Hey Folks, in this tutorial we are going to demonstrate database hacking through one of the most valuable tool called is “sqlmap“. The tutorial is designed for education purposes only where we will point you to the complete steps to acquire a web server due to the vulnerability of sql injection using the sqlmap tool.

Hmm ! But why do we use the sqlmap tool ? ๐Ÿ™‚ ! SQL injection vulnerabilities can be detected using some well-known payloads, but exploiting the vulnerability can be complicated if you are a beginner, that’s why we use tools such as the “sqlmap” that is capable of exploiting SQL injection vulnerabilities using multiple combinations of payloads per second. sqlmap is an open source penetration testing tool that automates the process of detecting, exploiting the SQL injection vulnerability and taking over of database servers.

Keep in Mind ๐Ÿ™‚ Usage of sqlmap for attacking targets without prior mutual consent is illegal.

Lets take a look ๐Ÿ™‚ !!

Why SQL Injection Vulnerability Occurs?

SQL injection vulnerability comes out on top in OWASP Top 10 and even the most critical injection vulnerabilities. Injection flaws occur when a web application accepts an untrusted user supply and executes it directly in the database as a command or query. Likewise SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an any entry field for execution purposes by attacker. So there are two ways to detect and exploit SQL injection vulnerabilities.

  • Detected manually by systematic set of tests.
  • By using automate tools such as : SQLmap.

However, we will do the same thing in both ways, but for the manual method you should have a lot more knowledge about MySQL database statements and if you are a beginner then you should go with automated tools. In this article we will take the help of “SQLmap” automated tool to perform MySQL database hacking or penetration testing. Let’s start !!

Installation

The Sqlmap tool comes pre-installed in the Kali Linux operating system but sometimes we do not have the same operating system, so we will try to download and configure this tool separately. To configure the slqmap tool in any operating system, we must first meet the requirements of this tool. Let’s install “python2” tool first using the following command.

Now we’ll download the sqlmap tool by using the git command, after downloading is done then we will go to the directory and boot this tool by using the python script.

Upgrade Sqlmap Tool

As we know it comes pre-installed in Kali Linux operating system but sometimes we forget to upgrade the installed tool, hence we can upgrade our sqlmap tool using the following command.

Featurs of SQLmap Tool

  • Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.
  • Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, Informix, MariaDB, MemSQL, TiDB, CockroachDB, HSQLDB, H2, MonetDB, Apache Derby, Amazon Redshift, Vertica, Mckoi, Presto, Altibase, MimerSQL, CrateDB, Greenplum, Drizzle, Apache Ignite, Cubrid, InterSystems Cache, IRIS, eXtremeDB and FrontBase database management systems.
  • Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
  • Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
  • Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.

Likewise you can read complete features of this tool from here ๐Ÿ™‚ !!

Google Dork

Google Dorks useful for passive information gathering purposes. This is the best way to reconnaissance about the target website even the target site doesnโ€™t know about our reconnaissance. We donot have any vulnerable website where we can perform SQL injection ๐Ÿ’‰ hence we will take help of google dork. We will try to find the vulnerability in web application through “cat” parameter. But the question is, why do we choose the parameter itself to test or exploit the SQL injection vulnerability ? Ok !! Originally the parameter is also known by the alias of the query strings and according to Google it is a way of passing information to the server through a URL, that’s why attackers takes help of parameter’s to insert their malicious SQL statements directly into the database. You choose any parameter according to you and change it in the given google dork and do a search on google.

Google gives many websites in which the “cat” parameter is being used to show the content of web pages or different-2 purposes. We choose the following website and as soon as we add single quote after “?cat=” parameter we get an MySQL syntax error which means the site is vulnerable to the SQL injection vulnerability.

Thus, we can try to identify SQL injection vulnerabilities by deploying a separate -2 meta character. It is now discovered that the website is insecure and we will get data from the database using the sqlmap tool.

Database

Our first objective will be to dump the entire database from the web server. Check the command below in which the “U” parameter has been used to give the exact location of the SQL injection vulnerability found in the website. The “dbs” parameter is being used to dump the names of the database.

Usage ๐Ÿ™‚ !! sqlmap -u “<URL>>” –dbs

Great ๐Ÿ™‚ !! Sqlmap has successfully detected the SQL injection vulnerability which results in us getting the database name which is available in the web application.

We want to erase a question in your mind related to batch commands. SQLMap may ask us to provide input during the scan, hence we use this feature to discard everything after which it do all these tasks ourselves.

Usage ๐Ÿ™‚ !! sqlmap -u “<URL>>” –dbs –batch

As you can see the two databases are built into the web application database server.

Tables

As we know that an SQL database contains multiple objects such as tables. So we will select one of the two databases and try to dump the names of the tables present in the database using the following command. “-D” used for database name.

Usage ๐Ÿ™‚ !! sqlmap -u “<URL>>” -D < database name > –tables

Great ๐Ÿ™‚ !! We get what we thought ! As you can see after executing the above we got the name of the tables present in the web application database.

Columns

In a relational database, a column is a set of data values in which contain text values, numbers, email and passwords. Now you can select any one table you want to dump but in our case we will select the “users” table to get sensitive information from the database.

Usage ๐Ÿ™‚ !! sqlmap -u “<URL>>” -D < database name > -T < tables name > –columns

Alright ๐Ÿ™‚ !! We are going the right way and as you can see we have successfully dumped all the columns using the above command. Now we have all the sensitive files in front of us, let’s try to dump them.

Dump Columns

The wait is over now and we will first dump the email address files from the database. Just add the column name to the command and dump the file.

Usage ๐Ÿ™‚ !! sqlmap -u “<URL>>” -D < database name > -T < tables name > -C < columns name > –dump

YEHE ๐Ÿ™‚ !! You can see that we have found an email address in the files which is not enough. So let’s try to dump the whole table.

Dump Particular Table

As you see, dumping the tables one by one and then their columns will be a very long process, hence we will dump the entire table at once by adding the “dump” parameter after the table.

Usage ๐Ÿ™‚ !! sqlmap -u “<URL>>” -D < database name > -T < tables name > –dump –batch

Amazing ๐Ÿ™‚ !! Finally we get sensitive credentials of users after dumping entire “user” tables and thus we have successfully hacked the back end database of the web application by using the sqlmap tool.

Dump All Tables

This tool has another feature through which we can dump the number of multiple tables at once. Let’s try it also. Just after selecting any database you need to add “--dump-all” feature.

Usage ๐Ÿ™‚ !! sqlmap -u “<URL>>” -D < database name > –dump-all –batch

Done ๐Ÿ™‚ !! We cannot show all the results due to maximum size of screenshot but you can see that all the tables, columns and data are dumped at once as soon as the above command is executed.

As you have seen how attackers steal and hack data with the help of these tools due to SQL injection vulnerability in web application.

Keep in Mind ๐Ÿ™‚ Usage of sqlmap for attacking targets without prior mutual consent is illegal and this tutorial is made for educational purposes.

Credit : wikipedia.org & sqlmap.org

About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.

19 thoughts on “Website Penetration Testing and Database Hacking with Sqlmap”

  1. I all the time used to study article in news papers but now as I am a user of net so from now I am using net for articles or reviews, thanks to web.

  2. When someone writes an post he/she retains the plan of a user in his/her
    mind that how a user can know it. Thus that’s why this article is
    amazing. Thanks!

  3. Woิ, incredible blog layout! How long have you been ฦ…logging for?
    yoแฅ™ make blogging lฮฟok easy. The overall look of yะพur แดกebsite is excellent, as wะตll as
    thะต cแงntent!

  4. Its like you read my thoughts! You appear to grasp so much approximately this, like you wrote the guide in it or something.

    I think that you could do with a few % to power the message
    home a little bit, however instead of that, that is excellent blog.
    A great read. I’ll certainly be back.

  5. Combines agility & elasticity with fast deployment & distribution inside your data center, to benefit from full-featured Oracle Cloud solutions with the new Oracle Cloud at Customer Gen 2 delivered by Logika IT Solutions.

  6. Thank you for the auspicious writeup. It in fact was a amusement account
    it. Look advanced to far added agreeable from you! By the way, how can we
    communicate?

  7. Right here is the right site for anybody who hopes to find out about
    this topic. You understand a whole lot its almost
    hard to argue with you (not that I personally would want toโ€ฆHaHa).
    You definitely put a new spin on a subject that’s been discussed for
    a long time. Excellent stuff, just excellent!

  8. Great weblog right here! Also your site quite a bit up fast!
    What web host are you the use of? Can I get
    your associate link in your host? I want my web site loaded up as
    fast as yours lol

  9. hi!,I like your writing so a lot! percentage we keep up a correspondence more approximately your
    post on AOL? I require an expert in this house to resolve my problem.
    May be that is you! Looking forward to peer you.

  10. You don’t know all there is to know about Marketing and advertising.
    Affiliate marketing is about the best ways commence an online business model.

    It doesn’t have to do anything else but have a message.

  11. There are many article directories on the field of Wide On the web.
    Again, she can be a person who reads, writes, leaves
    comments and extremely helpful to others. Put up a web site and they
    will come, suited?

  12. You are so awesome! I don’t believe I’ve truly read through a single thing like that before. So wonderful to discover someone with some genuine thoughts on this topic. Really.. thanks for starting this up. This site is something that is required on the internet, someone with a bit of originality!

  13. Hi! Would you mind if I share your blog with my zynga group?
    There’s a lot of people that I think would really enjoy your content.
    Please let me know. Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *