So Lets Start It:
1. Open your backtrack terminal and type cd /pentest/database/sqlmap and hit enter. Now sqlmap is open in your terminal
2. Now find the vulnerable site. (well I already have vulnerable site)
3. Now type this command in the terminal and hit enter.(refer above figure)
2. Now find the vulnerable site. (well I already have vulnerable site)
3. Now type this command in the terminal and hit enter.(refer above figure)
4. Now you will get the database name of the website
Well I got the two database aj and information_schema we will select aj database.
5. Now get the tables of that database. for that you need to enter this command into your terminal and simply hit Enter.
5. Now get the tables of that database. for that you need to enter this command into your terminal and simply hit Enter.
6. Now we need to grab the tables from the aj database. paste this command bellow command and hit enter.
7. Now you will get the tables list which is stored in aj database. 
8. Now lets grab the columns from the admin table
Now we got the columns and we got username and password
9. Now lets grab the passwords of the admin
9. Now lets grab the passwords of the admin
Now we got the username and the password of the website !
Now just admin panel of the website and use proxy/vpn when you are trying to login in the website as a admin.
4 this See down
The things you need
1. Active perl (click here to download)
2. admin finder script (click here to download )
Install the active perl and extract the archive in to “c:\perl\bin” now go to start > run and type CMD and hit enter now type “cd c:\perl\bin” and hit enter after that paste the perl script name “admin_CP_finder.pl ” and just hit enter now enter the site which you want to find admin penal and hit enter (I have hide my site) and now enter the source code of the website (my site have asp source code so I have added 2) and just hit enter. you will found the admin penal. Happy hacking.
Post a Comment