[Beginner] How to easily dump a database with SQLMAP

[Royals 109]

Quote

Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

 

Show support for a more advanced tutorial ++ I'm not going to waste my time if people just leech. The tutorial is inside hide tags to keep the thread active.

 

 

 

[hide]

Simple compact tutorial:

 

• Execute SQLMap directory - CD C:\python27\sqlmap (depending where you placed)
  
• Execute vulnerability scanner - sqlmap.py -u
  
• Execute database scan - sqlmap.py -u --dbs
  
• Get access to database you want - sqlmap.py -u --tables -D
  
• Pull columns of the tables - sqlmap.py -u -columns -T
• Dump data of columns -  sqlmap.py -u --columns -T
• Locate file, open and there are your combos
  

 

 

Tutorial /w pictures and explanations 

 

 

Step one: Installation

 

I will not explain this in depth, you will be running a python file so please install version 2 https://www.python.org/ftp/python/2.7.9/python-2.7.9.msi

It should create a folder inside your C:\ drive called python27, this is needed for later.

 

Next download SQLMap https://github.com/sqlmapproject/sqlmap/zipball/master(RENAME IT SQLMAP!) and put this inside the python27 folder so the path is C:\Python27\sqlmap

 

Step two: Opening the python file for basic help

 

Open CMD and type CD C:\python27\sqlmap

 

 

Ok, we are now in the sqlmap directory! Type sqlmap.py -h for details about all the functions in sqlmap.

 

Step three: Scanning!

 

Ok, now it gets good, for this to work you already need to have a vulnerable website. Type:

sqlmap.py -u VULN

 

 

If it worked you will see something like this

 

 

Step four: Idk let's just carry on.

 

Next we have to identify there databases, press the UP arrow will load the last executed command and press space and then --dbs

 

 

and then dada! We have pulled the database.

 

 

Now we have to access it which is super dooper easy! Press the Up arrow and delete --dbs and type --tables -D and then the database you want.

 

 

So? What did we just do? --tables tells sqlmap we are looking for tables and -D (MUST BE CAPITAL!) tells sqlmap we want to open that database.

 

 

If it all goes to plan it should look like this.

 

Now we have to open the tables for columns!

 

Press UP arrow, delete --tables and replace it with --columns which tells the user we want to open columns then type -T (CAPITAL!) and then the table you want to open! We are going for user:pass so a_admins seems like a good start? full code:

 

 

Just like before we should see another table this been a_admins only

 

 

We see two things of interested, db_username and db_password, next tast is to pull and then dump these into a file.

 

Once again press the UP arrow and simply add -C database,database replacing them with the ones you want and then --dump at the end, this is telling sqlmap we want to access both of these columns and then dump them into a file which creates our combos!

 

 

That's it guys, a basic guide on how to dump databases super fast compared to other programs! I suggest reading up on parameters such as --threads=10 and risk / level values. But this will do for this tutorial.

 

[/hide]

[Melodys 7]

thanks so much homie

[nahar122 0]

ill check and see if this works, ill edit and like once i figure this out

---

How do we see the tutorial with pictures?

[Royals 109]

ill check and see if this works, ill edit and like once i figure this out

---

How do we see the tutorial with pictures?

 

Are both hidden contents not shown?

[juras 28]

Got clickbaited by bragging on shoutbox about HQ tutorial.  Nice one, every time i read a sqi tutorial, i learn something new, then i forget next day  :fiesta:    appreciated though

 

 

 

can you put it all into one hide ?

[nahar122 0]

They are not being shown, no :(

[Royals 109]

They are not being shown, no :(

 

We are fixing it now. Thank you for letting us know.

[juras 28]

Now it works , gj soliders <3 :fuck:

[malaxis 0]

thanks for sharing, i'm totally newbie but i heard that sqlmap is better than sqlidumper

[X_heisn 0]

Nice share!!!!!!!!!!!!!!!!!

[Player 56]

Good share. Dont really know how to use so Imma learn from your tutorial. +Like is given. Appreciate your hard work !

[Salope 10]

Soon best hacker 2k18 x)

[saladfeet 0]

sounds interesting thanks for sharing :)

[alat 0]

thanks for sharing gimme that information.

[FlashOSX 0]

Nice share bro :) will check it out

[pinktrousers 0]

Hope this is much better than SQLI, thanks alot !

[Monkey 1]

how do i actually use a database tho?

[eatos00 4]

Now it works , gj

[john444 1]

thaat seems really interesting thank you!!!

[sleepydartz 1]

Hmm, interested. Great to have a read about security vulnerability and stuff :p

[kent12 1]

Thanks very muck

[CKHypers 0]

thanks man, is very helpful for a beginner like me just getting into this type of stuff!

[tinyhf 0]

thanks for sharing with the community

[Jxsh 0]

Thank you i want to learn how to do that.

[Sarlumen 0]

Nice tut.............