API tools faq
paste
CyberdarkKh

SQL Injection with SQLMap

CyberdarkKh
May 13th, 2015
775
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.11 KB | None | 0 0
raw download clone embed print report
  1. #Team Cyberdark (#Operation Freedom Internet Hacking) Cambodia
  2.  
  3. I am member Team Cyberdark
  4.  
  5.  
  6. Hello everyone today i want to show you How to SQLMap Injection Basic
  7.  
  8. (1) if you don't know about How to install SQLMap you can follow this link
  9. : https://youtu.be/_T4iUEyoFkQ
  10. You install SQLMap ready you can follow my step 2
  11.  
  12. (2) All together don't forget Protect yourself it means hide your IP real local this link will show you How to hide your ip :
  13. : https://youtu.be/PHJ0_qqIQWY
  14.  
  15. (3) Understanding about Googledork lists & SQLMap ?
  16.  
  17. What is Googledork lists ?
  18.  
  19. Googledorks lists to find bug Website vulnerability by SQL and you can tool to scanner website vulnerability by SQL i means it is a word for find bug website vulnerbility
  20. Link Googledork : http://pastebin.com/Kxy8pdLL
  21.  
  22. What is SQLMap ?
  23.  
  24. SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database server
  25.  
  26.  
  27. (4) How to Command SQLMap
  28.  
  29.  
  30. Once sqlmap is extracted, move to its directory and execute the command below to make sure everything is working fine.
  31.  
  32. Syntax to Show sqlmap help.
  33.  
  34. python sqlmap.py --help
  35.  
  36. If you do not see sqlmap help make sure you did not forget a step in the setup instructions.
  37. Test GET Parameters
  38.  
  39. You are now ready to test a vulnerable GET parameter. Run sqlmap as indicated below. Make sure you specify the URL through -u parameter (or --url) and specify the complete URL of the page you want to test, including GET parameters and a random value for each one.
  40.  
  41. General syntax
  42.  
  43. python sqlmap.py -u "http(s)://target[:port]/[...]/[page]?param=val[&...]"
  44.  
  45.  
  46.  
  47. Test GET parameter with Sqlmap
  48.  
  49. python sqlmap.py -u "http://127.0.0.1:8888/cases/productsCategory.php?category=1"
  50. Test POST Parameters Using Sqlmap
  51.  
  52. By default sqlmap tests only GET parameter but you can specify POST parameters you would like to verify. Sqlmap will then test both GET and POST parameters indicated. In order to do so, add the --data option like shown below.
  53.  
  54. General syntax
  55.  
  56. python sqlmap.py --data "param=val[&...]" -u "http(s)://target[:port]/[...]/[page]"
  57.  
  58.  
  59.  
  60. Test POST parameter with sqlmap
  61.  
  62. python sqlmap.py --data "username=xyz&password=xyz&submit=xyz" -u "http://127.0.0.1:8888/cases/login.php"
  63.  
  64. One common mistake when testing POST parameter is to forget indicating the submit parameter. If it is not specified, sqlmap will not be able to do a correct scan. You will most likely end up with a report indicating that no vulnerabilities were found in the script even if it is vulnerable. Always specify the submit parameter name and its default value.
  65. Parse Forms
  66.  
  67. Sqlmap has a built-in functionality to parse all forms in a webpage and automatically test them. Even though in some cases the scan may not be as efficient as it is when manually indicating all parameters, it is still handy in many situations. Here is the syntax:
  68.  
  69. General syntax
  70.  
  71. python sqlmap.py --forms -u "http(s)://target[:port]/[...]/[page]"
  72.  
  73.  
  74.  
  75. Parse Forms with sqlmap
  76.  
  77. python sqlmap.py --forms -u "http://synapse:8888/cases/productsCategory.php"
  78. Level of Tests
  79.  
  80. By default sqlmap will test all GET and POST parameters specified, however in some cases you might want to test additional entry points such as HTTP headers. It is possible to specify it with specific options, but the most straight forward technique is to use the --level option. There is 5 levels available in sqlmap (default being level 1). Level 2 adds HTTP Cookie header testing, level 3 adds HTTP User-Agent/Referer headers.
  81.  
  82. General synthax
  83.  
  84. python sqlmap.py -u "http(s)://target[:port]/[...]/[page]" --level 5
  85. URL Paths
  86.  
  87. There are some cases where parameters may be included inside URI paths. Sqlmap allows you to specify exactly where to try SQL injection in these cases. Let’s take an example where mod_rewrite is used and http://host/page/param-value/ points to http://host/page.php?id=param. Here is how sqlmap should be used in this case.
  88.  
  89. General synthax
  90.  
  91. Append an asterisk (*) after each segment to test.
  92.  
  93.  
  94.  
  95. Sqlmap syntax to test URI segments.
  96.  
  97. python sqlmap.py -u "http://host/page/param-value*/"
  98. Extracting Information With Sqlmap
  99.  
  100. Things get really interesting in this sqlmap tutorial when it comes to extracting information. It is a fastidious task to recover information stored in the database from a SQL injection point, especially when no result is returned directly in the vulnerable webpage. Fortunately, sqlmap allows the tester to extract precious piece of information without the hassle of manual techniques. Below is a quick overview of those options, you simply have to add the options (without parameter) in your call to sqlmap.
  101. Recover Session User using sqlmap.
  102.  
  103. --current-user
  104.  
  105.  
  106.  
  107. Detect Current Database using sqlmap.
  108.  
  109. --current-db
  110.  
  111.  
  112.  
  113. Find Out If Session User Is Database Administrator using sqlmap.
  114.  
  115. --is-dba
  116.  
  117.  
  118.  
  119. List database system users using sqlmap.
  120.  
  121. --users
  122.  
  123.  
  124.  
  125. List databases using sqlmap.
  126.  
  127. --dbs
  128. Enumerating Tables
  129.  
  130. When the session user has read access to system tables containing information about databases’ tables, sqlmap will be able to enumerate tables.
  131.  
  132. Option to enumerate tables with sqlmap.
  133.  
  134. --tables
  135.  
  136. The following options are handy with table enumeration:
  137.  
  138. -D database_name to restrict result to the specified database.
  139. --exclude-sysdbs to exclude system tables.
  140.  
  141. Enumerating Columns
  142.  
  143. Sqlmap can also enumerate columns. Here again, the session user will need to have read access to system tables containing information about databases’ tables.
  144.  
  145. Option to enumerate columns with sqlmap.
  146.  
  147. --columns
  148.  
  149. In addition to -D database_name and --exclude-sysdbs you can add option -T table_name to limit data to the specified table.
  150. Dump Table
  151.  
  152. It is even possible for the attacker to dump entire tables or database using the following options.
  153.  
  154. Option to dump database content with sqlmap.
  155.  
  156. --dump
  157.  
  158. Here again options -T table_name, -D database_name and --exclude-sysdbs can be used to limit extracted data.
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!