Monday, October 19, 2015

SQL Map for sql injection

Kali OS is a must for a pen tester today. Because it has bundled hundreds of hacking tools into one OS. It makes us easier to find the vulnerabilities and make the use of exploits.

Within those hundreds of tools this post will discus about SQL Map tool which is very useful for pen testers to find out the SQL Injection vulnerability.

SQL injections are common in every SQL database system. But in each different manner. We can do manually also a SQL injection attack. But if we tried to do it manually (without using tools) it may take very long time to get the database. Cause we have to try again and again by changing the URL. It's very crucial task. That's why SQL injection tools become more popular such as Havij, SQL ninja, SQL dump.

Note : before you use this tool you should have detected that the web server is vulnerable for SQL injection attacks. How we can get know that ? Simply type a apostrophe(') at the end of the URL(URLs which have "php?id=num" at the end.in this "num" is a numeric char 0-9) and enter. If the web server is vulnerable for SQL injection server will returns a error page which warning that our query is wrong.some times it shows what database is it and version also.



If it succeeded go to next step. Copy the previous URL(without apostrophe).
Open Kali terminal and type  
sqlmap --url <url just copied> --dbs

 This syntax will returns databases available in the web server. When this returns the databases in a web server there could be many susceptible Databases. As your experience you may feel which database could be site admin credentials stored. Or else you may have to try out one by one in the database list.

After you select a database for more enumeration copy the name of database and type this

sqlmap --url <URL> -D <Database you copied> --tables

Be careful with the hyphen sign. Before "D" there is single hyphen. When you enter this it will enumerate all Tables in side the selected Database. In the listed tables also there may be susceptible tables which would be the site admin logins stored. To enumerate the table columns follow the command,

sqlmap --url <URL> -D <Database name> -T <Selected table name> --columns

This enumerates available columns inside the given table. Actually this step is optional because the following syntax will give you the available data inside a table with the relevant column.

sqlmap --url <URL> -D <database name> -T <table name> --dump

This will give you all the data in the table with a grid.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)