Installing SQLMAP in Ubuntu14.04
/ 15.10, Kali linux, etc
Python
is pre-installed in Ubuntu so all you need to do is download sqlmap
from sourceforge, unpack it into a directory and start your testing.
wget from http://sqlmap.sourceforge.net/#download
You can unpack it with a GUI based tool (double click on it) or use tar and gzip together with this command.
tar zxvf sqlmap-0.9.tar.gz
cd sqlmap
python sqlmap.py
This should be your results when you run the sqlmap.py script from a working installation:
sqlmap/0.9 - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net
Usage: python sqlmap.py [options]
sqlmap.py: error: missing a mandatory parameter ('-d', '-u', '-l', '-r', '-g', '-c', '--wizard' or '--update'), -h for help
The above error shows that we have installed sqlmap.py in our system, it is unconfigured right now, but
For a simple test we will use the HTTP GET testing option against a single uri.
python sqlmap.py -u 'http://mytestsite.com/page.php?id=5'
This will run a bunch of sql injection tests against that URL with the parameter (id) being tested for SQL Injection.
SQLmap
can be used to not only test but also to exploit SQL Injection, doing
things such as extracting data from databases, updating tables and even popping shells on remote hosts if
all the ducks are in line. All these options and examples are available
on the excellent sourceforge project page. So now you have a working
installation get on over there and start testing.
So what now, Just visit to how to hack a website SQLMAP Linux Tutorial
for more hacking tutorials visit my youtube and hackerbhai.com
No comments:
Post a Comment