux

Sql Version.

Boot into your Kali linux machine. Start a terminal, and type -

It lists the basic commands that are supported by SqlMap. To start with, we'll execute a simple

command

sqlmap -u <URL to inject>. In our case, it will be

Sometimes, using the --time-sec helps to speed up the process, especially when the server

responses are slow.

Either ways, when sqlmap is done, it will tell you the Mysql version and some other useful

information about the database.

The final result of the above command should be something like this.

Note: Depending on a lot of factors, sqlmap my sometimes ask you questions which have to be

answered in yes/no. Typing y means yes and n means no. Here are a few typical questions you

might come across-

    •Some message saying that the database is probably Mysql, so should sqlmap skip all other tests and conduct mysql tests only. Your answer should be yes (y).

    •Some message asking you whether or not to use the payloads for specific versions of Mysql. The answer depends on the situation. If you are unsure, then its usually better to say yes.

Enumeration Database

In this step, we will obtain database name, column names and other useful data from the

database.

So the two databases are acuart and information schema.

Table.

Now we are obviously interested in acuart database. Information schema can be thought of as a

default table which is present on all your targets, and contains information about structure of

databases, tables, etc., but not the kind of information we are looking for. It can, however, be

useful on a number of occasions. So, now we will specify the database of interest using -D and

tell sqlmap to enlist the tables using --tables command. The final sqlmap command will be

The result should be something like this -

Database: acuart

[8 tables]

+-----------+

| artists |

| carts |

| categ |

| featured |

| guestbook |

| pictures |          

| products |

| users |

+-----------+

Now we have a list of tables. Following the same pattern, we will now get a list of columns.

Columns

Now we will specify the database using -D, the table using -T, and then request the columns
using --columns. I hope you guys are starting to get the pattern by now. The most appealing
table here is users. It might contain the username and passwords of registered users on the
website (hackers always look for sensitive data).
The final command must be something like

The result would resemble this-

Data

Now, if you were following along attentively, now we will be getting data from one of the

columns. While that hypothesis is not completely wrong, its time we go one step ahead. Now we

will be getting data from multiple columns. As usual, we will specify the database with -D, table

with -T, and column with -C. We will get all data from speci􀀮ed columns using --dump. We will

enter multiple columns and separate them with commas. The 􀀮nal command will look like this.

Here's the result

John Smith, of course. And the password is test. Email is email@email.com?? Okay, nothing great, but in the real world web pentesting, you can come across more sensitive data. Under such

circumstances, the right thing to do is mail the admin of the website and tell him to fix the vulnerability ASAP. Don't get tempted to join the dark side. You don't look pretty behind the bars. That's it for this tutorial. Try to look at other columns and tables and see what you can digup. Take a look at the previous tutorial on Manual SQl Injection which will help you find more interesting vulnerable sites.

How to Use Two Whatsapp Number in One Device

$R.K.M.$ HACKER

OGWhatsApp 2.11.432 WhatsApp 2 Account in one Apps Android Live Watts account.

Features of this OGWhatsApp 2.11.432:

** Ability to use two accounts on an Android device
** Ability to backup software
** Ability to select Bkvn Software
** Wipe data or Rystvr WhatsApp again.

How to install OGWhatsapp on your android Phone.

→ Take a backup on your messages (In case you need the messages)

→ Clear WhatsApp data (or reinstall it)→ Rename /sdcard/WhatsApp folder to 
/sdcard/OGWhatsApp→ In OG version verify the outdated quantity, and in legit model examine the brand new one

→ Then injoy ☺☺.....

  Free Download Link

  OGWhatsApp 2.11.432 Apk

File Name: OGWhatsApp 2.11.432 Apk

File Size: 10.6 MB
Requires Android: 2.1+
Source code file: rkm.01.blogspot.in

.....................................................................................................................................................

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Name *

Email *

Website

Comment

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

 Notify me of follow-up comments by email.

 Notify me of new posts by email.

$R.K.M.$ Hacking

How To Hack Saved Password In Firefox ?

Labels: BROWSER TRICKS, FIREFOX, HACKING, INTERESTING TRICKS, PASSWORD HACKING

In my previous post i had posted two tutorials on

How to hack google chrome saved password ? and

More simple way to hack google chrome saved

passworod. In this post i will share with you guys

how to view saved password in Mozilla Firefox web

browser. This trick can be helpfull if you get your

hands on someone computer maybe your friends and

he has saved password for certain websites like

gmail, facebook,yahoo etc then you can easily view

his password with very simple and easy trick that i

am going to share today.

For demonstration purpose i have already saved a fake email password for facebook. But

it will work on any website. So lets get started.

How to do ?

1. Open Firefox Web Broweser
2. Then Click on FireFox > Option > Option as shown in below picture

3. Then a POP Up box will appear, In that go to security and click on Show Passwords
as show below.

4. Now click on website whose password you want to see ans click on show password
as shown in below image. (Note: It will ask for confirmation so click on yes when dialog
box appears)

5. Done, You have hacked password of your victim with few simple steps. You can try
this at school computer lab if someone have saved their password.

Password Protect Any Folder Without Any Software

$R.K.M.$ Hacker

How To Lock Folder ?

.....................................

1. Open Notepad and Copy code given below into it.

cls

@ECHO OFF

title coolhacking-tricks.blogspot.com

if EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto

UNLOCK

if NOT EXIST MyFolder goto MDMyFolder

:CONFIRM

echo Are you sure to lock this folder? (Y/N)

set/p "cho=>"

if %cho%==Y goto LOCK

if %cho%==y goto LOCK

if %cho%==n goto END

if %cho%==N goto END

echo Invalid choice.

goto CONFIRM

:LOCK

ren MyFolder "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"

attrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"

echo Folder locked

goto End

:UNLOCK

echo Enter password to Unlock Your Secure Folder

set/p "pass=>"

if NOT %pass%== coolhacks goto FAIL

attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"

ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" MyFolder

echo Folder Unlocked successfully

goto End

:FAIL

echo Invalid password

goto end

:MDMyFolder

md MyFolder

echo MyFolder created successfully

goto End

:End

2. Save the notepad file as lock.bat (.bat is must)

3. Now double click on lock.bat and a new folder will be created with name MyFolder

4. Copy all your data you want to protect in that New folder

New Facebook Smiley Codes For Chat

$R.K.M.$ Hacker

Code For Facebook Smileys

[[f9.laugh]]

[[f9.sad]]

[[f9.angry]]

[[f9.sleepy]]

[[f9.shock]]

[[f9.kiss]]

[[f9.inlove]]

[[f9.pizza]]

[[f9.coffee]]

[[f9.rain]]

[[f9.bomb]]

[[f9.sun]]

[[f9.heart]]

[[f9.heartbreak ]]

[[f9.doctor]]

[[f9.ghost]]

[[f9.brb]]

[[f9.wine]]

[[f9.gift]]

[[f9.adore]]

[[f9.angel]]

[[f9.baloons]]

[[f9.bowl]]

[[f9.cake]]

[[f9.callme]]

[[f9.clap]]

[[f9.confused]]

[[f9.curllip]]

[[f9.devilface] ]

[[f9.lying]]

You May Also Like To Check This

How To Make Nameless Folder

$R.K.M.$ Hacker

Making Nameless Folder In Windows

12:00 Posted by $R.K.M.$ Hacker...

Labels: INTERESTING TRICKS, WINDOWS

How To Make Nameless Folder
Before attempting this trick, try to make a folder with no name and you will fail to do so.
This is what this trick will let you do. Below is screenshot of folder before and after
doing this interesting trick.
1. Make a Newfolder on desktop or where ever you want.
2. Right click on this newly created folder and select Rename.
3. Erase the text showing "New Folder".
4. Now keep Pressing Alt (i.e alter key) and type 255. If you are on laptop then
you need to enable your Num Lock and type from the highlighted number keys not
from those below function keys.
5. After that leave alt key and Press enter.

6. Done you just created nameless folder.

How to Hack Gmail , Facebook with Backtrack 5 or Kali linux

$R.K.M.$ Hacker

.....................................

How to Hack Gmail , Facebook with

Backtrack 5 or Kali linux...........

First open your backtrack terminal and type ifconfig to check your IP

(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzI4xMi8eIHVWMgnB_5TSTuoAfJn6Lk3OxPUUh8k3F8HFy1aec5z4kVHTYoEUGMU0zs9yLOJCOj8hwU8RZvqbGpuJdltEZGPCS01rkgFujRjrIzX5jBusOt2_T_dqBosMabtG-DaPszCmU/s1600/0.jpg)

Now Again Open Your Backtrack terminal and Type cd /pentest/exploits/set

Now Open Social Engineering Toolkit (SET) ./set

Now choose option 2, “Website Attack Vectors”.

In

 C:\Users\$R.K.M.$ hacker\Desktop\2014-03-07 09_53_38-How to Hack Gmail , Facebook with Backtrack 5 or Kali linux - All Tech Hacks.pdf.png

In this option we will choose option 2 “Site Cloner”.

Enter the URL of the site you want to clone. In this case http://www.gmail.com and hit enter. SET will clone up
the web site. And press return to continue.

Now convert your URL into Google URL using goo.gl and send this link address to your victim
via Email orChat.

Enable God Mode In Windows 7 And Vista

$R.K.M.$ Hacker

Enable God Mode In Windows 7 And Vista

1. On your desktop right click and create a New Folder.

2. Rename this folder to the code given below.

GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}

3. Done now double click on this folder and you will have access to all your windows

operating system settings.

How To Create Undeletable And Unrenamable Folders ?

$R.K.M.$ Hacker

Create A Undeletable And Unrenamable Folders In

Windows

How To Create Undeletable And Unrenamable Folders ?
1. Go to Start and then Click on Run
2. Type cmd & hit enter (To open Command Prompt ).
3. Remember you cannot create Undeletable & unrenamable folder in your root
directory (i.e. where the windows is installed) That means you can't make this
kind of folder in C: drive if you installed windows on C:
4. Type D: or E: and hit enter
5. Type md con\ and hit enter (md - make directory)
6. You may use other words such as aux, lpt1, lpt2, lpt3 up to lpt9 instead of con
in above step.
7. Open that directory, you will see the folder created of name con.
8. Try to delete that folder or rename that folder windows will show the error
message.
How to delete that folder ?
It is not possible to delete that folder manually but you can delete this folder by
another way mentioned below.
1. Open Command Prompt
2. Type D: ( if u created this type of folder in D: drive) & hit enter
3. Type rd con\ (rd - remove directory)
4. Open that directory and the folder will not appear because it is removed.

Cool tricks of VLC player

$R.K.M.$ Hacker www.google.com             

1. Awesome VLC Media Player Trick

13:18 Posted by $R.K.M.$ Hacker

Labels: INTERESTING TRICKS, WINDOWS

In this tutorial i will share a simple trick yet interesting trick i came across while surfing

on the internet. I will call it VLC Inception trick. This trick is simple and works on

windows xp as well as windows 7. If you know this trick then its great if you don't then

lets dive into it.

How To Do This Trick ?

1. Open Vlc Media Player.

2. Then Press Cltr + N

3. Now Type "Screen://" (without quotes)

4. Click on Play and watch this simple little trick.