Feb 15, 2013

SQL Injection Using SqlMap

How To Hack Website Using SQLMap Sqlmap Is An Automated Pen Testing Tool. That Automates The Process Of Detecting And Exploiting SQL Injection Flaws And Taking Over Of Databases. It Comes With A Powerful Detection Engine, Many Niche Features For The Ultimate Pen Tester And A Broad Range Of Switchs Lasting From Database Fingerprinting. Over Data Fetching From The Database. This Tool Is Best For Beginners. Who Just Now Entered In Security Field. It Is Easy To Use Tool. This Tool Makes SQL Injection Easy As Compared To Manual SQL Injection.


SQLMap In BackTrack 5R3

1. Open Terminal And Type Following Command To Open SqlMap.

 cd /pentest/database/sqlmap 

Or
Go To Applications>BackTrack>Exploitation Tools>DataBase Exploitation Tools>MySQL Exploitation Tools>sqlmap

How To Hack Website Using SQLMap

SQLMap In Windows

1. Download Sqlmap From Here.
2. Extract It.
In Windows OS, You Can Use Sqlmap In Command Prompt. Same Like BackTrack. 

SQL Injection In SQLMap - Website Hacking

I Am Going To Tell, That How Can An Hacker Make Use Of Sqlmap For Hacking A Vulnerable Website. By Using This Tool Hacker Can Get Username And Password Information Too. We Are Sharing These Method's With You Just For Knowledge. HWA Is Not Responsible For Any Bad Activity Which You Do With The Knowledge Gain From HWA. Continue Reading Below If Agree. You Can Understand This Method Easily.
For Doing Following Steps. You Will Need A SQL Injection Vulnerable Website. You Can Find Vulnerable Website's Using Dorks In Google. Follow Steps Below To Continue:

1. Open Sqlmap.
2. Type Following Command.

 python sqlmap.py -u http://www.vulnerablewebsite.com --dbs 

How To Hack Website Using SQLMap

The Above Command Will Show You Database Information Of Vulnerable Website. See Following Picture.
How To Hack Website Using SQLMap
Note: In Your Case, Databases Maybe Different From Above Picture.
3. Now Choose Any Of The Database From Result. For Example: I Am Choosing dkg. Now Use Following Command.

python sqlmap.py -u http://www.vulnerablewebsite.com -D dkg --tables

How To Hack Website Using SQLMap

It Will Show You Tables, Which dkg Database Has. Like Following Picture. Watch Following Picture.

How To Hack Website Using SQLMap

4. Now You Have Got Tables Of Database. Choose Any Of The Table From The Result For Getting Information From It. Hacker's Need Username And Password To Login The Victim Site. So, In This Case. You Should Choose uvp_Users Table. It May Contain Information About The Users Of Website. It Maybe Username, Password In This Table. So, I Am Going To Dump uvp_Users Table Now. By Dumping The Table You Will Be Able To See Information Saved In Table.
Use Following Command To Dump Information From Table.

python sqlmap.py -u http://www.vulnerablewebsite.com -D dkg -T uvp_Users --dump

How To Hack Website Using SQLMap

Above Command Will Dump The Information From Choosed Table. If The Table Which You Choosed, Contains Password In It In Hash Format. Then Sqlmap Will Ask You For Dictionary Based Hash Cracking Attack. Allow It To Get Password In ABC Characters. See Following Picture.

How To Crack Password

5. Press Y And Press Enter. It Will Ask What Dictionary Do You Want To Use?. Choose Default Dictionary. Type 1 And Press Enter.

Password Cracking
6. Now It Will Ask For Common Password Suffixies (slow!). Type y And Press Enter.

Now Password Cracking Procedure Is Started. It Will Some Minutes To Crack It. After The Cracking Process Finishes. You Will Be Able To See Password In Characters Form Along With Other Information. Which Is Saved In Table. Like In uvp_Users You Can See, Username, Password, UserGroup Etc.
After Finishing The Cracking Process. You Will Be Able To See Result Like Following Picture:
How To Hack Website Using SQLMap
You Can See Username And Password In Above Picture. SQL Injection Is Done Using Sqlmap. Have Any Question? Ask In Comments.

2 comments: