banner Expire 1 April  2021
Ad Ends 07 February 2021
Ad Ends 04 February 2021
Ad Ends 01 April 2021
Ad Ends 06 April 2021
What's new
  • Contact : [email protected] for Purchasing Advertisement
  • IF you get SCAMMED by someone please contact me for REFUND : ICQ : @carders.ws

SQLi Dumper Tutorial

Daniel

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 13, 2020
Messages
2,270
Reaction score
349
Points
182
Awards
1
  • Rich User
SQLi Dumper Tutorial { Pics Included
~ By The End Of This, You'll Be Pumping Combo Lists No Issue ~

1. Downloading and Installing SQLI Dumper

This tutorial will be using SQLI Dumper v.9.0.
Your version might be different, but it will still work the same.


2. Proxies

Proxies can be found publicly via google or forums. If you want to get more advance look for a Proxy Scraper.

3. Dorks
Here is some information about Dorks and how to make them.

https://whatis.techtarget.com/definition...dork-query
https://en.wikipedia.org/wiki/Google_hacking
Dorks can also are found on Google and Forums alike.

4. Online Scanner

Getting vulnerable URLs using SQLI Dumper and Dorks.

Paste dorks:


View: https://i.imgur.com/6PBrGDt.png


Select what sites you want to grab URLs:


View: https://i.imgur.com/BwdoOvc.png


Then click "Start Scanner":


View: https://i.imgur.com/dbfohdP.png


URLs should start showing:


View: https://i.imgur.com/d6btqDD.png


5. Exploitables
Now that you have URLs in URLs Queue.
Goto Exploitables and click "Start exploiter".

6.Injectables.
Once you have a few URLs exploited.
Goto injectables and click "Start Analyzer"

You will start to see URLs select all of them and at the bottom it says
"Search Columns\Tables Names (MySQL and MS SQL) "
Enter what you want to search like so and click start:


View: https://i.imgur.com/HBVsCo0.png


A window should appear like so:


Now depending on the search mine was Email, Pass you will see

Search: Email
Rows: Number
[Number]Database.Column

In that column, If you searched Email it will look for a table with said name.
The number is how many rows(Lines) the table in the column has.
The password should have the same amount of Rows and match Database.Column .

Click and highlight the row you want to dump. Click the "Go To Dumper" drop-down button at the top then "New Dumper Instance":



7. Dumping
Once Dumper is open tick threads check box:



Then click and highlight the column and click "Get Columns"



Now look for the Table name you searched for and tick/check-mark them accordingly.
Then move Threads slider to 50 this will speed up dumping but will use more resources:



Once it's done click "Dump Data":


Once dumping is finished click "Export Data":


Keep "Plaintext". Change "Delimiter" to "Custom :"
Then click Start and save to a location.

That's it you dumped a combo congratulations!!!!!


~ Some things can be done better in this tutorial ~

1. Getting URLs via "SQLI Dumper" is slow. You can get URLs through programs such as "Dork Searcher EZ"LINK "SQL MAP"LINK.

2. Using "SQLI Dumper" to dump rows is also slow you could speed this up using "SQL Map" LINK.

3. Learning how dorks can be private and public can make getting URLs easier. Resulting in higher quality combos.

4. You might run into some hashed passwords.
Most common way to crack hashed passwords is using "Hashcat"
Hash identify. Don't know what the hash is? Lookup using. https://hashc.co.uk/hashid
https://hashcat.net/hashcat/
https://en.wikipedia.org/wiki/Cryptograp...h_function

5. Running multiple instances.
Yes, you can dump more than one database at a time. Simply open another Dumper Instance.
The limit is your internet speed.

6. Make sure Email or Username is above password table. You can move them with the arrow buttons near "Dump Data". Failing this saving will be PASS:EMAIL and not EMAIL: PASS

7. If you get !~!1 it means the row is empty/null
 
banner Expire 1 April  2021
Top