SQL Injection Penetration Testing Using SQLmap

 SQL injection penetration

    testing using  SQLmap.

sqlmap is an automated Linux and windows based tool to find SQL injection vulnerability.
Sqlmap gives vulnerable HTTP request URL, sqlmap can exploit the remote database and do a lot of hacking like extracting database names, tables, columns, all the data in the tables, etc.

Sqlmap is a powerful hacking python tool that works well in all the Linux distros such as parrot, kali Linux, etc.

SQL map is preinstalled in kali Linux if you want to install it manually use GitHub. Simply use command 

git clone https://github.com/sqlmapproject/sqlmap

now sqlmap will download in few minutes..

Sqlmap in Linux

Sqlmap in Kali Linux

If its not worked install python packages and try again. It works well with python2 in my case.. see the above image..

  Usage

Sqlmap has hell lots of usages, you can see it by using -h and -H command.

now we'll see the practical use of sqlmap using a live example. for this, I am using android because of public demand. using termux.

for this, we'll need termux

• Termux app download

we are using kali nethuner in termux for better usage..

simply click on a link to learn it how to install if you still don't know..

now hit kali nethunter in termux and use the command

startkali

ls

cd sqlmap

ls

python2 sqlmap.py

now sqlmap interface will be shown in there.

for the target we are using accunetic vulnhub website for understanding.

the login page looks like this..

accunetix vulnerability login page

now copy the URL page and paste in front of --url in command.

python2 sqlmap.py --url "http://testphp.vulnweb.com/listproducts.php?cat=1," -o --threads 8 --dbms mysql -dbs

if id is not present there use 1 or crowl it to see pages with id and use URL of it.

now we can see database name accuart is presented over there so we'll further want to see what's in it.

database

database contains tables and columns to feed information in it. that what we going to extract now..

first, we need to see what tables are inside this database to see it use command.

python2 sqlmap.py --url "http://testphp.vulnweb.com/listproducts.php?cat=1," -o --threads 8 --dbms mysql -dbs --current-db acuart --tables

current-db use for what's in the current database we are seeking here tables which are looks like this..

tables in database

now we can see lots are tables over there contain information and credential.
but we need username and password so we'll see what's in table name 'Users'
use this command to see columns of table 'Users'

python2 sqlmap.py --url "http://testphp.vulnweb.com/listproducts.php?cat=1," -o --threads 8 --dbms mysql -dbs --current-db acuart --tables users --columns

 now the result will show us what columns in table users.

tables and columns in database

now as we can see the email, cc,uname, pass, etc

lots of juicy stuff over here..

need to dump it now..

python2 sqlmap.py --url "http://testphp.vulnweb.com/listproducts.php?cat=1," -o --threads 8 --dbms mysql -dbs --current-db acuart --tables users --dump

this command will dump all credentials in termux. for the sake of security admin use hashes to encrypt it but sqlmap will also decrypt it using a wordlist.

but for us now it is in plaintext.😊

database credentials

just see separators very carefully you'll see

uname-test
pass-test

to test it use it in the login page..

users credential

we got a login successful and success in attack..😉


that it with sqlmap and SQL injection.


I used termux for android because lots of tutorials for other Linux platforms but android users have very little information about how to use it in.. but it works the same in all the platforms and works like charm to find SQL injection...



stay blessed and happy hacking..

You may like these posts