The ability to hack something doesn’t depend on how powerful your devices are, it depends on how powerful your skills are.
How would you find a SQL vulnerable site?
Search for the latest google dorks for SQL vulnerable sites and pick one and search the dork on the Google search bar(in the Google Homepage). For example, we took a dork that is ‘news.php?id=‘. Now select a site from the search result.
Let’s consider the site is http://example.com/news.php?id=58. Now add a Boolean value at the end of the URL like this- http://example.com/news.php?id=58′ and search for it. If the loaded webpage comes with a SQL error warning, Boom! the site is vulnerable to SQL injection.
Now open up the DroidSQLi app and put the URL of the target site and click on the ‘Inject‘ at the top right corner. It will start every possible SQL injection method such as Time Based Injection, Error Based Injection, Evasion method, Blind injection and also normal Injection.
If the site is vulnerable, you will get the Database Information and Database list of the website. After that, you can access and manipulate the gathered database.
But DDOS can be more effective if we perform it from multiple devices in one time. It depends on you.
The app comes with a very simple interface. You just need to set the URL of the target website, size of payloads and the time between the posts.
The tool shows a popup at the startup which warns you that the app is illegal and you must take permission from the owner of the target site.
Be safe! and take written permission before you do the test.
In the three dots at the top left corner, You will find the options to search for exploits via exploit DB and Bruteforce WP Admin login panel.
4. Admin Panel Finder
For example, you know the site owner and that is why you know how vulnerable the site is or how weak the login details. If you get the login to the Admin you don’t need to find other options to hack the site but where is the login panel?
In this situation, we can use these types of tools. Thanks to the creator of the app for making these things possible for Android.
Now open up the app and put the URL of the target website. The app will scan the website for all the possible queries and if the queries match it will show the admin page.
Nmap may be one of the best highly used tools used by hackers and pen-testers. It has a great role in the field of Ethical Hacking. If we don’t talk about this application, the list will be incomplete.
NDroidMap is the Nmap version for Android and it is available on Google play store. Open up the application and put the URL of the target website and hit Run. It will scan for all the ports available on the website.
What do you think? tell us in the comment box.