for educational purposes and in order to develop a test for students, i try to "hack" a website developped by a friend : http://www.websitetohack.com.index.php?id=5 When i launch SQLMAP, it finds a "Time Based Blind SQL Injection".
After some dbs queries ; there are the infos i found :
There are three databases:
- db01 (php website example with phpbb forum)
- mysql
- information_schema
The back-end DBMS is MySQL
The current user "username" of DBMS is : administratorforlife
The current user "password" of DBMS is : ohmygod
The current db is : db01
The hostname is : db01hostname
The current user of DBMS is : (DBA) (Database Administrator)
db01 contains a column called "USERS" where 100 fake "accounts + passwords" are listed.
The problem: I don't know where ADMIN PANEL is. I tried to find it via some scripts without success.
With the help SQLMAP, is there any way to connect to the DBMS with the infos that i have in order to retrieve all users data in db01 ? If yes, how ? Do you know some command line to enter DBMS ? As all of you know, in blind mode i would spend years.
Thanks for your help !