LootyMcLootface
Web Vulnerability Researcher
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
300 XP
Hope you guys will enjoy it
Tutorial:
How to do manual SQL injection? why will we do manual injection instead of automated injection?
Ans: Because it is 20x faster then automated injection.
So here i'm going to write a tutorial on using SQL map for SQL injection.
So first of all you must have downloaded these things in your pc/rdp
1. Python: download it from https://www.python.org/
2. SQLmap: download it from http://sqlmap.org/
Now you need to put your urls in SQLi Dumper and then scan them for exploitable first then for injectable.
Now after you got injectable ones scan them for your target [eg: Mail pass or user pass]
when you got database info you need to collect these infos.
- original url [which you got after scanning]
- database location [you will get this after scanning userpass or emailpass it will be something like database location.table name]
- table name
- column name [Email:Pass or User: Pass as in table]
After you get all these you have to open SQLmap folder then click on folder location and use backspace to clean location and type CMD and press enter
it will open SQLmap in Administrative Command Prompt
now give this as command:
python sqlmap.py -u "url" -D "database location" -T "table name" -C "column name" --dump --eta --threads="thread between 1 to 10 according to website response"
then it will ask you didn't gave any cookies so SQLmap want to give his own, so put Y there
then it will do some tests for url then it may ask that you want basic union test or go to high so choose basic as high will crash even after getting that as injectable.
and then after it finds one SQL server it may ask for test of other servers so deny it.
this is all and there may be some things so answer them using your common sense.
after all of his scanning is done that will start dumping database.
ENJOY !!
Tutorial:
How to do manual SQL injection? why will we do manual injection instead of automated injection?
Ans: Because it is 20x faster then automated injection.
So here i'm going to write a tutorial on using SQL map for SQL injection.
So first of all you must have downloaded these things in your pc/rdp
1. Python: download it from https://www.python.org/
2. SQLmap: download it from http://sqlmap.org/
Now you need to put your urls in SQLi Dumper and then scan them for exploitable first then for injectable.
Now after you got injectable ones scan them for your target [eg: Mail pass or user pass]
when you got database info you need to collect these infos.
- original url [which you got after scanning]
- database location [you will get this after scanning userpass or emailpass it will be something like database location.table name]
- table name
- column name [Email:Pass or User: Pass as in table]
After you get all these you have to open SQLmap folder then click on folder location and use backspace to clean location and type CMD and press enter
it will open SQLmap in Administrative Command Prompt
now give this as command:
python sqlmap.py -u "url" -D "database location" -T "table name" -C "column name" --dump --eta --threads="thread between 1 to 10 according to website response"
then it will ask you didn't gave any cookies so SQLmap want to give his own, so put Y there
then it will do some tests for url then it may ask that you want basic union test or go to high so choose basic as high will crash even after getting that as injectable.
and then after it finds one SQL server it may ask for test of other servers so deny it.
this is all and there may be some things so answer them using your common sense.
after all of his scanning is done that will start dumping database.
ENJOY !!