+- Best Black Hat Forum (https://bestblackhatforum.eu)
+-- Forum: BestBlackHatForum Special VIP Section (https://bestblackhatforum.eu/forumdisplay.php?fid=1)
+--- Forum: Vip Hacking Students (https://bestblackhatforum.eu/forumdisplay.php?fid=49)
+--- Thread: SQLMAP tutorial and how to use (/showthread.php?tid=259395)
SQLMAP tutorial and how to use - TheBoss - 09-13-2019
hello everyone im here writing this tutorial today and gonna share on how to do SQL attack using sqlmap anyways i dont wanna waste more time here it is
today we will tell you about sql injection and how to do attack using sqlmap
sql injection is a code injection that can destory your web database mainly by destroy people use as to steal content from database like user:pass email:pass and sometimes payment info like credit cards and more it is very commonly used between hackers SQL injection usually occurs when you ask a user for input, like their username/userid, and instead of a name/id, the user gives you an SQL statement that you will unknowingly run on your database. SQL injection is the placement of malicious code in SQL statements, via web page input
Now you may wonder well this sounds cool this is nice I wanna do this attack I wanna start this well first we will use linux for this mainly kali linux because it has sqlmap built in and its much better then other linux os back to sqlmap what is it? sqlmap is an opensource pentesting tool and it automates the proccess of detecting and exploiting SQL injection flaws and overtaking databases like stealing its content and info inside if you are not using kali linux we will post the git link so you can clone
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev.
to start with sqlmap lets type in terminal sqlmap -h to open up the help page I reccomend if u go through the different commands and what each does there is also a video on youtube that may help you start with sqlmap https://www.youtube.com/watch?v=y4nMgoY5fpY
sqlmap is really useful for beginners especially and advanced user it makes things very easy and has many features I will list commands that you can use to break into the database and overtake it
sqlmap -u (URL) --dbs
sqlmap -u (URL) -D (database) --tables
sqlmap -u (URL) -D (database) -T (table) --columns
sqlmap -u (URL) -D (database) -T (table) --dump
(change (URL) + (database) + (table))
these commands are very easy to explain so for the first you will write sqlmap -u it means sqlmap here is the url then when u write --dbs means you want database fetch next lets say you received the fetch you write sqlmap -u again and same url -D and list the database you received for ex -D payment-info then --tables to fetch tables next once we have tables we will write but instead of --tables we will write -T and the table you received for example pay-info and now for the columns write --columns to get the info inside once we receive this is the very last step we will rewrite but instead of --columns we will write --dump to dump out all the info and we will be done it will dump to ur file root/home or root/desktop
wherever you select for the part that it says change on our commands list I mean change from the commands anything with (url) to the url you are hacking and (database) for the database name next (table) for the table name you recieved over all I hope you learned about sql injection and sqlmap plus how to run and do attacks