SQL Injection Penetration Testing Using SQLmap
SQL injection penetration
testing using SQLmap.
sqlmap is an automated Linux and windows based tool to find SQL injection vulnerability.
Sqlmap gives vulnerable HTTP request URL, sqlmap can exploit the remote database and do a lot of hacking like extracting database names, tables, columns, all the data in the tables, etc.
Sqlmap is a powerful hacking python tool that works well in all the Linux distros such as parrot, kali Linux, etc.
SQL map is preinstalled in kali Linux if you want to install it manually use GitHub. Simply use command
git clone https://github.com/sqlmapproject/sqlmap
|Sqlmap in Linux|
|Sqlmap in Kali Linux|
If its not worked install python packages and try again. It works well with python2 in my case.. see the above image..
Sqlmap has hell lots of usages, you can see it by using -h and -H command.
now we'll see the practical use of sqlmap using a live example. for this, I am using android because of public demand. using termux.
for this, we'll need termux
for this, we'll need termux
we are using kali nethuner in termux for better usage..
simply click on a link to learn it how to install if you still don't know..
now hit kali nethunter in termux and use the command
now sqlmap interface will be shown in there.
for the target we are using accunetic vulnhub website for understanding.
the login page looks like this..
|accunetix vulnerability login page|
now copy the URL page and paste in front of --url in command.
python2 sqlmap.py --url "http://testphp.vulnweb.com/listproducts.php?cat=1," -o --threads 8 --dbms mysql -dbs
if id is not present there use 1 or crowl it to see pages with id and use URL of it.
now we can see database name accuart is presented over there so we'll further want to see what's in it.
database contains tables and columns to feed information in it. that what we going to extract now..
first, we need to see what tables are inside this database to see it use command.
python2 sqlmap.py --url "http://testphp.vulnweb.com/listproducts.php?cat=1," -o --threads 8 --dbms mysql -dbs --current-db acuart --tables
current-db use for what's in the current database we are seeking here tables which are looks like this..
|tables in database|
but we need username and password so we'll see what's in table name 'Users'
use this command to see columns of table 'Users'
python2 sqlmap.py --url "http://testphp.vulnweb.com/listproducts.php?cat=1," -o --threads 8 --dbms mysql -dbs --current-db acuart --tables users --columns
|tables and columns in database|
lots of juicy stuff over here..
need to dump it now..
python2 sqlmap.py --url "http://testphp.vulnweb.com/listproducts.php?cat=1," -o --threads 8 --dbms mysql -dbs --current-db acuart --tables users --dump
this command will dump all credentials in termux. for the sake of security admin use hashes to encrypt it but sqlmap will also decrypt it using a wordlist.
but for us now it is in plaintext.😊
just see separators very carefully you'll see
to test it use it in the login page..
we got a login successful and success in attack..😉
that it with sqlmap and SQL injection.
I used termux for android because lots of tutorials for other Linux platforms but android users have very little information about how to use it in.. but it works the same in all the platforms and works like charm to find SQL injection...
stay blessed and happy hacking..