Royals 109 Quote Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. Show support for a more advanced tutorial ++ I'm not going to waste my time if people just leech. The tutorial is inside hide tags to keep the thread active. [hide] Simple compact tutorial: Execute SQLMap directory - CD C:\python27\sqlmap (depending where you placed) Execute vulnerability scanner - sqlmap.py -u Execute database scan - sqlmap.py -u --dbs Get access to database you want - sqlmap.py -u --tables -D Pull columns of the tables - sqlmap.py -u -columns -T Dump data of columns - sqlmap.py -u --columns -T Locate file, open and there are your combos Tutorial /w pictures and explanations Step one: Installation I will not explain this in depth, you will be running a python file so please install version 2 https://www.python.org/ftp/python/2.7.9/python-2.7.9.msi It should create a folder inside your C:\ drive called python27, this is needed for later. Next download SQLMap https://github.com/sqlmapproject/sqlmap/zipball/master(RENAME IT SQLMAP!) and put this inside the python27 folder so the path is C:\Python27\sqlmap Step two: Opening the python file for basic help Open CMD and type CD C:\python27\sqlmap Ok, we are now in the sqlmap directory! Type sqlmap.py -h for details about all the functions in sqlmap. Step three: Scanning! Ok, now it gets good, for this to work you already need to have a vulnerable website. Type: sqlmap.py -u VULN If it worked you will see something like this Step four: Idk let's just carry on. Next we have to identify there databases, press the UP arrow will load the last executed command and press space and then --dbs and then dada! We have pulled the database. Now we have to access it which is super dooper easy! Press the Up arrow and delete --dbs and type --tables -D and then the database you want. So? What did we just do? --tables tells sqlmap we are looking for tables and -D (MUST BE CAPITAL!) tells sqlmap we want to open that database. If it all goes to plan it should look like this. Now we have to open the tables for columns! Press UP arrow, delete --tables and replace it with --columns which tells the user we want to open columns then type -T (CAPITAL!) and then the table you want to open! We are going for user:pass so a_admins seems like a good start? full code: Just like before we should see another table this been a_admins only We see two things of interested, db_username and db_password, next tast is to pull and then dump these into a file. Once again press the UP arrow and simply add -C database,database replacing them with the ones you want and then --dump at the end, this is telling sqlmap we want to access both of these columns and then dump them into a file which creates our combos! That's it guys, a basic guide on how to dump databases super fast compared to other programs! I suggest reading up on parameters such as --threads=10 and risk / level values. But this will do for this tutorial. [/hide] Quote Share this post Link to post Share on other sites
nahar122 0 ill check and see if this works, ill edit and like once i figure this out How do we see the tutorial with pictures? Quote Share this post Link to post Share on other sites
Royals 109 ill check and see if this works, ill edit and like once i figure this out How do we see the tutorial with pictures? Are both hidden contents not shown? Quote Share this post Link to post Share on other sites
juras 28 Got clickbaited by bragging on shoutbox about HQ tutorial. Nice one, every time i read a sqi tutorial, i learn something new, then i forget next day :fiesta: appreciated though can you put it all into one hide ? Quote Share this post Link to post Share on other sites
Royals 109 They are not being shown, no :( We are fixing it now. Thank you for letting us know. Quote Share this post Link to post Share on other sites
juras 28 Now it works , gj soliders <3 :fuck: Quote Share this post Link to post Share on other sites
malaxis 0 thanks for sharing, i'm totally newbie but i heard that sqlmap is better than sqlidumper Quote Share this post Link to post Share on other sites
Player 56 Good share. Dont really know how to use so Imma learn from your tutorial. +Like is given. Appreciate your hard work ! Quote Share this post Link to post Share on other sites
saladfeet 0 sounds interesting thanks for sharing :) Quote Share this post Link to post Share on other sites
alat 0 thanks for sharing gimme that information. Quote Share this post Link to post Share on other sites
FlashOSX 0 Nice share bro :) will check it out Quote Share this post Link to post Share on other sites
pinktrousers 0 Hope this is much better than SQLI, thanks alot ! Quote Share this post Link to post Share on other sites
Monkey 1 how do i actually use a database tho? Quote Share this post Link to post Share on other sites
john444 1 thaat seems really interesting thank you!!! Quote Share this post Link to post Share on other sites
sleepydartz 1 Hmm, interested. Great to have a read about security vulnerability and stuff :p Quote Share this post Link to post Share on other sites
CKHypers 0 thanks man, is very helpful for a beginner like me just getting into this type of stuff! Quote Share this post Link to post Share on other sites
tinyhf 0 thanks for sharing with the community Quote Share this post Link to post Share on other sites
Jxsh 0 Thank you i want to learn how to do that. Quote Share this post Link to post Share on other sites
