Sqlmap Is An Automated Pen Testing Tool. That Automates The Process Of
Detecting And Exploiting SQL Injection Flaws And Taking Over Of
Databases. It Comes With A Powerful Detection Engine, Many Niche
Features For The Ultimate Pen Tester And A Broad Range Of Switchs
Lasting From Database Fingerprinting. Over Data Fetching From The
Database. This Tool Is Best For Beginners. Who Just Now Entered In
Security Field. It Is Easy To Use Tool. This Tool Makes SQL Injection
Easy As Compared To Manual SQL Injection.
2. Extract It.
In Windows OS, You Can Use Sqlmap In Command Prompt. Same Like BackTrack.
For Doing Following Steps. You Will Need A SQL Injection Vulnerable Website. You Can Find Vulnerable Website's Using Dorks In Google. Follow Steps Below To Continue:
1. Open Sqlmap.
2. Type Following Command.
The Above Command Will Show You Database Information Of Vulnerable Website. See Following Picture.
Note: In Your Case, Databases Maybe Different From Above Picture.
3. Now Choose Any Of The Database From Result. For Example: I Am Choosing dkg. Now Use Following Command.
It Will Show You Tables, Which dkg Database Has. Like Following Picture. Watch Following Picture.
4. Now You Have Got Tables Of Database. Choose Any Of The Table From The Result For Getting Information From It. Hacker's Need Username And Password To Login The Victim Site. So, In This Case. You Should Choose uvp_Users Table. It May Contain Information About The Users Of Website. It Maybe Username, Password In This Table. So, I Am Going To Dump uvp_Users Table Now. By Dumping The Table You Will Be Able To See Information Saved In Table.
Use Following Command To Dump Information From Table.
Above Command Will Dump The Information From Choosed Table. If The Table Which You Choosed, Contains Password In It In Hash Format. Then Sqlmap Will Ask You For Dictionary Based Hash Cracking Attack. Allow It To Get Password In ABC Characters. See Following Picture.
5. Press Y And Press Enter. It Will Ask What Dictionary Do You Want To Use?. Choose Default Dictionary. Type 1 And Press Enter.
6. Now It Will Ask For Common Password Suffixies (slow!). Type y And Press Enter.
Now Password Cracking Procedure Is Started. It Will Some Minutes To Crack It. After The Cracking Process Finishes. You Will Be Able To See Password In Characters Form Along With Other Information. Which Is Saved In Table. Like In uvp_Users You Can See, Username, Password, UserGroup Etc.
After Finishing The Cracking Process. You Will Be Able To See Result Like Following Picture:
You Can See Username And Password In Above Picture. SQL Injection Is Done Using Sqlmap. Have Any Question? Ask In Comments.
SQLMap In BackTrack 5R3
1. Open Terminal And Type Following Command To Open SqlMap.| cd /pentest/database/sqlmap |
Or
Go To Applications>BackTrack>Exploitation Tools>DataBase Exploitation Tools>MySQL Exploitation Tools>sqlmap
SQLMap In Windows
1. Download Sqlmap From Here.2. Extract It.
In Windows OS, You Can Use Sqlmap In Command Prompt. Same Like BackTrack.
SQL Injection In SQLMap - Website Hacking
I Am Going To Tell, That How Can An Hacker Make Use Of Sqlmap For Hacking A Vulnerable Website. By Using This Tool Hacker Can Get Username And Password Information Too. We Are Sharing These Method's With You Just For Knowledge. HWA Is Not Responsible For Any Bad Activity Which You Do With The Knowledge Gain From HWA. Continue Reading Below If Agree. You Can Understand This Method Easily.For Doing Following Steps. You Will Need A SQL Injection Vulnerable Website. You Can Find Vulnerable Website's Using Dorks In Google. Follow Steps Below To Continue:
1. Open Sqlmap.
2. Type Following Command.
| python sqlmap.py -u http://www.vulnerablewebsite.com --dbs |
The Above Command Will Show You Database Information Of Vulnerable Website. See Following Picture.
3. Now Choose Any Of The Database From Result. For Example: I Am Choosing dkg. Now Use Following Command.
| python sqlmap.py -u http://www.vulnerablewebsite.com -D dkg --tables |
It Will Show You Tables, Which dkg Database Has. Like Following Picture. Watch Following Picture.
4. Now You Have Got Tables Of Database. Choose Any Of The Table From The Result For Getting Information From It. Hacker's Need Username And Password To Login The Victim Site. So, In This Case. You Should Choose uvp_Users Table. It May Contain Information About The Users Of Website. It Maybe Username, Password In This Table. So, I Am Going To Dump uvp_Users Table Now. By Dumping The Table You Will Be Able To See Information Saved In Table.
Use Following Command To Dump Information From Table.
| python sqlmap.py -u http://www.vulnerablewebsite.com -D dkg -T uvp_Users --dump |
Above Command Will Dump The Information From Choosed Table. If The Table Which You Choosed, Contains Password In It In Hash Format. Then Sqlmap Will Ask You For Dictionary Based Hash Cracking Attack. Allow It To Get Password In ABC Characters. See Following Picture.
5. Press Y And Press Enter. It Will Ask What Dictionary Do You Want To Use?. Choose Default Dictionary. Type 1 And Press Enter.
Now Password Cracking Procedure Is Started. It Will Some Minutes To Crack It. After The Cracking Process Finishes. You Will Be Able To See Password In Characters Form Along With Other Information. Which Is Saved In Table. Like In uvp_Users You Can See, Username, Password, UserGroup Etc.
After Finishing The Cracking Process. You Will Be Able To See Result Like Following Picture:
No comments:
Post a Comment
We do receive a lot of comments each day and those comments are moderated by the human being not automated robots. So, Please avoid doing spam and posting links in comments otherwise comment will not be published. We can't tolerate anymore. Thanks for understanding!