Sqlmap provides wizard options for beiggner and save your much time. So start your kali
Linux and open the terminal and now the following command to use wizard
interface of sqlmap.
sqlmap -u
"http://testphp.vulnweb.com/listproducts.php?cat=1" --wizard
Type 1 for normal; to select the injection
difficulty. Now again type 1 for basic enumeration.
It
will automatically dump the basic detail of backend server. Here you can see
from the given screenshot it shown that web application technology is nginx , PHP 5.3.10 and operating system is Linux Ubuntu and many
more things.
Now change level for penetration testing of web with
sqlmap wizard. Again type the same command.
sqlmap -u
"http://testphp.vulnweb.com/listproducts.php?cat=1" –wizard
Type 2 for medium; to select the injection
difficulty. Now again type 2 for intermidate enumeration.
Wonderful!!! We have got database name and all table names
with columns.
Now again change level for penetration testing of web
with sqlmap wizard. Repeat the same command.
sqlmap -u
"http://testphp.vulnweb.com/listproducts.php?cat=1" –wizard
Type 3 for hard; to select the injection
difficulty. Now again type 3 for All enumeration.
Awesome within three steps we have got entire information of
acurat database. You can see the result from the screenshot.
Here we have all tables with its field details and column
details.
0 comments:
Post a Comment