Please note, We are not responsible for what you do with this information. This is for educational purposes only.
So, starting off it would be best to view all of the available commands for sqlmap, you can do so by typing in your terminal sqlmap -h. It will list all of the available commands. Feel free to have a read through but for now you wont need most of them.
Now you will need to find a vulnerable website. I will be using one that isn’t used or updated anymore and has just been left there. Some dorks will come in handy here for finding sites, I will leave a file below with a list of them for you to use.
So just open that and select one to use, and paste it into google or bing etc. Once you have clicked on a site, put the ‘ symbol at the end of the URL to see if it is running on anything that is vulnerable to sql injection. If it comes up with nothing, hit back and choose another site, If it comes up with something like this, then it is vulnerable.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ”1”’ at line 1
Once you have found a site that is vulnerable, go back to your terminal and type sqlmap -u putTheWebsiteHere –dbs –tor –time-sec 3 –random-agent, and it will attempt to inject code into the site.
Now just let this run, if it asks you if you want to test everything and not just what the site is running on, type y so that is doesn’t waste time by testing other stuff. If it asks to do all tests for that DBMS, type y again.
Once done it should display something like this:
Also sometimes sqlmap may display false positives, if it does then just search for a different site to test.
Anyway, once done testing the site now you can type sqlmap -u website -D databasename –tables and it will come up with all the tables in that db. You can go through all of these and choose what you want to dump but for the sake of this post I will just dump everything. To dump a specific database you can do sqlmap -u WebsiteHere -D DatabaseName –dump –random-agent (I just dumped everything but I wouldn’t recommend doing this as most of it is useless stuff you can find on the site normally anyway)
Now it’s starting to dump everything from that database onto your system, once it is done it will show you where it has been dumped and you can go and view it all.
You can also find logins to the site in the databases, which is handy if you are looking to deface it. You would need an admin page finder but that’s for another post.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.