Royals

[Beginner] How to easily dump a database with SQLMAP

Recommended Posts

Quote

Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

 

Show support for a more advanced tutorial ++ I'm not going to waste my time if people just leech. The tutorial is inside hide tags to keep the thread active.

 

 

 

[hide]

Simple compact tutorial:

 

  • Execute SQLMap directory - CD C:\python27\sqlmap (depending where you placed)
  • Execute vulnerability scanner - sqlmap.py -u
  • Execute database scan - sqlmap.py -u --dbs
  • Get access to database you want - sqlmap.py -u --tables -D
  • Pull columns of the tables - sqlmap.py -u -columns -T
  • Dump data of columns -  sqlmap.py -u --columns -T
  • Locate file, open and there are your combos

 

 

Tutorial /w pictures and explanations 

 

 

Step one: Installation

 

I will not explain this in depth, you will be running a python file so please install version 2 https://www.python.org/ftp/python/2.7.9/python-2.7.9.msi

It should create a folder inside your C:\ drive called python27, this is needed for later.

 

Next download SQLMap https://github.com/sqlmapproject/sqlmap/zipball/master(RENAME IT SQLMAP!) and put this inside the python27 folder so the path is C:\Python27\sqlmap

 

Step two: Opening the python file for basic help

 

Open CMD and type CD C:\python27\sqlmap

 

xelG5pa.png

 

Ok, we are now in the sqlmap directory! Type sqlmap.py -h for details about all the functions in sqlmap.

 

Step three: Scanning!

 

Ok, now it gets good, for this to work you already need to have a vulnerable website. Type:

sqlmap.py -u VULN

 

tcHXrUO.png

 

If it worked you will see something like this

 

J1wXUtb.png

 

Step four: Idk let's just carry on.

 

Next we have to identify there databases, press the UP arrow will load the last executed command and press space and then --dbs

 

dn8hCGB.png

 

and then dada! We have pulled the database.

 

httKEkZ.png

 

Now we have to access it which is super dooper easy! Press the Up arrow and delete --dbs and type --tables -D and then the database you want.

 

Clrv4X0.png

 

So? What did we just do? --tables tells sqlmap we are looking for tables and -D (MUST BE CAPITAL!) tells sqlmap we want to open that database.

 

4rvch98.png

 

If it all goes to plan it should look like this.

 

Now we have to open the tables for columns!

 

Press UP arrow, delete --tables and replace it with --columns which tells the user we want to open columns then type -T (CAPITAL!) and then the table you want to open! We are going for user:pass so a_admins seems like a good start? full code:

 

Gidwd6r.png

 

Just like before we should see another table this been a_admins only

 

Vl8PnYj.png

 

We see two things of interested, db_username and db_password, next tast is to pull and then dump these into a file.

 

Once again press the UP arrow and simply add -C database,database replacing them with the ones you want and then --dump at the end, this is telling sqlmap we want to access both of these columns and then dump them into a file which creates our combos!

 

U37cEVU.png

 

That's it guys, a basic guide on how to dump databases super fast compared to other programs! I suggest reading up on parameters such as --threads=10 and risk / level values. But this will do for this tutorial.

 

[/hide]

Share this post


Link to post
Share on other sites

thanks so much homie

Share this post


Link to post
Share on other sites

ill check and see if this works, ill edit and like once i figure this out


How do we see the tutorial with pictures?

Share this post


Link to post
Share on other sites

ill check and see if this works, ill edit and like once i figure this out


How do we see the tutorial with pictures?

 

Are both hidden contents not shown?

Share this post


Link to post
Share on other sites

Got clickbaited by bragging on shoutbox about HQ tutorial.  Nice one, every time i read a sqi tutorial, i learn something new, then i forget next day  :fiesta:    appreciated though

 

 

fYpYh.png

 

can you put it all into one hide ?

Share this post


Link to post
Share on other sites

They are not being shown, no :(

Share this post


Link to post
Share on other sites

They are not being shown, no :(

 

We are fixing it now. Thank you for letting us know.

Share this post


Link to post
Share on other sites

Now it works , gj soliders <3 :fuck:

Share this post


Link to post
Share on other sites

thanks for sharing, i'm totally newbie but i heard that sqlmap is better than sqlidumper

Share this post


Link to post
Share on other sites

Nice share!!!!!!!!!!!!!!!!!

Share this post


Link to post
Share on other sites

Good share. Dont really know how to use so Imma learn from your tutorial. +Like is given. Appreciate your hard work !

Share this post


Link to post
Share on other sites

Soon best hacker 2k18 x)

Share this post


Link to post
Share on other sites

sounds interesting thanks for sharing :)

Share this post


Link to post
Share on other sites

thanks for sharing gimme that information.

Share this post


Link to post
Share on other sites

Nice share bro :) will check it out

Share this post


Link to post
Share on other sites

how do i actually use a database tho?

Share this post


Link to post
Share on other sites

thaat seems really interesting thank you!!!

Share this post


Link to post
Share on other sites

Hmm, interested. Great to have a read about security vulnerability and stuff :p

Share this post


Link to post
Share on other sites

Thanks very muck

Share this post


Link to post
Share on other sites

thanks man, is very helpful for a beginner like me just getting into this type of stuff!

Share this post


Link to post
Share on other sites

thanks for sharing with the community

Share this post


Link to post
Share on other sites

Thank you i want to learn how to do that.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.