Well, if you are looking to do it yourself and not spend money buying someone else's credential/combo lists, you should be SQL injecting or otherwise pwning websites and companies yourself. You can find easy targets, for example, just by searching google for exposed Laravel configuration files /.env files which nearly always contain the database credentials for the website. In fact, this is how I took over
several months ago. They left their Laravel configuration file exposed, and their database credentials were (unfortunately for them) also the same as their cPanel credentials, allowing me to get into cPanel, add ssh credentials to their webserver, and then delete the cPanel, and take their site hostage for ransom.
Contact me or join us on discord for more detailed help, and mass SQLi methods. My primary method of SQL injection takes about a day to gather between 20 to 300+ injectable sites and enumerate all their databases, all without spending a penny to do so.