Professional Documents
Culture Documents
1. Introduction
SQLMAP is a tool that exploits the corruption of SQL databases. This tool is
considered to be the best SQL mining tool available today. The security and hacker
use often. For Kali users, SQLMAP is built into the operating system. For
Windows, we have to install more python and SQLMAP to use.
2. Preparation
- Computer running windows operating system. Require to disable the firewall on
the system.
- The source code management mysql - phpmyadmin
https://www.phpmyadmin.net/downloads/
- XAMPP download by following link:
https://downloadsapachefriends.global.ssl.fastly.net/xampp-files/5.6.31/xampp-
win32-5.6.31-0-VC11-installer.exe?from_af=true
- DVWA download the following link:
http://www.dvwa.co.uk/
- The browser software chrome, firefox 10.0, 7zip, Notepadd ++.
- Install python 2.7
- Download the sqlmap toolkit
3. Implementation steps
- Turn on xampp and go to 192.168.100.15/DVWA. Login with user: admin. Pass:
password. Here 192.168.100.15 is ipv4 machine running dvwa
- Login successfully choose dvwa security> Select low and submit
- Select Y as a picture
-
- Select N as a picture
- After running, we get the message as shown in the image including current
user and current database
- Type : sqlmap –u “link” --cookie=“cookie” --string=“Surname” --users –
password
- We see 2 tables. We want to see the columns available in the tables users:
Type: sqlmap -u "link" --cookie = "cookie" -D admin123 -T users -
columns
- We see columns in table users. We want to see the information columns:
Type: sqlmap -u "link" --cookie = "cookie" -D admin123 -T user -dumps
- We choose Y same image to crack sqlmap pass pass
- After running to find tha contains a table containing the info. We have user
and pass. Pass was crack in the next pass md5