SQLi Dumper Tutorial
~ By The End Of This, You’ll Be Pumping Combo Lists No Issue ~
1. Downloading and Installing SQLI Dumper
This tutorial will be using SQLI Dumper v.9.0.
Your version might be different, but it will still work the same.
Proxies can be found publicly via google or forums. If you want to get more advance look for a Proxy Scraper.
Here is some information about Dorks and how to make them.
Dorks can also are found on Google and Forums alike.
4. Online Scanner
Getting vulnerable URLs using SQLI Dumper and Dorks.
Select what sites you want to grab URLs:
Then click “Start Scanner”:
URLs should start showing:
Now that you have URLs in URLs Queue.
Goto Exploitables and click “Start exploiter”.
Once you have a few URLs exploited.
Goto injectables and click “Start Analyzer”
You will start to see URLs select all of them and at the bottom it says
“Search Columns\Tables Names (MySQL and MS SQL) ”
Enter what you want to search like so and click start:
A window should appear like so:
Now depending on the search mine was Email, Pass you will see
In that column, If you searched Email it will look for a table with said name.
The number is how many rows(Lines) the table in the column has.
The password should have the same amount of Rows and match Database.Column .
Click and highlight the row you want to dump. Click the “Go To Dumper” drop-down button at the top then “New Dumper Instance”:
Once Dumper is open tick threads check box:
Then click and highlight the column and click “Get Columns”
Now look for the Table name you searched for and tick/check-mark them accordingly.
Then move Threads slider to 50 this will speed up dumping but will use more resources:
Once it’s done click “Dump Data”:
Once dumping is finished click “Export Data”:
Keep “Plaintext”. Change “Delimiter” to “Custom :”
Then click Start and save to a location.
That’s it you dumped a combo congratulations!!!!!
~ Some things can be done better in this tutorial ~
1. Getting URLs via “SQLI Dumper” is slow. You can get URLs through programs such as “Dork Searcher EZ”LINK “SQL MAP”LINK.
2. Using “SQLI Dumper” to dump rows is also slow you could speed this up using “SQL Map” LINK.
3. Learning how dorks can be private and public can make getting URLs easier. Resulting in higher quality combos.
4. You might run into some hashed passwords.
Most common way to crack hashed passwords is using “Hashcat”
Hash identify. Don’t know what the hash is? Lookup using. https://hashc.co.uk/hashid
5. Running multiple instances.
Yes, you can dump more than one database at a time. Simply open another Dumper Instance.
The limit is your internet speed.
6. Make sure Email or Username is above password table. You can move them with the arrow buttons near “Dump Data”. Failing this saving will be PASS:EMAIL and not EMAIL: PASS
7. If you get !~!1 it means the row is empty/null