Website Kaise Hack Kre Or Oska Data Kaise Nikale SQLMAP Ki Madad Se Full Tutorier In-Hindi
SQLMAP KYA HAI KAISE KAM KARTA HAI
SQLMAP ek open source penetration testing tool hai jo ki kisi v website ke database ko automatic detact karleta or hame oska information de sakta hai ek tarah se kaha jaye to isko sirf testing ke liye banaya gya tha ki agar aapke website ki database me koi gadbadi payi jati hai to aap iski madad se oske error ka pata laga sakte hai magar hackers iska galat use karte hai or iska use hacking ke liye karte hai to aap ye to samjh h gaye honge ki SQLMAP kya hai or iska kam kya hai or ab ham niche janege ki kaise hum iska istemal website hacking ke liye kar sakte hai
NOTE: SQLMAP Kali linux me pahle se install rahta hai isko aap command deke chalu kar sakte hai .
STEP 1. sabse pahle hamko ye pata karna padega ki jis website ko ham hack karne ja rahe hai wo vulnerable website hai ki nahi iske liye hamare pass ek bahut h simple sa trick hai aap koi v ek website ka ulr ko apne kisi v browser me open kijiye ab aapka url kuch iss tarh ka hoga http://www.targetwebsite.com/form.php?id=5 ab aapko karna kya hai ki aapko url ke last me ye mark lagana hai (') is mark ko single quotation mark bolte hai ab aapka url kuch iss tarah ka dikh raha hoga http://www.targetwebsite.com/form.php?id=5'ab aap niche picture me dekhe error dikha raha hai iss error ka matlab hai ki wo website vulnerable hai jisko ham inject kar sakte hai .
Ab ham janege ki kaise ham SQLMAP ki madad se kisi website ke databse ko over-take kar sakte hai
STEP 2. Ab aapko vulnerable mil gya hai ab aap apna terminal ko open karle or niche diye gaye command ko type kare .
STEP 3. Sabse pahle hame ye dekhna hai ki website pe sara datbase moajud hai ki nahi iske liye iss Syntax ka use kare
Syntax: sqlmap -u [URL] --dbs
-u: ye command ham iss liye dete hai taki oparating system ko pata chal sake ki ham koi url dalne wale hai
--dbs: ye command Deke ham oss website ka pura data jo oske andar moajud hai oska pata lagate hai.
Complete command: ye aapka pura command hoga yaha pe code ko change karke apna target url dal de or iss command ko aapko type karna hai.
STEP 4. ab aap picture me dekhiye ye jab likhega back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes ? to aapko y button badakar skip kardena or oske next me v aapko y button badana hai .
bas ab proccess chalega iske liye aapko kuch minute wait karne padenge jab ye successfull completion ho jayega tab ye aapko sari list dikha dega jo website ke andar database moajud hogi.
STEP 5. Ab yaha pe picture me do database dikha raha hai pahla information schema or dusra guru ab in dono ka matlab kya hai information schema ek standrad database hai jo ki har MYSQL database me rahta hai iska matlab ye hamare kisi kam ka nahi hai hamara main database guru ke andar hai ab hame guru ko exploit karna hai.
GURU DATABASE KO KAISE EXTRACT KARE
STEP 6. Iske liye hame do parameters dene honge jo ki niche aap dekh sakte hai .
sqlmap -u [URL] -D Database_name --tables
1. -D : d ka matlab database hame jis database ko extract karna hai ham oss database ka nam denge yaha.
2. --tables : iska matlab hai ki ham jis database ka nam de rahe hai osko extract kardo .
Complete Command: ye aapka pura command hai isme apna website ka nam bas change karde or fir type karke enter krde.
aap iss code ko edit karke website ka nam dal de jo aapne target kiya hua hai
STEP 7. ab jaisa ki aap picture me dekh rahe hai hame tables ke form me database dikh raha hai but hame admin user wala data chahiye kyoki admin ka database mil gya to website
me sab kuch aasani se hack kar sakte hai .
Extract columns
ab hamko admin user wale databse ko extract karna hai iske liye hame command dena padega jisko ham niche explanation ke sath bataye hai
-D : D option database ke liye hota hai jisme admin user ki information hai .
-T : T matlab Table hota hai admin table ke liye ham iska use karte hai .
--columns : table ke anadr jo coloumn moajud h jinko extract karna hai oske liye ham coloumns ka use karte hai.
Complete command: iss command me se bas website ko edit krde or apna website dalke enter karde.
STEP 8. Jab ye finish hojayega tab ye display pe sara columns dikha dega jo table ke andar moajud hai jisko aap picture me v dekh sakte hai ab aap yaha pe bahut sara column dekh sakte hai jaise ki username , passwords , emails , addresshes , and many more ab hame jisko access chalo mai user_ coloum ko pahle access kar rhe hai ham username stored ko jo colomn ke andar hai osko extract karne ke liye command dete hai .
-D : database ko access karne ke liye iss command ka use karte hai.
-T : Table ko access karne ke liye iss command ka use karte hai.
-C : column ko access karne ke liye iss command ka use karte hai .
--dump : iss command se ham coloumn ke andar ka data nikal sakte hai.
Full command: ab ye pura command hai isme website address ko edit krke enter krle.
STEP 9. jaisa ki picture me dikh raha hai hame yaha pe do admin ka account dikh raha hai iska matlab hame admin user ki information mil gyi.
maine jo website dala hai ospe sirf do admin hai agar aapka terminal jyada time lerha hai information nikalne me to mai aapko --threads 7 commad derha hu ye command fast loading hai ye hamako fast data loading me help karti hai.
STEP 10. ab hame password ki jarurat hai isme kuch khass dhyan nhi dena hai aapko bas command ko ache se dhyan se dekhna hai password ke liye ham bas username ki jagah password dal diya hai bas hogya password ke liye command niche se command copy karke type karde.
STEP 11. Ab aap picture me dekh sakte hai jiska matlab aap samjh h gye honge ye bol raha hai ki password yaha pe moajood nhi hai isko hame crack karna padega jab aap command me dekhenge to ye puch raha hoga ki kya aap dictionary-based se attack karna chahte hai to y enter kijiye bas aap y daba kar enter pe click karde.
STEP 12. Ab yaha next step me ye puchega ki aap dictionary ko kaha se use karna chahte hai ham 1 ko pahle select karenge oske baad ye password crack karna start kardega adhiktar default dictionary file se hashes paswword crack nhi kar pata hai but fir v ham test karenge.
STEP 13. hame yaha pe password nahi mila hai to koi bat nhi hamare pass or v alternatives hai internet pe bahut sare online md5 decrypters hai jo password crack karne ke kam me aata hai .
STEP 14. yaha pe aap apne hashes ko note karle ham yaha pe hashkiller ka use krke hash website ko crack karenge.
STEP 15. Ab yaha pe aapko hashkiller ke website pe jana hoga apne hash ko crack karne ke liye waha pe jake right side me apna url past karde or fill captcha ko fill krke submit pe click karde ab jo cracked hash hoga wo hash ke right side me show hoga jaisa ki aap picture me dekh sakte hai maine apna hash cracked karliya hai
NOW-POST-IS-COMPLETED-HERE-IS-SOME-FEEDBACK
Aap chahe to costom dictionary ko internet se download karke v use kar sakte hai agar aapko iss post se related kisi step me problem aarahi hai to mujhe aap comment karke bataye ham osko solve karenge ummid hai aaj ka yah post aap logo ko pasand aaya hoga thank you for visiting our site keep visitng us
Comments
Post a Comment