Learning to use sqlmap GUI or CMD line?

General technological topics without their own forum go here

Learning to use sqlmap GUI or CMD line?

Post by ghostheadx2 on Mon Feb 23, 2015 12:45 am
([msg=86885]see Learning to use sqlmap GUI or CMD line?[/msg])

First of all, I actually got a gui for SQLmap:

Image

Right click on the image and open the link on a new tab if it isn't big enough.

I actually got that. Should I use the cmd line to learn to use it or the GUI?

If I learn to use the GUI... I realize there are no SQLmap tutorials that involve the C# written GUI, although the program still pretty much runs on python. I don't get how the GUI can be C# and the rest in python, or why one would do that but...

I want to know if someone could give me a link looking for how to use the GUI. I've tried and just found cmd line tutorials. If someone could also guide me instead by tellling me that I should learn to use the cmd line of SQLmap 1st and that its better, I'll do that too.

Also, is it not allowed for use on hackthissite? Would you not recommend I do the missions this way? If I should do them the normal way, that's fine. If that's the case, should I not learn to use this yet and wait until later?

If you think I could learn to use this, what do you recommend and if you recommend the GUI, then again, I really want a link to GUI tutorial of SQL map. If cmd line is better than I'll just go back and find tutorials of that because I've done that already and its way easier than finding ones of the GUI.

Also, why would they provide installation of the GUI instructions on youtube and not have anything online of how to use the GUI? That seems very weird.

Thx.

Best,

ghostheadx2
ghostheadx2
Contributor
Contributor
 
Posts: 728
Joined: Wed Nov 19, 2014 1:19 am
Blog: View Blog (0)


Re: Learning to use sqlmap GUI or CMD line?

Post by ghost107 on Mon Feb 23, 2015 2:32 am
([msg=86887]see Re: Learning to use sqlmap GUI or CMD line?[/msg])

SQLGap GUI is in C#, but the cli is in python.
http://www.ehacking.net/2012/06/sqlmap- ... -tool.html

SQLMap GUI is a wrapper to send input to the SQLMap cli with what fields you selected. The python scripts are other python scripts that automates the SQLMap process, like creating the a report , this can be done with C# too.
User avatar
ghost107
Poster
Poster
 
Posts: 321
Joined: Wed Jul 02, 2008 7:57 am
Blog: View Blog (0)


Re: Learning to use sqlmap GUI or CMD line?

Post by tripbeam on Mon Feb 23, 2015 11:43 am
([msg=86891]see Re: Learning to use sqlmap GUI or CMD line?[/msg])

Depends on what you want, but i would say learn through the terminal first then GUI if you wanted
tripbeam
Poster
Poster
 
Posts: 166
Joined: Tue Jul 01, 2014 8:52 pm
Blog: View Blog (0)


Re: Learning to use sqlmap GUI or CMD line?

Post by cyberdrain on Mon Feb 23, 2015 4:40 pm
([msg=86896]see Re: Learning to use sqlmap GUI or CMD line?[/msg])

ghostheadx2 wrote:Also, is it not allowed for use on hackthissite? Would you not recommend I do the missions this way? If I should do them the normal way, that's fine. If that's the case, should I not learn to use this yet and wait until later?

As far as I know it's allowed, as long as you don't bruteforce the site. I would not recommend to do the missions this way, for one because SQLi is very rarely used in the missions and for another because you'll learn more by manually exploiting them. If you don't want to be a skiddie, learn how the tools work before using them, to the point where you could've written it yourself. If you can learn how to do SQLi by using the tools, then by all means, use them :)
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Learning to use sqlmap GUI or CMD line?

Post by ghostheadx2 on Sun Mar 08, 2015 1:24 am
([msg=87065]see Re: Learning to use sqlmap GUI or CMD line?[/msg])

Where to legally practice SQLi?
ghostheadx2
Contributor
Contributor
 
Posts: 728
Joined: Wed Nov 19, 2014 1:19 am
Blog: View Blog (0)


Re: Learning to use sqlmap GUI or CMD line?

Post by cyberdrain on Sun Mar 08, 2015 7:25 am
([msg=87069]see Re: Learning to use sqlmap GUI or CMD line?[/msg])

I think Damn Vulnerable Web App includes it.
Edit: never mind, you double posted again...
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Learning to use sqlmap GUI or CMD line?

Post by Wololo on Tue Mar 10, 2015 5:00 am
([msg=87113]see Re: Learning to use sqlmap GUI or CMD line?[/msg])

SQLmap is one of the easiest tools to use...there is not much to learn about it besides how to use some commandline switches.

If you got burp suite pro you also have a sqlmap extension which i highly recommend.
I wrote a small tutorial a while ago: http://thomas-vanhoutte.blogspot.be/201 ... qlmap.html
Just ignore the first part of the write-up.

Do keep in mind that sqlmap generates alot of traffic, i once took down a website that i was testing for a client by letting sqlmap run overnight, dont make that same mistake haha.

If you really got nasty intentions, it is very easy to hack multiple websites a day using the google dork scanner, don't do like many tutorials recommend by searching for dorks manually and adding ' to the end of a parameter, this wont work for the majority of sqli vulnerabilities out there.

You can run sqlmap -g "site:hackthissite.org inurl".php?"" --random-agent --batch --dbs or something to just use google results with php parameters. Anyway, pentesting without permission is illegal and if they sue you for this you can forgot about a career in security, just my advice.
Wololo
New User
New User
 
Posts: 24
Joined: Tue Mar 10, 2015 4:51 am
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests