Hello There, Guest! Login Register
Logo
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.


Advance usage of Sqlmap (Part -1)

  • 0 Vote(s) - 0 Average


03-07-2017, 06:28 AM #1
hexzninja Offline Junior Member **
Registered
Posts:2 Threads:2 Joined:Mar 2017 Reputation: 0
Mood: None
Namastey and Salam to all brothers .
Today I am going to explain advance usage of sqlmap .
If you don't know about sqlmap then its an open source  tool that automates the process of detecting and exploiting SQL injection flaws .  - for more visit sqlmap.org .

Let's Start ..
1 . Injecting using Get parameter . (Basic one )
sqlmap.py -u http://127.0.0.1/lol.php?lid=1
I am not going to explain this as it has been explained many times . 

2. Injecting in a site which most of time is blocking the ip .
Steps - (!) Start tor browser .
   
             (!!) Start Burp Suite . 
Set proxy in burp suite . 
   
Make sure the intercept is off else you need to forward each and every request . 

             (!!!) Now give the proxy command through sqlmap .
sqlmap.py -u http://www.yourvulnerablesite.com/home.php?lid=1 --proxy=http://127.0.0.1:8080

             (!V) Now every request will goto burp which is configured to use tor proxy and finally less chances of getting blocked . 

3. Injecting through burp post request intercept file . 

       (!) Start Burp and start the interception . 
       (!!) Intercept the post vulnerable paramter . 
Right click and select copy to a file option and give a name . 
   
Now start sqlmap with following command . 
sqlmap.py -r C:\Users\XXXXXXX\Documents\nameofsavedfile


-r is used for sqlmap using request file . 

For More wait for Part2 of this tutorial .






Forum Jump:


Users browsing this thread:2 Guest(s)