How to hack SQL Injection vulnerable websites using Sqlmap ?

What is SQL Injection?

 SQL Injection is a code injection technique where an attacker executes malicious SQL queries that control a web application’s database.Attacker can modify,add and delete records from the database. 
 An SQL Injection vulnerability may effect any website or web application that uses an SQL database such as MySQL, Oracle and SQL server etc.

SQL Injection attacks are one of the oldest and dangerous web application vulnerabilities. The OWASP organization (Open Web Application Security Project) lists SQL Injection in OWASP Top 10 vulnerabilities. 


Hack sql injection vulnerable websites using sqlmap

What is Sqlmap?


Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
Given a vulnerable HTTP request URL, Sqlmap can exploit the remote database and do a lot of hacking like extracting database names, tables, columns, all the data in the tables etc. It can even read and write files on the remote file system under certain conditions.

Where can you use Sqlmap?


 If you observe a web URL is in the form of the given link :- 

 http://testphp.vulnweb.com/listproducts.php?cat=1

 Where the GET parameter is in bold, then the website may be vulnerable to this mode of SQL Injection and an attacker may be able to gain access to the information in the database.

A simple test to check whether your website then replace the value in the GET request parameter with an asterisk (*).

For Example - http://testphp.vulnweb.com/listproducts.php?cat=*


Sql injection


If you get this type of SQL Syntax error then we can say that website is vulnerable to SQL Injection.

In this article, I am using this vulnerable website which is designed with vulnerabilities for demonstrating purpose.
http://testphp.vulnweb.com/listproducts.php?cat=1

We can hack into database by doing manual process but In this article , I am gonna use Sqlmap automated tool for SQL Injection. We will see manual way of doing SQL Injection in another article.
So, Lets get into it.

I am using Sqlmap on my terminal of Kali Linux Operating system which is installed in Oracle VirtualBox. 
You can also check for Sqlmap help by typing the below command in terminal.

sqlmap -h 

This command will show you how to use Sqlmap in terminal.

Step 1 :  List Information about the existing databases

Firstly, we will have to enter the vulnerable URL along with -u parameter. Now we want to check whether it is possible to gain access to a database, So we will use --dbs option to do so.
--dbs for listing all the available databases.

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs

SQL Injection using sqlmap

 If it asks for keep testing for others, then type "Y" and hit enter. and it will show you all available databases like below screenshot.

SQL Injection using sqlmap


Step 2 : List Information about Tables present in the particular database
Now, To access the database we have to modify our command. We will now use -D to specify our database name that we want to access. and to fetch the tables information from any database, We will use --tables query. Now Let access the "acuart" database and check for tables inside this database.

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart --tables

SQL Injection using sqlmap

Type this command and hit enter and You will see list of tables present in acuart database.

SQL Injection using sqlmap


Step 3 : List Information about the columns of a particular table
If we want to view the columns of a particular table, we can use the following command in which we use -T to specify the table name and --columns to query about the columns inside that table.
So, We are more interested in users table because that can contain information about usernames and passwords.
 sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users --columns

SQL Injection using sqlmap

This command will display the all columns present in the users table. what are the fields inside that table, all columns will be displayed like below screenshot.

SQL Injection using sqlmap


Step 4 : Dump the data from the columns

Similarly, we can access the information in a specific column by using the following command, where -C can be used to specify multiple columns separated by comma just like i have done.
and --dump query to retrieve the data from the columns.
I want to retrieve data of multiple columns like uname, pass and email. So, I specified -C uname,pass,email.

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users -C uname,pass,email --dump

SQL Injection using sqlmap

This command will dump the data from the specified columns, tables and database. and It will show you output like this.

SQL Injection using sqlmap

As you can see, we have successfully dumped the data like username , password from the database.
You can access the any database, any table and any columns. Just explore this thing.
Happy Learning

Post a Comment

0 Comments