Welcome Guest! To enable all features please try to register or login.
Share
Options
Go to last post Go to first unread
Offline ABDK  
#1 Posted : Friday, March 25, 2016 10:54:35 PM(UTC)
ABDK


Rank: Administrator
Reputation:
Medals: Medal of Appreciation: The owner of this Medal has shown great participation in learning, helping and contributing ...

Joined: 1/26/2011(UTC)
Posts: 238

Thanks: 36 times
Was thanked: 10 time(s) in 9 post(s)
Sqlmap Introduction

Sqlmap is the most powerful SQL Injection tool that is available for free and an open source program. Sqlmap automates the process of detecting and exploiting SQL Injection and taking over of database servers.

Sqlmap is able to detect and exploit six different SQL Injections types that are:

  • Boolean-based blind
  • Time-based blind
  • Error-based
  • UNION query-based
  • Stacked queries
  • Out of Bound


Sqlmap offers many features like:

  • Directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
  • Enumerate users, password hashes, privileges, roles, databases, tables and columns.
  • Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
  • Dump database tables entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.
  • Search for specific database names, specific tables across all databases or specific columns across all databases' tables.
  • Download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
  • Execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
  • Establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.
  • Database process' user privilege escalation via Metasploit's Meterpreter getsystem command.


Download Sqlmap

Sqlmap is written in Python language that supports cross platform. So, to use the Sqlmap you first need to install python interpreter. You can download the python interpreter from the following link.



You can download Sqlmap from the following link



Download the Sqlmap zip and extract the zip in any directory. Launch the cmd (windows Users) and navigate to the Sqlmap directory, where you can execute Sqlmap commands.

Sqlmap Usage

Basic command to detect SQL Injection and enumerate Databases of the victim

Code:
sqlmap.py – u http://victimsite.com/index?id=2 --dbs


Sqlmap Command


Most commonly used commands of Sqlmap

Usage: sqlmap.py [options]

Options:
Code:
-h, --help            Show basic help message and exit
-hh                   Show advanced help message and exit
--version             Show program's version number and exit
-v VERBOSE            Verbosity level: 0-6 (default 1)


Target:
At least one of these options has to be provided to define the target(s)

Code:
    -u URL, --url=URL   Target URL (e.g. "http://www.site.com/vuln.php?id=1")
    -g GOOGLEDORK       Process Google dork results as target URLs


Request:
These options can be used to specify how to connect to the target URL

Code:
    --data=DATA         Data string to be sent through POST
    --cookie=COOKIE     HTTP Cookie header value
    --random-agent      Use randomly selected HTTP User-Agent header value
    --proxy=PROXY       Use a proxy to connect to the target URL
    --tor               Use Tor anonymity network
    --check-tor         Check to see if Tor is used properly

Injection:
These options can be used to specify which parameters to test for, provide custom injection payloads and optional tampering scripts

Code:
-p TESTPARAMETER    Testable parameter(s)
    --dbms=DBMS         Force back-end DBMS to this value


Detection:
These options can be used to customize the detection phase
Code:

    --level=LEVEL       Level of tests to perform (1-5, default 1)
    --risk=RISK         Risk of tests to perform (0-3, default 1)

Techniques:
These options can be used to tweak testing of specific SQL injection techniques

Code:
    --technique=TECH    SQL injection techniques to use (default "BEUSTQ")


Enumeration:
These options can be used to enumerate the back-end database management system information, structure and data contained in the tables. Moreover you can run your own SQL statements

Code:
    -a, --all           Retrieve everything
    -b, --banner        Retrieve DBMS banner
    --current-user      Retrieve DBMS current user
    --current-db        Retrieve DBMS current database
    --passwords         Enumerate DBMS users password hashes
    --tables            Enumerate DBMS database tables
    --columns           Enumerate DBMS database table columns
    --schema            Enumerate DBMS schema
    --dump              Dump DBMS database table entries
    --dump-all          Dump all DBMS databases tables entries
    -D DB               DBMS database to enumerate
    -T TBL              DBMS database table(s) to enumerate
    -C COL              DBMS database table column(s) to enumerate


Operating system access:
These options can be used to access the back-end database management system underlying operating system

Code:
    --os-shell          Prompt for an interactive operating system shell
    --os-pwn            Prompt for an OOB shell, Meterpreter or VNC


General:
These options can be used to set some general working parameters

Code:
    --batch             Never ask for user input, use the default behaviour
    --flush-session     Flush session files for current target


Miscellaneous:
Code:
    --sqlmap-shell      Prompt for an interactive sqlmap shell
    --wizard            Simple wizard interface for beginner users


Official Demonstration Video


Note: This is an introduction post of Sqlmap, a demo for working with Sqlmap will be posted soon. So, Stay tuned. Dance

To learn about SQL Injection and how SQL Injection works you can read the 5 days tutorials on SQL Injection here:


[Day 1][Tutorial]Manual SQL injection: Happy Hunting

[Day 2][Tutorial]Manual SQL injection: Access To Database

[Day 3][Tutorial]Manual SQL injection: Admin 0day

[Day 4][Tutorial]Manual SQL injection: Your Day

[Day 5][Tutorial]Manual SQL injection: Securing Site
Sponsor
Rss Feed  Atom Feed
Users browsing this topic
Guest
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Notification

Icon
Error