Date: 21 Feb 2025
Imp links :
- manual (will study later)
- sql (will study today)
- After opening kali: refere this
sudo apt-get install sqlmapsqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs
๐น Command 1:
sudo apt-get install sqlmap
โ What it does:
sudo: Runs the command with superuser privileges, because installing software requires admin rights.apt-get: The package manager for Debian-based Linux distributions (like Ubuntu).install sqlmap: Tellsapt-getto download and installsqlmap.
๐ง What is sqlmap?
- It's a powerful open-source penetration testing tool used to automate the process of detecting and exploiting SQL injection vulnerabilities in web applications.
- Super helpful for security testing or ethical hacking.
๐น Command 2:
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs
โ What it does:
sqlmap: Runs thesqlmaptool.-u: Specifies the target URL with a GET parameter (cat=1) that might be vulnerable to SQL injection.http://testphp.vulnweb.com/listproducts.php?cat=1: This is the target website. Thecatparameter is whatsqlmapwill test for injection.--dbs: Tellssqlmapto enumerate the available databases if it finds an SQL injection vulnerability.
๐งช What happens:
- sqlmap sends specially crafted queries to the URL to see if it can manipulate the SQL behind the
cat=1parameter. - If successful, it will return a list of database names found on the target server.
Warning
- The site
http://testphp.vulnweb.com/is a legally safe target hosted by Acunetix for testing and learning. - Never run sqlmap or any hacking tool on websites you donโt own or donโt have permission to test.