Sqlmap- Getting started

SQLMAP is a tool used to enumerate the database. It will try to find the injection points in the address and will try to exploit them. Let’s see how.

I have taken a local setup of a vulnerable application, as you can see i have given the username as test and password as qtest in the url.

1)”-u” is used to state the URL1map

2)Refer the highlighted string.2map

3)Testing the injectable parameter with diferrent SQL statements , ORDER BY , GROUP BY etc.3map

4)Now comes the turn of password , being injectable or not. Refer the highlighted string4map

5)Getting to know the SQL injection type (blind , error based etc), payload etc.5map

Uncovering the database names

6map
–dbs is used for getting the database names

7map

Finding the tables inside the information schema database (from the above discovery)

8map
–tables -D information_schema

9map

Finding the columns inside one of the tables(TABLES) discovered above

10map
–columns -D information_schema -T TABLES

11map

Getting the data inside the columns

12map
–dump

13map

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s