MisAimer
SQL Injector
LEVEL 1
300 XP
Hello everyone again!
I want to explain a process of making combolists, by dumping databases with the free-available tools to everyone.
This will require DORKS - I will post a tutorial on dorks soon too.
For this tutorial we will need SQLmap, SQLIdumper, dorks and an URLs Scraper/Parser (it is okay to use the one from SQLIdumper).
Once you get your dorks, you will load them in SQLIdumper and get your URLs.
It is a key factor here to use SQLIdumper 9.7 (it is the best, fastest, most stable version of SQLIdumper at the time of us speaking).
Once done, you can use the database scanner if you want for it to locate usernames, emails and passwords, but that is on your own choice.
Here is the part where it gets tricky:
You will go through the links that sqli dumper found vulnerable and check the domains on https://similarweb.com/ to see traffic. Similarweb is a site analytics website that will tell you the traffic information about a website, which country it is most visited from, how many visits does the site have in general, total, where are the visits coming from and so on.
If a site is not showing there, then it means that it is a bad not worthy to waste time on site.
Once you find your desired sites, you will need to take the original URL (not the one with the sqli commands from sqli dumper) and go into your sqlmap and write:
sqlmap.py / sqlmap (depends if linux/windows) -u "url" --dbs
This will print out all the databases. Once done you will go through them and look for the database where there could be an admin password in.
Once you find a database with an admin password, you save it.
Usually database passwords are named AUTH_STRING or similar.
Once you got the root and the password saved, we will need to check if the server will allow an user connection outside of the local network.
You will need the ip address of the server (most times on such insecured sites you can simply get it by pinging the site url in your command prompt (cmd)) and then you will need a database client to connect to the database with, I am using one that I do not want to disclose, so I will leave you to find one yourself, shouldnt take you more than one google search.
Once you get a client you will connect using the ip and if there is no automatic port set, the port for mysql databases is 3306, you choose the type of database (u have that in sqlmap) and then connect.
Now you will have full access to the database, you will be able to download it directly without dumping it and you will see all the data on the server, rather then the ones during an sqli which usually not all appear.
Now from here you can go even further and find other servers that the one you are in has connections with and jump around servers to see if any worthy will come up.
Thank you for reading my tutorial, I hope you understood it besides my lack of creativity into making it, after all I didn't put effort at all so I am sorry for that, but the ones who work hard will easily use this information and get what they are trying to get.
Good luck.
I want to explain a process of making combolists, by dumping databases with the free-available tools to everyone.
This will require DORKS - I will post a tutorial on dorks soon too.
For this tutorial we will need SQLmap, SQLIdumper, dorks and an URLs Scraper/Parser (it is okay to use the one from SQLIdumper).
Once you get your dorks, you will load them in SQLIdumper and get your URLs.
It is a key factor here to use SQLIdumper 9.7 (it is the best, fastest, most stable version of SQLIdumper at the time of us speaking).
Once done, you can use the database scanner if you want for it to locate usernames, emails and passwords, but that is on your own choice.
Here is the part where it gets tricky:
You will go through the links that sqli dumper found vulnerable and check the domains on https://similarweb.com/ to see traffic. Similarweb is a site analytics website that will tell you the traffic information about a website, which country it is most visited from, how many visits does the site have in general, total, where are the visits coming from and so on.
If a site is not showing there, then it means that it is a bad not worthy to waste time on site.
Once you find your desired sites, you will need to take the original URL (not the one with the sqli commands from sqli dumper) and go into your sqlmap and write:
sqlmap.py / sqlmap (depends if linux/windows) -u "url" --dbs
This will print out all the databases. Once done you will go through them and look for the database where there could be an admin password in.
Once you find a database with an admin password, you save it.
Usually database passwords are named AUTH_STRING or similar.
Once you got the root and the password saved, we will need to check if the server will allow an user connection outside of the local network.
You will need the ip address of the server (most times on such insecured sites you can simply get it by pinging the site url in your command prompt (cmd)) and then you will need a database client to connect to the database with, I am using one that I do not want to disclose, so I will leave you to find one yourself, shouldnt take you more than one google search.
Once you get a client you will connect using the ip and if there is no automatic port set, the port for mysql databases is 3306, you choose the type of database (u have that in sqlmap) and then connect.
Now you will have full access to the database, you will be able to download it directly without dumping it and you will see all the data on the server, rather then the ones during an sqli which usually not all appear.
Now from here you can go even further and find other servers that the one you are in has connections with and jump around servers to see if any worthy will come up.
Thank you for reading my tutorial, I hope you understood it besides my lack of creativity into making it, after all I didn't put effort at all so I am sorry for that, but the ones who work hard will easily use this information and get what they are trying to get.
Good luck.