SQLMAP is a database pentesting tool used to automate SQL Injection. Practically using sqlmap, we can dump a whole database from a vulnerable server. SQLMap is written in python and has got dynamic testing features. It can conduct tests for various database backends very efficiently. Sqlmap offers a highly flexible & modular operation for a web pentester. It can act as a basic fingerprinting tool and till upto a full database exploitation tool.Simply we can say that there will be no web application testing without sqlmap. All in all, fully loaded..!
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution – Wikipedia
Sql injection is basically making the backend database server to execute unintended queries to gain information or to bypass authentication or to execute a command in the remote host and various other malicious purposes. These unintended queries are usually executed by inputting special operational characters(dependent on the backend DBMS) through input forms in web pages like login forms. By performing SQLi an attacker can perform various types of tasks on the remote machine. SQLi is the most widely found vulnerability among websites. Click here to view some statistics.
Attacker Machine: Kali Linux 2.0 (VM)
Target: OWASPBWA (VM), IP Addr: 192.168.0.104, Application: Mutillidae
Target URL(Scope) : http://192.168.0.104/mutillidae/
In this lab, we are simply grabbing the banners from the remote machine. Details like backend DBMS, Web application technology, Server OS, Web server type & version etc are retrieved from this operation. For this we need to specify in the exact url or a file which contains the request to the url. In this tutorial, we are performing the operation with a file containing the request. We can take this request with the help of burpsuite. We can turn ON the intercept & forward the request from our browser to burpsuite. Seeing the request we can copy the request & paste it in a file. Refer to tutorial on burpsuite here to learn how to start with burpsuite.
Open the login page of the Mutillidae(or which ever target you have).
Open Burpsuite & turn ON intercepting proxy. Also configure browser to send connections to burpsuite as a proxy. Refer here to see how to do this.
Come back to browser & give some data in the text boxes & submit.
See request intercepted at burpsuite. Copy the entire request to a new file. Here I am using “mut-sqlmap-bypassauth-post.req”. Then save the file.
Note: After turning ON Intercepting in Burp, select the POST request only. The request should be the one which you would do when performing a browser based manual SQL Injection.
Edit the file in any text editor to make the username & password blank. Give 2 single quotes.
Command: sqlmap -r mut-sqlmap-bypassauth-post.req<replace with yours> --threads=10<optional> -b
Sqlmap asks couple of questions during the execution. You can answer yes (‘y’) for all of them but do read them carefully.
You can get to see various messages & the actual operation done by sqlmap and finally the results are shown.
Here the webserver, backend database web technology & the system OS are displayed. All this information is stored in a local directory also. You can try reading them also.
Mutillidae Download Link: http://sourceforge.net/projects/mutillidae/
OWASP BWA Download Link: http://sourceforge.net/projects/owaspbwa/?source=directory
http://blog.checkpoint.com/2015/05/07/latest-sql-injection-trends/
http://www.darkreading.com/risk/sql-injections-top-attack-statistics/d/d-id/1132988
garak checks if an LLM can be made to fail in a way we don't…
Vermilion is a simple and lightweight CLI tool designed for rapid collection, and optional exfiltration…
ADCFFS is a PowerShell script that can be used to exploit the AD CS container…
Tartufo will, by default, scan the entire history of a git repository for any text…
Loco is strongly inspired by Rails. If you know Rails and Rust, you'll feel at…
A data hoarder’s dream come true: bundle any web page into a single HTML file.…