www.i4info.org

i4info Provides the best hacking Material. Latest hacking tutorials and tools are available here. It is the best place for hackers.

Latest topics

December 2016

MonTueWedThuFriSatSun
   1234
567891011
12131415161718
19202122232425
262728293031 

Calendar Calendar

Affiliates


free forum

Forumotion on Facebook Forumotion on Twitter Forumotion on YouTubeForumotion on Google+

Visitors Counter


Flag Counter

About Author

Muhammad Shahroze Rashid
i4info
Web Developer
Web Developer & Designer,Researcher and Technical writer. An Information Security Consultant and System Auditor, a keen Security researcher.
samanabad
lahore, Punjab
54000
Pakistan
[email protected]
03064904829
DOB: 05/25/1992
Muhammad Shahroze Rashid
Muhammad Shahroze Rashid is a Web Developer and Designer, Android Developer, InfoGrapher, IT consultant and Researcher
Reviewed by Google
Google
Date published: 01/19/2016
9 / 10 stars
Muhammad Shahroze Rashid
Muhammad Shahroze Rashid Web Developer & Designer,Researcher and Technical writer. An Information Security Consultant and System Audito
samanabad
lahore
Punjab
54000
Pakistan

SQLMap/SQLi Dumper Deface

Share

Admin
Admin

Posts : 451
Reputation : 5
Join date : 2014-12-10
Age : 24
Location : Pakistan

SQLMap/SQLi Dumper Deface

Post by Admin on Fri Mar 06, 2015 4:41 pm

Requirements:

1337 Admin Finder: [You must be registered and logged in to see this link.]
SQLMap:
[You must be registered and logged in to see this link.]
Python 2.7:
[You must be registered and logged in to see this link.]


Okay open cmd and go to your SQLMap directory:

then enter this command:

CODE:
sqlmap.py -u [You must be registered and logged in  to see this link.] --dbs



Then be patient it will complete.....


Then we need the user name and password for phpmyadmin

CODE:
sqlmap.py -u [You must be registered and logged in  to see this link.] --current-user --password




Hash smh okay now we need to decrypt the password hash By using [You must be registered and logged in to see this link.]

then it should spill out the password after being decrypt!!! <3
now go to there address

CODE:
[You must be registered and logged in  to see this link.]



Now congratz you logged on to there database
Now go to there database which is called

CODE:
[19:37:09] [INFO] fetching database names
[19:37:09] [INFO] the SQL query used returns 5 entries
[19:37:09] [INFO] resumed: information_schema
[19:37:09] [INFO] resumed: mysql
[19:37:09] [INFO] resumed: performance_schema
[19:37:09] [INFO] resumed: praqua
[19:37:09] [INFO] resumed: rgweb
available databases [5]:[*] information_schema[*] mysql[*] performance_schema[*] praqua[*] rgweb <-------------------


I'll tell you how i manage to find thats the web site database its using i am on SQLi Dumper

then the database links up with the site using....

click on news cause news is always on the site for automatically insert and update the website.
LEAVE ATLEAST ON COLUMN! Then delete the rest.....
then we edit the one we left..
title can be what ever you want BUT THE MAIN IMPORTANT PART IS MAKE/GET A DEFACE SCREENSHOT IT WITH ALT+ PRNT SCRN AND UPLOAD IT ON A PHOTO SHARE SITE!!!
should be like that ^.^
now that is less damage then you think to make it noticeable lets go to Tender table!!!


LEAVE ATLEAST ON COLUMN! Then delete the rest.....
then we edit the one we left..

we do the samething BUT! in the title box cause its big put your deface code!

better img code cause you can resize it!
now lets use our Admin Finder Python.

now lets go to the link and we have the password of the admin.

now to spread your r.a.t virus upload it and click Save!<3

OR Upload Shell to really add your Deface<3!<3 [You must be registered and logged in to see this link.]
ANTIVIRUS WILL DETECT IT AS A BACKDOOR DISABLE IT!
Then there you go to the url: [You must be registered and logged in to see this link.]

then do the basic things you usually do on file manager
i recommand using SimAttack cause that one i am using is a fail and also they detect c99 and wont let you upload it. so SemiAttack

CODE:
[You must be registered and logged in  to see this link.]


Wala there its complete [You must be registered and logged in to see this link.]
To automatically rat the victum go the SimAttacker and go to cmd enter this code

CODE:
ex:- C:\Program Files (x86)\Zend\Apache2\htdocs\Tenders\Fakey.exe  




    Current date/time is Tue Dec 06, 2016 6:53 pm