After lot's of emails finally I decided to share The Mole hacking tutorial, some people ask me to it's really works ? as per my testing 'yes'. Today I exploit 3 sites only for testing and I think The Mole still favorite for hacker and if you are new to ethical hacking it's great to know.
Kindly remember I'm sharing this tutorial only for information and securing yourself. Any missue makes you in trouble so be aware.
First we should know what is The Mole ?
Mole is a programmed automatic SQL Injection exploitation tool. Just by giving a vulnerable URL and a substantial string on the site it can recognize the injection and exploit it, either by utilizing the union method or a boolean question based system. The Mole utilizes a command based interface, permitting the client to show the activity he needs to perform effectively. The CLI likewise gives auto-completion on both commands and command arguments, making the user sort as less as could be expected under the possibilities.
The Mole V3 Exploit Features:
- Support for Mysql, Postgres, SQL Server and Oracle.
- Automatic SQL injection exploitation using union technique.
- Automatic blind SQL injection exploitation.
- Exploits SQL Injections in GET/POST/Cookie parameters.
- Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
- Exploits SQL Injections that return binary data.
- Powerful command interpreter to simplify its usage.
Download The Mole From Here !
The Mole Hacking Tutorial For Automatic SQL Injection:
After download run mole.exe and start following step as below-
First you need to find vulnerable URL, there are many way to get this. If you don't know anything and it's your first step to learn hacking then you can try to find out by using simple technique.
How to find vulnerable websites ?
Search on Google for "php?id=" without quote.
Now add ' in last of URL, check below example.
Ex- URL is http://www.example.com/current_project_inner.php?id=84
Change it http://www.example.com/current_project_inner.php?id=84'
If you got SQL Error then this site vulnerable and go for next step else you should find next one.
(I'm using URL http://www.example.com/current_project_inner.php?id=84 for example)
Enter
url http://www.example.com/current_project_inner.php?id=84
Now find out any keywords aviable in website, it may anything means any word find you in this site, I'm using 'Introduction'.
Now enter
needle Introduction
Third Command is
schemas
and wait for some time.
Schemas will find automatically column and exploit it.
When you got database your next step will find out tables.
Write the tables then database name.
Run command
tables database_name
You will got the tables and now we will browse data from table,
Run command
columns database_name
I'm going to find user data from table tbl_users. After above step we run query to find out username and password from each table.
Run command
query database_name table_name col1,col2,col3(columns)
That's all, you find out user name and password successfully. For your first step of learning it's sufficient now try more to learn more. I can't share website link, database etc openly. You can add me on circle or mail me for further detail if still you are facing any problem.
Important Commands Of The Mole: Now you can download or read online all supported commands lines and detail text file from Here !
Thanks for reading this article, it's take my hard work to share give some second to me for like and share.
Thank you !
One comment: On The Mole V3 Hacking Tutorial First Step Of Web Hacking
Great job, detailed explanation with diagrams