[cybershadow404]

Hello,
I would like to know if someone can tell us how to download a database since we have been able to access one through a SQL injection vulnerability. We are a bit novice in this downloading databases but we have knowledge of hacking.

[Eham]

I think downloading the database depends on the tool you are using to crack the database. Also how did you crack it and what tool did you use?

[rootxyz]

After finding a sql injection vulnerability in any web application, just need to use sqlmap tool to exploit that vulnerability and dump all databases to files

[eskaliboor]

You need to give more detail about the SQL injection type. If it's a blind SQL injection then yes SQLMap is the best way to go. But this can be a very slow process especially if you are looking to extract the full db.
I'd recommend trying to retrieve the employee/admin/user table first and try to brute force (dict) some passwords to see if you can gain an admin access to make you dump directly inside the app... would save time.

Provide more detail about the injection and we will see if we can help.
Any idea of the size of the db ?

[Bin2code]

If you use Sqlmap => ~/.sqlmap/output

[cybershadow404]

I think downloading the database depends on the tool you are using to crack the database. Also how did you crack it and what tool did you use?

SQLmap was the tool, we got access through a vulnerability but then we couldn't get access.

---

You need to give more detail about the SQL injection type. If it's a blind SQL injection then yes SQLMap is the best way to go. But this can be a very slow process especially if you are looking to extract the full db.
I'd recommend trying to retrieve the employee/admin/user table first and try to brute force (dict) some passwords to see if you can gain an admin access to make you dump directly inside the app... would save time.

Provide more detail about the injection and we will see if we can help.
Any idea of the size of the db ?

we had access to the admins but the passwords were hashed. what to do then, brute force against the hash?

the size we don't know, so we lost access as if we had been detected .... we had to act fast but we didn't know what to do.

[van_icehead]

maybe try to crack the hash with john, it should be able to crack the hash

[selluk]

I think downloading the database depends on the tool you are using to crack the database. Also how did you crack it and what tool did you use?

SQLmap was the tool, we got access through a vulnerability but then we couldn't get access.

---

You need to give more detail about the SQL injection type. If it's a blind SQL injection then yes SQLMap is the best way to go. But this can be a very slow process especially if you are looking to extract the full db.
I'd recommend trying to retrieve the employee/admin/user table first and try to brute force (dict) some passwords to see if you can gain an admin access to make you dump directly inside the app... would save time.

Provide more detail about the injection and we will see if we can help.
Any idea of the size of the db ?

we had access to the admins but the passwords were hashed. what to do then, brute force against the hash?

the size we don't know, so we lost access as if we had been detected .... we had to act fast but we didn't know what to do.

dehash it on hashes.com or hashkiller.io web site