Database Hacking, Penetration Testing

Easy way to Hack Database using Wizard switch in Sqlmap

Sqlmap provides wizard options for beginner and saves you much time. So start your Kali Linux and open the terminal and now the following command to use wizard interface of sqlmap.

sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" --wizard

Type 1 for normal; to select the injection difficulty. Now again type 1 for basic enumeration.

It will automatically dump the basic details of the backend server. For example, from the given screenshot, you can see the information displayed.

It shows that the web application technology is nginx, the PHP version is 5.3.10, and the operating system is Linux Ubuntu, along with many other details.

Then, change level for penetration testing of the web with the sqlmap wizard. Again type the same command.

sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" --wizard

Type 2 for medium; to select the injection difficulty. Now again type 2 for intermediate enumeration.

Wonderful!!!  We have got a database name and all table names with columns.

Then, again change level for penetration testing of the web with the sqlmap wizard. Repeat the same command.

sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" --wizard

 Type 3 for hard; to select the injection difficulty. Then, again type 3 for All enumeration.

Awesome! Within three steps, we have gathered the entire information of the Acurat database. You can see the result clearly from the screenshot.

Finally, we have all tables with its field details and column details.

To learn more about Database Hacking. Follow this Link.

Author: Aarti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here