Sqlmap : This is a very powerful penetration test tool (open source) , it automates the discovery and exploitation of vulnerabilities to SQL injection attacks. It has many functions , and included features such as detecting DBMS, databases, tables , columns, retrieve data and even take control of a database.
Lets Start with Website Hacking - SQL Injections
Step 1 :-If you are using Kali Linux SQLMap comes pre-installed.If not installed then download from below link :-
Boot into your Kali linux machine. Start a terminal, and type
sqlmap -hh
Step 2 :- First we need a target to do this,go to your test website in this example we have used a PHP one, we then navigate between pages, when you see "artists.php?artist=1" in the address bar , copy the address.
Step 3 :- Open your terminal and type this :
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 --dbs
Step 4 :- when sqlmap is done, it will tell you the Mysql version and some other information about the database.
At the end of the process , it will show you databases that it has found.
Step 5 :- Now we are obviously interested in acuart database. Information schema can be thought of as a default table which is present on all your targets, and contains information about structure of databases, tables, etc., but not the kind of information we are looking for. So, now we will specify the database of interest using -D and tell sqlmap to enlist the tables using --tables command. The final sqlmap command will be-
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart --tables
Step 6 :- Now we will specify the database using -D, the table using -T, and then request the columns using --columns. I hope you guys are starting to get the pattern by now. The most appealing table here is users. It might contain the username and passwords of registered users on the website (hackers always look for sensitive data). The final command must be something like-
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart -T users --columns
Step 7 :-We have now successfully listed the contents of the database we can then extract information from these tables by using the following dumb again.
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart -T users --dumb
Step 8 :- Type 1 for default dictionary file.
Step 9 :- Now, if you were following along attentively, now we will be getting data from one of the columns. Now we will be getting data from multiple columns. As usual, we will specify the database with -D, table with -T, and column with -C. We will get all data from specified columns using --dump-all. We will enter multiple columns and separate them with commas. The final command will look like this.
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart -T users --dumb-all
Step 13 :- Type 1 for default dictionary file.
Step 14 :- The result is here ... Now you can access any database
I hope you enjoyed this article.
