Скачать или смотреть SQL Injection via SQLMap ( Kali Linux )

Sqlmap is one of the most popular and powerful sql injection automation tool out there. Given a vulnerable http request url, sqlmap can exploit the remote database and do a lot of hacking like extracting database names, tables, columns, all the data in the tables etc. It can even read and write files on the remote file system under certain conditions. Written in python it is one of the most powerful hacking tools out there. Sqlmap is the metasploit of sql injections.



1. Lets say there is a web application or website that has a url in it like this

http://testphp.vulnweb.com/search.php...

and it is prone to sql injection because the developer of that site did not properly escape the parameter id.

2. This can be simply tested by trying to open the url

http://testphp.vulnweb.com/search.php...

We just added a single quote in the parameter. If this url throws an error or reacts in an unexpected manner then it is clear that the database has got the unexpected single quote which the application did not escape properly.


3. Hacking with sqlmap

Now its time to move on to sqlmap to hack such urls. The sqlmap command is run from the terminal of kali.

sqlmap -u http://testphp.vulnweb.com/search.php... --dbs

The "--dbs" option is used to get the database list.

4. Find Tables & Dump Data

sqlmap -u http://testphp.vulnweb.com/search.php... -D acuart --tables

sqlmap -u http://testphp.vulnweb.com/search.php... -T users --dump

The above command will simply dump the data of the particular table, very much like the mysqldump command.

The hash column seems to have the password hash. Try cracking the hash and then you would get the login details rightaway. sqlmap will create a csv file containing the dump data for easy analysis.