Website Hacking - SQL Injections - Sqlmap Introduction

Sqlmap : This is a very powerful penetration test tool (open source) , it automates the discovery and exploitation of vulnerabilities to SQL injection attacks. It has many functions , and included features such as detecting DBMS, databases, tables , columns, retrieve data and even take control of a database.

Lets Start with Website Hacking - SQL Injections

Step 1 :-If you are using Kali Linux SQLMap comes pre-installed.If not installed then download from below link :-

http://sqlmap.org/

Boot into your Kali linux machine. Start a terminal, and type

sqlmap -hh

Step 2 :-First we need a target to do this,go to your test website in this example we have used a PHP one, we then navigate between pages, when you see "artists.php?artist=1" in the address bar , copy the address.

Step 3 :-Open your terminal and type this :

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 --dbs

Step 4 :-when sqlmap is done, it will tell you the Mysql version and some other information about the database.

At the end of the process , it will show you databases that it has found.

Step 5 :-Now we are obviously interested in acuart database. Information schema can be thought of as a default table which is present on all your targets, and contains information about structure of databases, tables, etc., but not the kind of information we are looking for. So, now we will specify the database of interest using -D and tell sqlmap to enlist the tables using --tables command. The final sqlmap command will be-

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart --tables

Step 6 :-The result should be something like this

Step 7 :-Now we will specify the database using -D, the table using -T, and then request the columns using --columns. I hope you guys are starting to get the pattern by now. The most appealing table here is users. It might contain the username and passwords of registered users on the website (hackers always look for sensitive data). The final command must be something like-

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart -T users --columns

Step 8 :-The result should be like this :

Step 9 :-We have now successfully listed the contents of the database we can then extract information from these tables by using the following dumb again.

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart -T users --dumb

Step 10 :-Type 1 for default dictionary file.

Step 11 :-The result should be like this :

Step 12 :- Now, if you were following along attentively, now we will be getting data from one of the columns. Now we will be getting data from multiple columns. As usual, we will specify the database with -D, table with -T, and column with -C. We will get all data from specified columns using --dump-all. We will enter multiple columns and separate them with commas. The final command will look like this.

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart -T users --dumb-all

Step 13 :-Type 1 for default dictionary file.

Step 14 :- The result should be like this :

Step 15 :-The result should be something like this

I hope you enjoyed this article.