Monday, January 23, 2017
How To Use SQLi Dumper v8 Crack Hashed Passwords Afterwards
How To Use SQLi Dumper v8 Crack Hashed Passwords Afterwards
( recommend using SQLi dumper on a rdp or vps or using a proxylist )
Step 1: Download SQLi Dumper
Step 2: Find Dorks, use a dork generator, or buy some privately made ones or paid dork gen. link to free dork generator
Step 3: Use the program I just told you about to also scrape some elite proxies.
Step 4: Open up SQLi Dumper. Now load your dorks to SQLI dumper by copying and pasting right here like this.
Step 5: Load your elite proxylist into SQLi by clicking the "Tools&Settings" Tab, Then "Proxy" Tab.Copy and paste your proxies.
Step 6: On SQLi Dumpers Main page where the dorks are. Click "Start Scanner". Wait for dorks to finish scanning and collect all urls for you. note: it will go even further then 100% dont freak out. i think it stops at 150% you can always stop when you think its collected enough dorks. For enough urls to get a good Database try having at least 2000-5000.
Step 7: Once urls are finished being collected click "exploitables" tab then click "start exploiter" wait for it to scan through all urls and find the exploitable ones.
Step 8: Once you have all exploitables go to "Injectables" tab and click "Start Analizer" wait for it to finish finding the injectables out of all the exploitables.
Step 9: When done You should now see all your injectables and the countries, where they are from and more info. highlight all your injectable & at bottom left where it says "Search ColumnsTables Names (MySQL and MS SQL) -enlarge it by clicking + symbol. make sure "email, password and user" boxs are checked, then click start. It will scan all your injectables for ones that have user email and password files. then all you need to do is look at them and match up ones that say 800,000 user and 800,000 passwords, that means you just found a good 800k Combo Database and you now want to go and Dump the data to text file (: ( it even says which files the passwords/usernames/emails are located )
Step 10: right click the injectable that had the the big Database on it and click "Go To Dumper"
Step 11: once in dumper click get database, once database appears click on it and click get tables, once tables appear click on the "user" table (sometimes has different name like "members") and click "get columns" wait for them to appear then check on "user and password boxes or email" then click "Dump Data" button and watch them all start dumping. If no database appears retry once or twice then just move on ( sometimes they just wont dump )
Step 12: after the long wait and you are finished dumping the usernames or emails ( or both ) and passwords you can now extract them to you desktop as a txt file. click Export Data and name the file and place it where ever you choose.
Example should look like this when exporting:
( note: there is thread options in each section ;) )
Cracking Hashed Passwords (MD5 Hashed)
Step 1: To crack passwords download, hashcat Click Here (choose hashcat binaries download) click on "v2.00" to download
EXAMPLE:
Step 2: Extract hashcat to a folder on your desktop using 7zip. Once extracted, go into hashcat folder and create 2 new .txt files and 1 new folder file. Name one .txt file "hashes" and the other "cracked". Name the folder "wordlists".
Step 3: Go get some wordlists to put into your wordlist folder. type "hashcat wordlist" into google and grab all you can (: any word or password can be used in your wordlist. make it nice and big lots of gigs if possible the more the better.
Step 4: Once you have wordlists in your wordlist folder you created, you are ready to start and try cracking. go grab a combo you got from SQLi Dumper that was hashed and copy and paste it into the "hashes.txt" file you created.
Step 5: open cmd by going to your start button on your desktop and click it then type "cmd" then right click the one that says cmd & open as administrator ( I needed to for my pc, you might not need to for yours )
Step 6: when the cmd window is open. first thing is type CD then click space. and drag your main hashcat folder right onto the cmd window then press enter.
hashcat.exe -m 0 --username hashes.txt wordlist.folder
( Blue color is what gets dragged not typed )
Step 7: cmd is now inside hashcat, if you are using a 32 bit PC drag hashcat-cli32.exe into the cmd window now. if you are 64 bit drag hashcat-cli64.exe instead. press space and type -m 0 --username press space and drag your "hashes.txt" over, press space again and drag your wordlist folder over into cmd windows as well. press space then enter it will start Cracking the hashed combo you had in your hashes.txt with the wordlists you have in your wordlist folder.
hashcat.exe -m 0 --username --show hashes.txt --outfile-format=2 -o cracked.txt
( Blue color is what gets dragged not typed )
Step 8: once it has finished. just keep cmd window open and again drag your 32 or 64 bit exe over first. then press space and type -m 0 --username --show press space and drag your "hashes.txt" file over press space and then type --outfile-format=2 -o press space and drag your "dehashed.txt" file over then press space and press enter. your combo should now appear in your cracked.txt file with the usernames:passwords dehashed (:
Step 9: If they look like a mess in the cracked.txt file, like "user:passuser:passuser:pass" then just download Notepad++ Click Here
and open notepad++ and copy and paste the cracked.txt file combos into notepad++ and they will all look all in neat order now (: then just click save as and save it as something new and it will come out as user:pass Instead so you can now run it on a combo checker.
user:pass
user:pass
Files
SQLi Dumper v8
dork_maker_3xploi7.rar | Pass : 3xploi7
Hash Cat
Available link for download