SQL Exploiter Pro v2.15 Manual
SQL Exploiter Pro v2.15 Manual
Overview
SQL Exploiter Pro v2.15 is a SQL Injection tool to exploit ASP, CFM and PHP website with errors. We can
get information from those websites databases. With SQL Exploiter Pro v2.15, hacking websites is totally
automated and as easy as 1-2-3.
Please note that this tutorial just gives superficial and brief details. There are lots of other commands and
functions hidden and many tricks and techniques to use the SQL Exploiter Pro V2.15 the best way. All that
which is not covered in this tutorial is taught in the training session which starts after you purchase it.
SQL Exploiter Pro v2.15 has 5 main parts. The first part URL Extractor for Hackable Sites is for extracting
URLs of possible exploitable shopping sites. The second part is the Attacker for the Hackable Sites which
tests the extracted URLs to find out the exploitable sites errors. The third part is the Database of Successful
Hits where all the found hackable sites are saved for later use. The fourth part is the Syntax Error Hacks
which is used for sites with Syntax error. The Syntax error has a different way of getting the database
records. The fifth part MySQL and PHP Hacks deals with sites with MySQL error. See the image below:
The image below shows URL Extractor for Hackable Sites in action. The above are 4 different errors
hackable with SQL Exploiter Pro v2.15 and have different method and techniques for exploiting these errors.
Google Dork
This is the text box where you enter your google dork query. As shown in the picture, I searched for the
google dork query allinurl:"default.asp?catID="
Number of Results
This is a dropdown box where you define the number of URL links you want to get from google. As shown in
the picture, I have search for 150 number of results. You can search as many as 1000 results.
Search Dork
Put your google dork query in the Google Dork textbox and press Search Dork to get the results from google.
Save URLs
After getting the URL Links from google you can also save that list and load it later on. This way you dont
have to search google again and again because google blocks your IP if you send search queries a lot of
times.
Load URLs
Load your saved URLs list as explained above.
Minimize to Tray
You can also minimize SQL Exploiter Pro v2.15 to your system tray. Let us suppose you have got 900 URLs
from google and check all of them for SQL injection then you can start checking process and minimize the
SQL Exploiter Pro v2.15 to system tray. It will then keep working in the background and an icon will display in
the system tray. As soon as there is any hackable site found, the icon in the system tray will start moving so
that you will know that SQL Exploiter Pro v2.15 has found hackable sites. To restore SQL Exploiter Pro v2.15,
simply double click on the icon in the system tray. As shown in the picture above, the icon for SQL Exploiter
Pro v2.15 is the pendulum type clock in yellow color.
Stop Scan
Use this to stop the checking of URLs in the list. If you want to resume checking the rest of the URLs in the
list then put the cursor on the URL where you stopped scanning and press Check URL List to continue
checking URLs in the list.
Debug
Use this to debug the query and see the results in the browser window to get more information about the
hackable site.
Site Info
You can get all the crucial information about the hackable website with this function. You can get the Server
Name, System User, Database Name and SQL Version information which is important for some specific
commands.
Debug
Some times even the ((Success)) marked sites are not hackable. By using the Debug function, you can find
out as why you can hack it. Sometimes you need to add a few more parameters to hack the site.
Save Tables
Use this function to save the tables names in a text file. When click this function, it asks you to browse to the
path where you want to save the table names file.
Load Tables
Use this function to load the table names you have saved before in a text file.
^
Use this uploads arrow function to move the table names up to arrange them anyway you want.
Get Tables
Use this to get the tables of the hacked sites database. As shown in the picture above.
Save Columns
Use this function to save the column names in a text file. When click this function, it asks you to browse to
the path where you want to save the columns names file.
Load Tables
Use this function to load the column names you have saved before in a text file.
^
Use this uploads arrow function to move the column names up to arrange them anyway you want.
Get Tables
Use this to get the tables of the hacked sites database. As shown in the picture above.
Get Columns
Use this to get the columns of the selected table of the hacked Sites database. As shown in the picture
above. I got columns of Stored_CC table which has valid CVVs.
Build Query
Use this function to build the query to make any specific changes. This function is for advanced level users.
Get Data
Use this function to get the data of the selected hacked site. You can also save this data directly to a text file.
For that check the Save to File Checkbox and then click Get Data button which will then show you a save
file dialog box. You can also get the data from any specific record like if you stopped getting the data at a
record ie 400 id, then you put this 400 ID in the From text box and the data retrieval will start from that
specific point.
You can also use the order by clause and sort the results in Dsec or Asc orders. As shown in the picture
below, the selected columns data is retrieved sorted by ID column name.
Find Table
Find Table function is used to find the table name. I have put in two targets; find the Admin table or the
Orders tables. All the hackable sites discovered by URL Extractor for Hackable Sites with Syntax Error
Hacks are added to his section like the one example you see in the picture. When you try to get the table
names by Union Select query, then the error you get from that is enter in the Error Msg text box then you
click the Find Table button and it start trying all the Admin table names given in the Admin Table Combo box.
Find Columns
Once you have found the correct Admin or Order table name then you try to find the correct number of
columns. Check what error you get when you enter the wrong number of columns in your browser and then
paste that error msg in the Error Msg Text box and click Find Columns. It starts trying the number of
columns and stops when it finds the correct number of columns just like show in the picture below:
Find Admin
This function gets the column names of the table we found in the picture above and displays all the found
column names in the list Found Columns. To find column names of the table you have found, first copy and
paste the full URL with columns numbers just as it is from Action of URL and paste the link in your FireFox
(highly recommended for hacking shops with errors) browser and note the numbers displayed on the page.
Then put any single number just like in the example in the picture the 5 was one of the numbers displayed
on the page. You could use any number from the ones displayed on the page. Just see example in the
picture below:
We put number 5 in the Discovered Columns textbox and hit the Find Admin button and it starts trying all
of the possible column names in the Admin table and whenever it finds a valid column name, it adds it in the
Found Columns list. You do the same for the find orders table and columns. You just have to select the
Orders radio button to do that.
Build Query
This function creates a query that is the final step and that query is also copied to the clipboard. Just open
the FireFox browser and paste that link in there and press enter. The page opens with the column names
data as show in the picture below:
In the above example, we chose Admin_id - Admin_username - Admin_name - Admin_password and the
data in the picture below is displayed in the same order.
Debug
When the URL Extractor for Hackable Sites marks the sites with ((Success)) MySQL Error then those
Exploitable sites are added in the sections Successful Hits list. So simply select a URL in the Successful hits
list and press Debug button. It then opens your default browser window and shows you the error. Copy and
paste initial part of that error as in this case the error displayed in the picture below for the site is Unknown
column. You can also double click on the URL in the Successful Hits which will open the windows just like
you click on the debug button.
Find Columns
This function is used to find out the correct number of columns. When you click Find Columns button, it
start trying number of columns one by one. When the correct number of columns is found, then it creates the
union select query automatically in the Action of URL text box just like shown in the picture below. The
site correct number of columns were 4.
Add Manually
This function is used to manually add a site if you dont have that already in the database. Mind you that
adding manually here will not save the site URL in the database. So you had better add the site to the URL
Extractor and then retrieve it from the database.
Get Info
This function is used to get the server information to find out the Version Information, User Name, DB Name
and Server Time. Version Information is mandatory to get before you can get the tables or columns. Because
the SQL Injection commands are used based on the version information. See the picture below: The MySQL
version is 5.0.24 where we can get the tables and columns just like in the picture below:
Get Tables
This function is used to get the table names from the database. See the picture given above.
Get Columns
This function is used to get the column names from the database. See the picture given above.
Get data
This function is used to get the data from the table and columns selected. See the picture given above.