Installing SQLMap in Windows

Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

SQLMap is coded in Python programming language and runs natively in Linux operating system, for running it in Windows, first you have to download Python then Sqlmap. Steps are as follows: 

Step 1 – Download & Install Python

Python 2.7 installed on your Windows machine.
Ensure that version 2.7.5 is installed which can be downloaded from here - http://www.python.org/download/
Choose either the normal Windows installer, or the Windows x86-64 installer.
Run through the install accepting the defaults. 
If all went well, then all of the Python files should be installed to C:\Python27\

Step 2 – Download SQLMap

SQLMap downloaded on your Windows machine
The latest and greatest version is available on the SQLMap home page – click here - https://github.com/sqlmapproject/sqlmap.git or
 here http://sqlmap.org/ (and click download .zip on the left!)

Unzip the .zip and put the folder into the C:\ drive (just for ease of access).

Step 3 – Run Command Prompt as Administrator

Ensure that you right-click on the Command Prompt icon and Run As Administrator. Normally, command prompt is set with restrictions meaning certain system tools will not run, so running as administrator enables command prompt to have full access to the system.

Step 4 – Run SQLMap
With the above prerequisites completed, we can now start.
- In the command prompt window, CD into the directory where SQLMap is contained


Type in the following: python sqlmap.py -u “http://yoursite.com/users/users.php?id=3
(replace the blue with host you have!) and press Enter.

Comments

Post a Comment

Popular posts from this blog

SQL injection

SQL injection  is technique of inserting nefarious SQL statement into the input field by attacker to a web application for execution  (e.g. to dump the database contents to the attacker) .  SQL injection attacks allow attackers to spoof identity, tampering of data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrator of database server. It is considered as one the top 10 web application vulnerabilities by 2007 and 2010 by the OWASP and rated the number one attack on the OWASP top ten in 2013. The sub-classes of SQL injections are: 1. In-band or Classic SQL Injection 2. Inferentital or Blind SQL Injection 3. Outband SQL Injection (I). Classic SQL Injection:  It is most common and easy to exploit Injection attacks. This occur when an attacker is able to use the same communication channel to both launch the attack and gather result. There are two types of classic SQL injection technique
Read more