SQLMap (SQL-Injection)
The very basics of SQLMap and simple SQL-Injection.
Hey Community!
I will show you here a very easy and small tutorial for SQLMap.
I use this on a Windows Computer to show you.
Please dont hate me because of my english (Im German)
What do you need?
You need a Computer/Laptop
You need a Brain.
Step one:
At first you need to download Python for Windows, just click here.
Make sure to download the version 2.7!
Now run the installation and when its done you can switch to Step Two
Step Two:
Now you need to download SQLMap
Extract all files to your Desktop or to another path.
Step Three:
Press the Windows-Button + R
Now type in the little box: cmd
After you did this, type in:
1. cd ../../
2. cd C:/Users/YourName/YourPath/sqlmap/sqlmap.py
Now it should look like this:
![[Image: e8a910fbba5d8d9b78730df4d61a19e1.png]](https://i.gyazo.com/e8a910fbba5d8d9b78730df4d61a19e1.png)
Step Four:
In this step i gonna teach you how to find vulnerable websites.
It sound funny, but you can easy use Google to find a bunch of them.
This type of searching (finding vulnerable websites) are calling "Dorks"
Just enter this in you adressline: inurl: ?id=
How can i see that a Website is Vulnerable?
Thats more than easy! Just visit a website that you found with help of Dorks
and go to the adressline. The most websites have a adress like this:
Now you go to the end after the equa, delete the number and replace with an '
If you get now a SQL-Error, than you have luck. In Step Five im gonna show you
how to get the Database using SQLMap.
Step Five:
Go to your cmd.exe and type in the following Command:
sqlmap.py -u www.yourwebsite.com/index.php?uid=1--dbs
Now press enter and wait until the "scan" is finished.
If you get a Error than the Website is protected or the connection is to low.
If the Injection is finished, you should see some databases like:
information-schema
website-database
Now you can dump the database with following command:
sqlmap.py -u www.yourwebsite.com/index.php?uid=1-D website-database --dump
Nice! You dumped a Database, congrates!
If you want more Tutorials like this please let me know here.
READ ME:
I assume no responsibility for any damage caused by this tutorial.
I show this only to test your own website
Please leave a like or some Credits.
If you have any questions, just reply or send me a Private Message.
Greets
envasion
