Scribd Logo
Upload

Welcome to Scribd!

  • SQLi Ituriel

    Uploaded by

    cvezten g
    76 views7 pages
    This document provides step-by-step instructions for performing SQL injection attacks to extract user account information like emails and passwords from websites. It describes using keyword scrapers and dork generators to find injectable URLs, a dork searcher to convert the dorks into URLs, and an SQL dumper tool to analyze the URLs, exploit SQL injection vulnerabilities, and extract user data from database tables if found. The goal is to generate lists of extracted user emails and passwords that can then be used to access private accounts.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides step-by-step instructions for performing SQL injection attacks to extract user account information like emails and passwords from websites. It describes using keyword scrapers and dork generators to find injectable URLs, a dork searcher to convert the dorks into URLs, and an SQL dumper tool to analyze the URLs, exploit SQL injection vulnerabilities, and extract user data from database tables if found. The goal is to generate lists of extracted user emails and passwords that can then be used to access private accounts.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    76 views7 pages

    SQLi Ituriel

    Uploaded by

    cvezten g
    This document provides step-by-step instructions for performing SQL injection attacks to extract user account information like emails and passwords from websites. It describes using keyword scrapers and dork generators to find injectable URLs, a dork searcher to convert the dorks into URLs, and an SQL dumper tool to analyze the URLs, exploit SQL injection vulnerabilities, and extract user data from database tables if found. The goal is to generate lists of extracted user emails and passwords that can then be used to access private accounts.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 7

    E-book by Ituriel (https://www.nulled.

    to/user/3117196-ituriel)

    SQLi finally explained


    1- Theory

    Okay, so you’re finally going to figure out what an SQL injection is, and how to do it. Basically, an SQL
    attack consists of extracting information from website databases. So here are the main steps of an
    SQL injection:
    - find sites from which data can be extracted (in the case of accounts);
    - ’dump' these data to get a combo list, for example.

    The first stage is divided into two smaller steps. To find websites (and thus URLs), we go through
    'dorks', or 'google dorks'. These are actually kind of "parts of URL", from which you can find entire
    web addresses (to put it simply).

    2- Let’s attack

    All the tools you will need are available here:


    https://anonfiles.com/Hbn6g1Q6o4/SQLi_DUMP_PACK_zip

    So the first step is to generate these famous dorks, which will allow us to find later URLs. We
    generate dorks from keywords, which will change depending on the type of account you want. For
    this example, let’s imagine wanting to retrieve NordVPN accounts.

    Below you will find a link to a keyword scraper, which will generate keywords from simple words.

    3, wait for the


    1, write here the main number of keywords
    words from which you want to stop growing
    to retrieve keywords

    4, export your data

    3, click ‘remove duplicates’

    2, click ‘scrape’

    Now that you have your keywords, we will use them to generate dorks. So open TSP Dork Generator.
    E-book by Ituriel (https://www.nulled.to/user/3117196-ituriel)

    1, check all those boxes

    2, past here the keywords 3, I would recommend


    you have just scraped setting this to 2000, and
    then click on ‘generate’

    Now that our dorks are ready, we need to convert them into URLs that can be used and injected by
    our dumper. Open up Dork Searcher EZ.

    Soft is cracked, so you can click login


    without writing anything.

    1, go there, click clean, then delete,


    then create, then close little window

    2, select the source (the dorks you


    generated, and proxies. Read below
    for details

    3, select ‘bing’
    5, click ‘start’

    4, CHECK ‘ANTIPUBLIC’!!!
    E-book by Ituriel (https://www.nulled.to/user/3117196-ituriel)

    Step 2: proxies. You will find a proxy scraper in the .zip file. You can use it, but it is a bit slow. Or you
    can simply go to https://proxyscrape.com, and get some free proxies. Wait for them to be updated
    (every 5 minutes) to get more of working proxies.

    I recommend using HTTP/S proxies, but socks4 or socks5 will do the job. If you are not using http
    proxies, select socks4 or socks5 in the “proxy type” thing.

    The search for dorks is often quite long, but I advise you to let the software run backwards until it is
    finished. This ensures you get injectable URLs afterwards.

    When search is done, click “stop”. To check where the URLs have been saved, you can click the little
    folder image in the right top.

    So, let’s end with it and start the last step. Open SQLi Dumper.

    On main page, click import, and find the


    URLs text document you generated before

    Do not do anything else until all your URLs


    have been loaded

    Go to “exploitables” page And click on ‘start exploiter’


    E-book by Ituriel (https://www.nulled.to/user/3117196-ituriel)

    Go to “exploitables” page Click again on ‘start analyzer’

    Here are the URLs we will be


    able to extract data from

    1, Select all the URLs

    2, Display bottom bar and


    check ‘mail’ and ‘password’ 3, click ‘start’
    E-book by Ituriel (https://www.nulled.to/user/3117196-ituriel)

    The soft searched for ‘emails’


    and ‘passwords’ into the
    website’s databases. If you
    get emails and password lists
    with the same numbers into
    [], you got combo lists. I
    selected the ones I got in
    that try.

    Come back to the previous


    window, and right click on an
    URL (with combo list, big
    brain), then select ‘go to
    dumper’
    E-book by Ituriel (https://www.nulled.to/user/3117196-ituriel)

    2, click on ‘get columns’

    1, Search for the ‘users’


    databases. It can be ‘user
    info’, ‘user data’, etc.

    And THEN, click “Dump


    Data”
    Find ‘email’ and
    ‘password’ data, check
    their boxes, and put them
    beside with those arrows
    E-book by Ituriel (https://www.nulled.to/user/3117196-ituriel)

    Click ‘export data’ to get a txt file

    Here are your accounts!

    Do not forget to edit your combo to replace space by ‘:’ between emails and passwords. I will put a
    good combo editor into the .zip file.

    You can now check your accounts. You will not get more hits than leeching method, but your
    accounts will be private!

    I hope you enjoyed this e-book. You can check my nulled profile :’)
    https://www.nulled.to/user/3117196-ituriel

    You might also like