Rip 'em Out!

SQLMap will become in handy when you already discovery vulnerability on the database. Using SQLMap, we can automated the process and simply dumping the database will get much more easier compare with manual technique. Here I already setup a vulnerable box on my VMware and SQLMap install on your machine. You can download it here .  Note: For Windows machine you'll need to install python version 2.6 or 2.7 only else it might not work. For your convenience just use Kali Linux. What we can do here is analyze every URL and search for vulnerable parameter. We got SQL Error Send the vulnerable parameter to SQLMap using argument --banner --current-user --current-db --is-dba Tips: Use - help or -hh for more information about the SQLMap argument And the parameter is injectable! Dump the password hashes with --users & --passwords arguments You can either use dictionary attack with SQLMap or password cracker tool John the ripper Using John the

There are many vulnerable box that you might already heard, e.g. Metasploitable , OWASP Webgoat , PentesterLab  and etc. This boxes help you discover and understanding how does the application works discovering vulnerability and exploiting and learning how its work? How does the exploit trigger? What? How? Why? When? I'm gonna share with you one of the website that I found during on my study and research for Web Application. Then I found  VulHub ! Here you can download many vulnerable box that you wanted. There are a lot and different types of vulnerability that might wanted to gone through with. That's it! Use whatever skills and knowledge that you already know. Make sure read the   readme or the instruction manual before proceed. Have fun and happy hacking!