Kostrikov
Member
- Joined
- Apr 3, 2018
- Messages
- 158
Enjoy, tried making it as HQ as possible using low effort.
I hope you get what you want!
[hide]
Now. To dump databases and make combolists you will need to already know some stuff. Dorks, SQLI Dumper 8.3, V3n0m-Scanner and SQLmap.
(If v3n0m isn't working for you, Dork Searcher EZ will do just fine for this).
Now firstly you will need good HQ dorks. I already posted some stuff that made me a lot of haters for leaking but it is all to help you guys.
(If you don't wanna make dorks, you can always get onlinedorkscraper.ml)
Once you read these 2 links, you should know how to make your own SUPER HQ dorks.
Once we got dorks we will need to check them and get VULNERABLE URLs that we should be able to perform SQL Injection on them and dump their database.
To do this we will need a tool called V3n0m-Scanner. This tool (in the best form) is available on Kali Linux, but still you can get the windows version, which is not as good.
Now, here are 2 links where you can get v3n0m for LINUX (first link) and if you are too lazy to get the better version and still choose the windows version, then the second link is for you.
(kali)
If you don't know how to set up v3n0m you can always use DORK SEARCHER EZ. Very good tool if you know how to use it.
I am sure you can find a way to download it here from nulled.
After you get all the URLs, load them up in SQLI Dumper.
Best SQLI Dumper version is 8.3 (I am sure you can download it from nulled).
After you load them up start the exploiter with 50 threads. I don't recommend using site-hunter or other exploiter-hunter programs since they skip a lot.
Once you get all exploitables check for injectables with 30 threads.
After SQLI Dumper finishes getting injectables select them all and search for columns such as: email, pswd, password and user.
Once you get all of the sites containing those columns, start up SQLmap.
Same as before, it is available both on kali (recommended) and windows.
It comes installed on kali, you just type sqlmap in terminal.
For windows you will need python 2.7.14 and download sqlmap from sqlmap.org. Install python and make a folder in C:\ named sqlmap. Extract all files in that folder you got from the ZIP from sqlmap.org
Open CMD as administrator. Write cd .. 2 times and once it says C:\ write cd sqlmap. Once you do that write sqlmap.py.
After this sqlmap will boot up, click enter and now you ready.
Now if you found an URL in SQLI Dumper that you want to dump, go in the text file from v3n0m, find the URL and copy it (dont copy it from injectables in sqli dumper).
Go in sqlmap and write this: sqlmap.py -u "url" --dbs
This will perform sql injection on the url and give u the names of the databases
after that write: sqlmap.py -u "url" -D "name of the dbs that you want to dump" --tables
This will get all the tables from that database.
After you got all of them write: sqlmap.py -u "url" -D "name of dbs u wanna dump" -T "name of table you wanna dump" -C "name of the columns you want to dump" --dump --eta --threads=10
They will be dumped in minutes (extremely fast).
After it finishes it will tell you where is the dump saved.
Congratz on getting your first combolist.
[/hide]
Thanks for reading my tutorial.
I hope it helped.
I hope you get what you want!
[hide]
Now. To dump databases and make combolists you will need to already know some stuff. Dorks, SQLI Dumper 8.3, V3n0m-Scanner and SQLmap.
(If v3n0m isn't working for you, Dork Searcher EZ will do just fine for this).
Now firstly you will need good HQ dorks. I already posted some stuff that made me a lot of haters for leaking but it is all to help you guys.
(If you don't wanna make dorks, you can always get onlinedorkscraper.ml)
Once you read these 2 links, you should know how to make your own SUPER HQ dorks.
Once we got dorks we will need to check them and get VULNERABLE URLs that we should be able to perform SQL Injection on them and dump their database.
To do this we will need a tool called V3n0m-Scanner. This tool (in the best form) is available on Kali Linux, but still you can get the windows version, which is not as good.
Now, here are 2 links where you can get v3n0m for LINUX (first link) and if you are too lazy to get the better version and still choose the windows version, then the second link is for you.
If you don't know how to set up v3n0m you can always use DORK SEARCHER EZ. Very good tool if you know how to use it.
I am sure you can find a way to download it here from nulled.
After you get all the URLs, load them up in SQLI Dumper.
Best SQLI Dumper version is 8.3 (I am sure you can download it from nulled).
After you load them up start the exploiter with 50 threads. I don't recommend using site-hunter or other exploiter-hunter programs since they skip a lot.
Once you get all exploitables check for injectables with 30 threads.
After SQLI Dumper finishes getting injectables select them all and search for columns such as: email, pswd, password and user.
Once you get all of the sites containing those columns, start up SQLmap.
Same as before, it is available both on kali (recommended) and windows.
It comes installed on kali, you just type sqlmap in terminal.
For windows you will need python 2.7.14 and download sqlmap from sqlmap.org. Install python and make a folder in C:\ named sqlmap. Extract all files in that folder you got from the ZIP from sqlmap.org
Open CMD as administrator. Write cd .. 2 times and once it says C:\ write cd sqlmap. Once you do that write sqlmap.py.
After this sqlmap will boot up, click enter and now you ready.
Now if you found an URL in SQLI Dumper that you want to dump, go in the text file from v3n0m, find the URL and copy it (dont copy it from injectables in sqli dumper).
Go in sqlmap and write this: sqlmap.py -u "url" --dbs
This will perform sql injection on the url and give u the names of the databases
after that write: sqlmap.py -u "url" -D "name of the dbs that you want to dump" --tables
This will get all the tables from that database.
After you got all of them write: sqlmap.py -u "url" -D "name of dbs u wanna dump" -T "name of table you wanna dump" -C "name of the columns you want to dump" --dump --eta --threads=10
They will be dumped in minutes (extremely fast).
After it finishes it will tell you where is the dump saved.
Congratz on getting your first combolist.
[/hide]
Thanks for reading my tutorial.
I hope it helped.
epo:
