Exploit DVWA with sqlmap ON BACKTRACK 5 (just PICTURE)

1. Open Mantra
Run apache and mysql services
in URL Localhost/dvwa

user name = admin    and password  = password
on dvwa security choose low

2. OPen burpsuite

3. On your mantra run proxy port localhsot 8080

4. in column SQL INJECTION id input   '

     and look at in burp suite tab proxy

5. open SQLMAP

option -u and --cookie can u see at information from burp suite top

Result

we can see data base   dvwa


6.  now let's search tables

result

7. now we can look about table users

 in the picture we can see about table user

8. Now we will open the passwords

:D ok i think that's all THANK YOU