Professional Documents
Culture Documents
SQLi Ituriel
SQLi Ituriel
to/user/3117196-ituriel)
Okay, so you’re finally going to figure out what an SQL injection is, and how to do it. Basically, an SQL
attack consists of extracting information from website databases. So here are the main steps of an
SQL injection:
- find sites from which data can be extracted (in the case of accounts);
- ’dump' these data to get a combo list, for example.
The first stage is divided into two smaller steps. To find websites (and thus URLs), we go through
'dorks', or 'google dorks'. These are actually kind of "parts of URL", from which you can find entire
web addresses (to put it simply).
2- Let’s attack
So the first step is to generate these famous dorks, which will allow us to find later URLs. We
generate dorks from keywords, which will change depending on the type of account you want. For
this example, let’s imagine wanting to retrieve NordVPN accounts.
Below you will find a link to a keyword scraper, which will generate keywords from simple words.
2, click ‘scrape’
Now that you have your keywords, we will use them to generate dorks. So open TSP Dork Generator.
E-book by Ituriel (https://www.nulled.to/user/3117196-ituriel)
Now that our dorks are ready, we need to convert them into URLs that can be used and injected by
our dumper. Open up Dork Searcher EZ.
3, select ‘bing’
5, click ‘start’
4, CHECK ‘ANTIPUBLIC’!!!
E-book by Ituriel (https://www.nulled.to/user/3117196-ituriel)
Step 2: proxies. You will find a proxy scraper in the .zip file. You can use it, but it is a bit slow. Or you
can simply go to https://proxyscrape.com, and get some free proxies. Wait for them to be updated
(every 5 minutes) to get more of working proxies.
I recommend using HTTP/S proxies, but socks4 or socks5 will do the job. If you are not using http
proxies, select socks4 or socks5 in the “proxy type” thing.
The search for dorks is often quite long, but I advise you to let the software run backwards until it is
finished. This ensures you get injectable URLs afterwards.
When search is done, click “stop”. To check where the URLs have been saved, you can click the little
folder image in the right top.
So, let’s end with it and start the last step. Open SQLi Dumper.
Do not forget to edit your combo to replace space by ‘:’ between emails and passwords. I will put a
good combo editor into the .zip file.
You can now check your accounts. You will not get more hits than leeching method, but your
accounts will be private!
I hope you enjoyed this e-book. You can check my nulled profile :’)
https://www.nulled.to/user/3117196-ituriel