Fuego

[Tutorial] How To Use SQLi Dumper & Crack Hashed Passwords Afterwards

Recommended Posts

[hide] FORGOT TO MENTION SQLI DUMPER HAS A PRETTY DECENT PROXY CHECKER IN "TOOLS & SETTINGS" USE IT tongue.png

 

Step 1: Download SQLi Dumper CLICK HERE

 

Step 2: Find Dorks, use a dork generator, or buy some privately made ones or paid dork gen. link to free dork generator - ez dork gen - Click Here or Combo# Click Here

 

Step 3: Use the program Combo# To scrape some elite proxies If desired.

 

Step 4: Open up SQLi Dumper. Now load your dorks to SQLI dumper by copying and pasting.

 

 

 

 

Step 5: (Optional) Load your elite proxylist into SQLi by clicking the "Tools&Settings" Tab, Then "Proxy" Tab.Copy and paste your proxies or try using a VPN on your desktop to change your ip so you dont get temp ip banned when scanning dorks and stay safer also.( if using a windows VPS or RDP you dont need a proxylist or VPN unless you are temp ip banned, its usually faster without them though)

 

Step 6: On SQLi Dumpers Main page where the dorks are. Click "Start Scanner". Wait for dorks to finish scanning and collect all urls for you. note: it will go even further then 100% don't freak out. i think it stops at 150% you can always stop when you think its collected enough dorks. For enough urls to get a good Database try having at least 2000-5000.

 

Step 7: Once urls are finished being collected click "exploitables" tab then click "start exploiter" wait for it to scan through all urls and find the exploitable ones.

 

Step 8: Once you have all exploitables go to "Injectables" tab and click "Start Analizer"  wait for it to finish finding the injectables out of all the exploitables. 

 

Step 9: When done You should now see all your injectables and the countries, where they are from and more info. highlight all your injectable & at BOTTOM LEFT where it says "Search Columns\Tables Names (MySQL and MS SQL)" (enlarge it by clicking + symbol) make sure "email, password and user and admin or whatever u have typed" are all checked, then click the bottom right start (not the top right one) using 10 threads. It will scan all your injectables for ones that have user email and password files or whatever you have typed. then all you need to do is look at them and match up ones that say 100,000 user and 100,000 passwords or 100,000 emails, that means you just found a good 100k Database that contains both 100k email and user pass combos and you now want to go and Dump the data to text file (:  ( it even says which files the passwords/usernames/emails are located )

 

Step 10: right click the injectable that had the the big Database on it and click "Go To Dumper"

 

Step 11: once in dumper click get database, once database appears click on it and click get tables, once tables appear click on the "user" table (sometimes has different name like "members") and click "get columns" wait for them to appear then check on "user and password boxes or email" then click "Dump Data" button and watch them all start dumping. If no database appears retry once or twice then just move on ( sometimes they just wont dump )

 

Step 12: after the long wait and you are finished dumping the usernames or emails ( or both ) and passwords you can now extract them to you desktop as a txt file. click Export Data and name the file and place it where ever you choose.

 

 

( note: there is thread options in each section   

wink.png )

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Cracking Hashed Passwords (MD5 Hashed)

 

Step 1: To crack passwords download, hashcat Click here (choose hashcat binaries download) click on "v2.00" to download

 

 

 

 

Step 2: Extract hashcat to a folder on your desktop using 7zip. Once extracted, go into hashcat folder and create 2 new .txt files and 1 new folder file. Name one .txt file "hashes" and the other "cracked". Name the folder "wordlists".

 

Step 3: Go get some wordlists to put into your wordlist folder. type "hashcat wordlist" into google and grab all you can (: any word or password can be used in your wordlist. make it nice and big lots of gigs if possible the more the better.

 

Step 4: Once you have wordlists in your wordlist folder you created, you are ready to start and try cracking. go grab a combo you got from SQLi Dumper that was hashed and copy and paste it into the "hashes.txt" file you created.

 

Step 5: open cmd by going to your start button on your desktop and click it then type "cmd" then right click the one that says cmd & open as administrator ( I needed to for my pc, you might not need to for yours )

 

Step 6: when the cmd window is open. first thing is type CD then click space. and drag your main hashcat folder right onto the cmd window then press enter.

 

hashcat.exe -m 0 --username hashes.txt wordlist.folder

( Blue color is what gets dragged not typed )

Step 7: cmd is now inside hashcat, if you are using a 32 bit PC drag hashcat-cli32.exe into the cmd window now. if you are 64 bit drag hashcat-cli64.exe instead. press space and type -m 0 --username press space and drag your "hashes.txt" over, press space again and drag your wordlist folder over into cmd windows as well. press space then enter it will start Cracking the hashed combo you had in your hashes.txt with the wordlists you have in your wordlist folder.

 

hashcat.exe -m 0 --username --show hashes.txt --outfile-format=2 -o cracked.txt

( Blue color is what gets dragged not typed )

Step 8: once it has finished. just keep cmd window open and again drag your 32 or 64 bit exe over first. then press space and type -m 0 --username --show  press space and drag your "hashes.txt" file over press space and then type --outfile-format=2 -o press space and drag your "dehashed.txt" file over then press space and press enter. your combo should now appear in your cracked.txt file with the usernames:passwords dehashed (:

 

Step 9: If they look like a mess in the cracked.txt file, like "user:passuser:passuser:pass" then just download Notepad++ Click Here

and open notepad++ and copy and paste the cracked.txt file combos into notepad++ and they will all look all in neat order now (: then just click save as and save it as something new and it will come out as user:pass Instead so you can now run it on a combo checker.

                                                                                               user:pass

                                                                                               user:pass

 

THERE ALL DONE    all rights to original owner.[/hide]

Share this post


Link to post
Share on other sites

Have been cracking accounts with combolist but dont know how to make one. So perhaps your tutorial can help. Thanks alot , given a like :)

Share this post


Link to post
Share on other sites

Thanks alot about this tutorial

Share this post


Link to post
Share on other sites

Good guide, like always

Share this post


Link to post
Share on other sites

Good guide, like always

 

Why aren't you leaving likes then  :pepe:

Share this post


Link to post
Share on other sites

Good guide, like always

 

Why aren't you leaving likes then  :pepe:

 

Idk what you mean :kappa:

Share this post


Link to post
Share on other sites

Thanks alot, hope i can earn sthj.

Share this post


Link to post
Share on other sites

[/color][/color][/font]

 

was only cracking with combolists before man haha gracias

Share this post


Link to post
Share on other sites

i need to learn how to make combos so i stop paying for them :p

Share this post


Link to post
Share on other sites

Thanks a lot for the share

Share this post


Link to post
Share on other sites

Thanks alot about this tutorial

Share this post


Link to post
Share on other sites

Thanks my nigga! I appreciate it!

Share this post


Link to post
Share on other sites

This is exactly what I'm looking for. SQLI dumper tutorials! I hope it teaches about dorks... ugh.

Share this post


Link to post
Share on other sites

PRETTY INTERESTING INFO. THANK YOU

  • Like 1

Share this post


Link to post
Share on other sites

look forward to see this !!!

Share this post


Link to post
Share on other sites

Thank u verymuch

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.