SQLMAP is a database pentesting tool used to automate SQL Injection. Practically using sqlmap, we can dump a whole database from a vulnerable server. SQLMap is written in python and has got dynamic testing features. It can conduct tests for various database backends very efficiently. Sqlmap offers a highly flexible & modular operation for a web pentester. It can act as a basic fingerprinting tool and till upto a full database exploitation tool.Simply we can say that there will be no web application testing without sqlmap. All in all, fully loaded..!
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution – Wikipedia
Sql injection is basically making the backend database server to execute unintended queries to gain information or to bypass authentication or to execute a command in the remote host and various other malicious purposes. These unintended queries are usually executed by inputting special operational characters(dependent on the backend DBMS) through input forms in web pages like login forms. By performing SQLi an attacker can perform various types of tasks on the remote machine. SQLi is the most widely found vulnerability among websites. Click here to view some statistics.
Attacker Machine: Kali Linux 2.0 (VM)
Target: OWASPBWA (VM), IP Addr: 192.168.0.104, Application: Mutillidae
Target URL(Scope) : http://192.168.0.104/mutillidae/
In this lab, we are simply grabbing the banners from the remote machine. Details like backend DBMS, Web application technology, Server OS, Web server type & version etc are retrieved from this operation. For this we need to specify in the exact url or a file which contains the request to the url. In this tutorial, we are performing the operation with a file containing the request. We can take this request with the help of burpsuite. We can turn ON the intercept & forward the request from our browser to burpsuite. Seeing the request we can copy the request & paste it in a file. Refer to tutorial on burpsuite here to learn how to start with burpsuite.
Open the login page of the Mutillidae(or which ever target you have).
Open Burpsuite & turn ON intercepting proxy. Also configure browser to send connections to burpsuite as a proxy. Refer here to see how to do this.
Come back to browser & give some data in the text boxes & submit.
See request intercepted at burpsuite. Copy the entire request to a new file. Here I am using “mut-sqlmap-bypassauth-post.req”. Then save the file.
Note: After turning ON Intercepting in Burp, select the POST request only. The request should be the one which you would do when performing a browser based manual SQL Injection.
Edit the file in any text editor to make the username & password blank. Give 2 single quotes.
Command: sqlmap -r mut-sqlmap-bypassauth-post.req<replace with yours> --threads=10<optional> -b
Sqlmap asks couple of questions during the execution. You can answer yes (‘y’) for all of them but do read them carefully.
You can get to see various messages & the actual operation done by sqlmap and finally the results are shown.
Here the webserver, backend database web technology & the system OS are displayed. All this information is stored in a local directory also. You can try reading them also.
Mutillidae Download Link: http://sourceforge.net/projects/mutillidae/
OWASP BWA Download Link: http://sourceforge.net/projects/owaspbwa/?source=directory
http://blog.checkpoint.com/2015/05/07/latest-sql-injection-trends/
http://www.darkreading.com/risk/sql-injections-top-attack-statistics/d/d-id/1132988
Got it! Below is the updated README.md file with instructions for downloading the project on…
Termo-Kali bridges the gap between powerful Linux capabilities and the convenience of mobile devices by…
Welcome to the Ethical Hacking Quiz Application, designed to help learners test their knowledge of…
The WPA2 Handshake Automation Tool is a Python3 script designed to simplify the process of setting up…
A custom bash script designed to streamline your startup process and enhance your scripting skills.…
Welcome to the Cybersecurity Toolkit, a collection of essential Python tools designed for penetration testing…