Thursday, September 15, 2011

HOWTO : Offical SQLMap video demonstration 1

*** Do NOT attack any computer or network without authorization or you may put into jail. ***

Credit to : Bernardo

This is Bernardo's work but not mine. I re-post here for educational purpose only. It is because I enjoy his videos very much and I am afraid of losing them.

Original link is here.



Demonstration of sqlmap database fingerprint and enumeration features: sqlmap is launched against a PHP test page hosted on a Debian GNU/Linux 5.0 server with back-end database management system being MySQL 5.1.

The tool is instructed to identify possible SQL injections and exploit them by extensively fingerprinting the back-end database management system, then enumerate the banner, the session user, the current database, the database's users, users' password hashes and available databases.

The technique used to dump this data from the back-end database software is the default, boolean-based blind SQL injection.

Command

python sqlmap.py -u http://172.16.213.131/sqlmap/mysql/get_init.php?id=1 -f -b --current-user --current-db --users --passwords --dbs -v 0

That's all! See you.