SQL dumps (database dumps) for #OSINT
Super short practical course.
Thread🧵🧵🧵
(12 tweets)
#sql #mysql #phpmyadmin
Super short practical course.
Thread🧵🧵🧵
(12 tweets)
#sql #mysql #phpmyadmin
(1/12)
In @GoogleHacking (exploit-db.com/google-hacking…) there are 176 dorks for searching SQL dumps, which may contain any confidential information.
Simple ex (pic 2):
ivanov ext:sql site:github.com
This query search all sql-files, which contain "ivanov" in #Github
In @GoogleHacking (exploit-db.com/google-hacking…) there are 176 dorks for searching SQL dumps, which may contain any confidential information.
Simple ex (pic 2):
ivanov ext:sql site:github.com
This query search all sql-files, which contain "ivanov" in #Github
(2/12)
Sometimes in this way it's possible find databases with information about orders, customers or employees. Inattentively, site owners forget to close them from indexing in robot.txt.
Such SQL-dumps may contain names, surnames, dates of birth, addresses, phone numbers.
Sometimes in this way it's possible find databases with information about orders, customers or employees. Inattentively, site owners forget to close them from indexing in robot.txt.
Such SQL-dumps may contain names, surnames, dates of birth, addresses, phone numbers.
(3/12)
You may also encounter SQL dumps while searching for data leaks on Telegram channels, special archives or Pastebin and its counterparts.
(you can use special services based on Google Custom Search cipher387.github.io/pastebinsearch… for searching pastebin sites)
You may also encounter SQL dumps while searching for data leaks on Telegram channels, special archives or Pastebin and its counterparts.
(you can use special services based on Google Custom Search cipher387.github.io/pastebinsearch… for searching pastebin sites)
(4/12)
To start working with the #SQL dump, download the file with the .sql extension or open a text editor, copy the dump's text and save it to a .sql file
(you can use Notepad or TextEdit, but I prefer Sublime Text (@sublimehq) because it highlights the syntax nicely).
To start working with the #SQL dump, download the file with the .sql extension or open a text editor, copy the dump's text and save it to a .sql file
(you can use Notepad or TextEdit, but I prefer Sublime Text (@sublimehq) because it highlights the syntax nicely).
(5/12)
Now you need to define the type of database. In the current example, in the comments it says right away that it is PhpMyAdmin (#MySQL).
Therefore, next I will show you how to work with the dump in the online PhpMyAdmin client
Now you need to define the type of database. In the current example, in the comments it says right away that it is PhpMyAdmin (#MySQL).
Therefore, next I will show you how to work with the dump in the online PhpMyAdmin client
(6/12)
Open demo.phpmyadmin.net/master-config/
And create database "vanilla" (we will import tables into it)
Open demo.phpmyadmin.net/master-config/
And create database "vanilla" (we will import tables into it)
(7/12)
Go to "SQL" tab
Copy dump's code to the text field
Click "Forward" (Run) button
Go to "SQL" tab
Copy dump's code to the text field
Click "Forward" (Run) button
(8/12)
Click on the database name (vanilla) on the left panel to see a list of tables in it.
Then click on the table name to view its contents.
---
(you can also view all fields of the table with a simple SQL query):
SELECT * FROM `users`
Click on the database name (vanilla) on the left panel to see a list of tables in it.
Then click on the table name to view its contents.
---
(you can also view all fields of the table with a simple SQL query):
SELECT * FROM `users`
(9/12)
Now let's try to filter the rows in the table.
For example, this query will show only those rows with age column = 20
SELECT * FROM `users` WHERE age=20;
(WHERE operator can be used with different logical operators: >=, <, <= etc)
Now let's try to filter the rows in the table.
For example, this query will show only those rows with age column = 20
SELECT * FROM `users` WHERE age=20;
(WHERE operator can be used with different logical operators: >=, <, <= etc)
(10/12)
Rows in the table can be not only filtered, but also sorted.
For example, this query will arrange the rows in ascending order of the age column value.
SELECT * FROM `users` ORDER BY age;
Rows in the table can be not only filtered, but also sorted.
For example, this query will arrange the rows in ascending order of the age column value.
SELECT * FROM `users` ORDER BY age;
(11/12)
If you want, you can not use SQL at all, and work with table data only through the graphical interface (Search and Template query tabs)
If you want, you can not use SQL at all, and work with table data only through the graphical interface (Search and Template query tabs)
(12/12)
You can immediately after downloading the data convert it to CSV using one of special online services (rebasedata.com/convert-sql-to…).
And then further work with it in #GoogleSheet or #Excel
(most database clients also have a function for exporting to XLSX/ CSV)
You can immediately after downloading the data convert it to CSV using one of special online services (rebasedata.com/convert-sql-to…).
And then further work with it in #GoogleSheet or #Excel
(most database clients also have a function for exporting to XLSX/ CSV)
@threadreaderapp unroll
• • •
Missing some Tweet in this thread? You can try to
force a refresh
