2lifeiseasy2
Stablecoin Strategist
LEVEL 1
300 XP
Sqlmap provides wizard options for beginner and saves you much time. So start your Kali Linux and open the terminal and now the following command to use wizard interface of sqlmap.
Type 1 for normal; to select the injection difficulty. Now again type 1 for basic enumeration.
It will automatically dump the basic detail of the backend server. Here you can see from the given screenshot it is shown that web application technology is nginx, PHP 5.3.10 and the operating system is Linux Ubuntu and many more things.
Now change level for penetration testing of the web with the sqlmap wizard. Again type the same command.
Type 2 for medium; to select the injection difficulty. Now again type 2 for intermediate enumeration.
Wonderful!!! We have got a database name and all table names with columns.
Now again change level for penetration testing of the web with the sqlmap wizard. Repeat the same command.
Type 3 for hard; to select the injection difficulty. Now again type 3 for All enumeration.
Awesome within three steps we have got entire information of acurat database. You can see the result from the screenshot.
Here we have all tables with its field details and column details.
Author: Aarti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here
Code:
sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" --wizardType 1 for normal; to select the injection difficulty. Now again type 1 for basic enumeration.
It will automatically dump the basic detail of the backend server. Here you can see from the given screenshot it is shown that web application technology is nginx, PHP 5.3.10 and the operating system is Linux Ubuntu and many more things.
Now change level for penetration testing of the web with the sqlmap wizard. Again type the same command.
Code:
sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" --wizardType 2 for medium; to select the injection difficulty. Now again type 2 for intermediate enumeration.
Wonderful!!! We have got a database name and all table names with columns.
Now again change level for penetration testing of the web with the sqlmap wizard. Repeat the same command.
Code:
sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" --wizardType 3 for hard; to select the injection difficulty. Now again type 3 for All enumeration.
Awesome within three steps we have got entire information of acurat database. You can see the result from the screenshot.
Here we have all tables with its field details and column details.
Author: Aarti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here