Sqlmap provides wizard options for beiggner and save your much time. So start your kali Linux and open the terminal and now the following command to use wizard interface of sqlmap.
sqlmap -u “http://testphp.vulnweb.com/listproducts.php?cat=1” –wizard
Type 1 for normal; to select the injection difficulty. Now again type 1 for basic enumeration.
It will automatically dump the basic detail of backend server. Here you can see from the given screenshot it shown that web application technology is nginx , PHP 5.3.10 and operating system is Linux Ubuntu and many more things.
Now change level for penetration testing of web with sqlmap wizard. Again type the same command.
sqlmap -u “http://testphp.vulnweb.com/listproducts.php?cat=1” –wizard
Type 2 for medium; to select the injection difficulty. Now again type 2 for intermidate enumeration.
Wonderful!!! We have got database name and all table names with columns.
Now again change level for penetration testing of web with sqlmap wizard. Repeat the same command.
sqlmap -u “http://testphp.vulnweb.com/listproducts.php?cat=1” –wizard
Type 3 for hard; to select the injection difficulty. Now again type 3 for All enumeration.
Awesome within three steps we have got entire information of acurat database. You can see the result from the screenshot.
Here we have all tables with its field details and column details.
Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here
The post Easy way to Hack Database using Wizard switch in Sqlmap appeared first on Hacking Articles.