Monday, 12 October 2015
A screenshot from the SQLmap official website |
Kali Linux
First off, you need to have Kali linux (or backtrack) up and running on your machine. Any other Linux distro might work, but you'll need to install Sqlmap on your own.
Sqlmap
Basically its just a tool to make Sql Injection easier. Their official website introduces the tool as -"sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections."
A lot of features can be found on the SqlMap website, the most important being - "Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems." That's basically all the database management systems. Most of the time you'll never come across anything other than MySql.
Hacking Websites Using Sqlmap in Kali linux
Sql Version
Boot into your Kali linux machine. Start a terminal, and type -
sqlmap -hIt lists the basic commands that are supported by SqlMap. To start with, we'll execute a simple command
sqlmap -u <URL to inject>. In our case, it will be-
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1Sometimes, using the --time-sec helps to speed up the process, especially when the server responses are slow.
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --time-sec 15
Either ways, when sqlmap is done, it will tell you the Mysql version and some other useful information about the database.
The final result of the above command should be something like this. |
Note: Depending on a lot of factors, sqlmap my sometimes ask you questions which have to be answered in yes/no. Typing y means yes and n means no. Here are a few typical questions you might come across-
- Some message saying that the database is probably Mysql, so should sqlmap skip all other tests and conduct mysql tests only. Your answer should be yes (y).
- Some message asking you whether or not to use the payloads for specific versions of Mysql. The answer depends on the situation. If you are unsure, then its usually better to say yes.
Enumeration
Database
In this step, we will obtain database name, column names and other useful data from the database.
List of a few common enumeration commands |
So first we will get the names of available databases. For this we will add --dbs to our previous command. The final result will look like -
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbsSo the two databases are acuart and information schema.
Table
Now we are obviously interested in acuart database. Information schema can be thought of as a default table which is present on all your targets, and contains information about structure of databases, tables, etc., but not the kind of information we are looking for. It can, however, be useful on a number of occasions. So, now we will specify the database of interest using -D and tell sqlmap to enlist the tables using --tables command. The final sqlmap command will be-
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart --tablesThe result should be something like this -
Database: acuart
[8 tables]
+-----------+
| artists |
| carts |
| categ |
| featured |
| guestbook |
| pictures |
| products |
| users |
+-----------+
Now we have a list of tables. Following the same pattern, we will now get a list of columns.
Columns
Now we will specify the database using -D, the table using -T, and then request the columns using --columns. I hope you guys are starting to get the pattern by now. The most appealing table here is users. It might contain the username and passwords of registered users on the website (hackers always look for sensitive data).
The final command must be something like-
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users --columns
The result would resemble this-
Data
Now, if you were following along attentively, now we will be getting data from one of the columns. While that hypothesis is not completely wrong, its time we go one step ahead. Now we will be getting data from multiple columns. As usual, we will specify the database with -D, table with -T, and column with -C. We will get all data from specified columns using --dump. We will enter multiple columns and separate them with commas. The final command will look like this.
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users -C email,name,pass --dumpHere's the result
John Smith, of course. And the password is test. Email is email@email.com?? Okay, nothing great, but in the real world web pentesting, you can come across more sensitive data. Under such circumstances, the right thing to do is mail the admin of the website and tell him to fix the vulnerability ASAP. Don't get tempted to join the dark side. You don't look pretty behind the bars. That's it for this tutorial. Try to look at other columns and tables and see what you can dig up. Take a look at the previous tutorial on Manual SQl Injection which will help you find more interesting vulnerable sites.
Subscribe to:
Post Comments (Atom)
Search
Followers
Popular Posts
-
Bypassing UAC with PowerShell Recently during a Red Team engagement, I got shell access to some user machines using Client Side Att...
-
Go to Start > Run > type " regedit ". Once in regedit go to [HKEY_CURRENT_USER\Software\Microsoft\Window...
-
You Have To Follow These STEPS: 1. Open notepad and paste the following code in it. 2. Change the password in place of (qwe...
-
If you want to hide a folder named ABC in your C drive. Just follow the steps as given below :- STEP 1: Goto Run and type cmd. S...
-
So Here Is A Trick Now U Can Chat With Your Friend Through Command Prompt.. You need only your friend IP address.. Open Notepad and ...
-
Note: This Article Is Not For Noobs! Learners Are Welcomed! This Article Is For Educational Purposes Only, Any Misuse Of Information Give...
-
SyntaxNet: Neural Models of Syntax. Installation Running and training SyntaxNet models requires building this package from source. Yo...
-
This article is a quick, comprehensive guide on setting up your newly installed KaliLinux2.0 (very attractive new GUI by the way) for secu...
-
This trick will allow you to create files and folders without any name. Just follow the steps as given below : 1) Select any file...
-
Just follow the steps as given below : Step 1: Create the shortcut for the folder or tool for which you need to create the shortcut. ...
Blog Archive
-
▼
2015
(72)
-
▼
October
(34)
- What Is the Difference: Viruses, Worms, Ransomware...
- Kali Linux (MITM ATTACK)
- Brute Force Facebook Passwords (99% Working!)
- Denial Of Service Attacks : Explained for Beginner...
- Wifi Hacking - WEP - Kali Linux Aircrack-ng suite
- Hacking Website with Sqlmap in Kali Linux
- How To Open CMD In Desired Folder
- How To Lock And Unlock Your Computer With Pendrive
- How To Lock A Folder Without Any Software
- How To Make An UnDeleteable Folder
- How To Hide Text Behind The Images
- How To Hide Data In Notepad
- How To Hide Hard Drive Partition
- How To Hide A Folder Without Any Software
- How To Hide A Folder Using Command Prompt
- How To Enable God Mode In Windows 7,8,8.1 or 10
- How To Enable Registry Editor Which Is Disabled By...
- How To Enable Registry Editor Which Is Disabled By...
- How To Enable Registry Editor Which Is Disabled By...
- Some Important DOS Commands Which Makes You a Bett...
- How To Disable Right Click On Desktop
- How To Create Own Run Commands In Windows
- How To Create Folder And Files With No Name
- How to Block Websites Without Any Software
- How To Access Your Folder As a Drive
- How to Encrypt Your Browser Sessions in Linux
- Hacker Fundamentals: The Everyman's Guide to How N...
- Creating Virus That Format C Drive
- Stupid Geek Tricks: Make Your Own Fake Virus with ...
- Advanced XSS Tutorials for Web application Pen Tes...
- How to hack windows XP machine using MS08_067_NETA...
- Kali Linux Commands Cheat Sheet
- How To Crash WhatsApp With Just One Special Message
- Bypassing UAC with PowerShell
-
▼
October
(34)
Text Widget
Powered by Blogger.
0 comments:
Post a Comment