ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!
Home
Upgrade
Credits
Help
Search
Awards
Achievements
 5367

[Tutorial] SQLMap (SQL-Injections)

by envasion - 04-20-2017 - 05:30 PM
#1
SQLMap (SQL-Injection)
The very basics of SQLMap and simple SQL-Injection.


Hey Community!
I will show you here a very easy and small tutorial for SQLMap.
I use this on a Windows Computer to show you.
Please dont hate me because of my english (Im German)

What do you need?
You need a Computer/Laptop
You need a Brain.


Step one:
At first you need to download Python for Windows, just click here
Make sure to download the version 2.7!
Now run the installation and when its done you can switch to Step Two


Step Two:
Now you need to download SQLMap
Extract all files to your Desktop or to another path.


Step Three:
Press the Windows-Button + R
Now type in the little box: cmd

After you did this, type in: 
1. cd ../../
2. cd C:/Users/YourName/YourPath/sqlmap/sqlmap.py

Now it should look like this:
[Image: e8a910fbba5d8d9b78730df4d61a19e1.png]

Step Four:
In this step i gonna teach you how to find vulnerable websites.
It sound funny, but you can easy use Google to find a bunch of them.
This type of searching (finding vulnerable websites) are calling "Dorks"
Just enter this in you adressline: inurl: ?id=

How can i see that a Website is Vulnerable?
Thats more than easy! Just visit a website that you found with help of Dorks
and go to the adressline. The most websites have a adress like this:

Now you go to the end after the equa, delete the number and replace with an '

If you get now a SQL-Error, than you have luck. In Step Five  im gonna show you
how to get the Database using SQLMap.

Step Five:
Go to your cmd.exe and type in the following Command:

Now press enter and wait until the "scan" is finished.
 If you get a Error than the Website is protected or the connection is to low.

If the Injection is finished, you should see some databases like:
information-schema
website-database

Now you can dump the database with following command:
sqlmap.py -u www.yourwebsite.com/index.php?uid=1-D website-database --dump

Nice! You dumped a Database, congrates!

If you want more Tutorials like this please let me know here.


READ ME:


I assume no responsibility for any damage caused by this tutorial. 
I show this only to test your own website

Please leave a like or some Credits.
If you have any questions, just reply or send me a Private Message.

Greets

envasion
Reply
#2
Thanks a lot ;)
Normal People Scare Me
:lit:
Reply
#3
I love kali linux sqlmap
Reply
#4
thank you so much
Reply

Users browsing: 5 Guest(s)