Skip to content
Gallery
ETT - Bestpass
ETT-BestPass
Information required from Bestpass
Infrastructure Requirements
Software License Details
Domain Transfer
SPAN Responsibilities
AWS-ETT Infrastructure - DevOps Team
ETT SQL Details
Mobile App Transfer
Transition Services Agreement (TSA)
Tax Year Changes
Transfer a Domain with NO Downtime
ETT Deployment
ETT Domains
ETT Build Deployments
ETT Payments - Flex Microform
Knowledge Transfer - Technical
Domain KT
Share
Explore
In-House Tools Used

icon picker
SQL Map

Description

SQLMap is an open-source tool that is used to automate the process of manual SQL injection over a parameter on a website.
It detects and exploits the SQL injection parameters itself all we have to do is to provide it with an appropriate request or URL.
It supports 34 databases including MySQL, Oracle, PostgreSQL, etc.

Installation

SQLMAP comes pre – installed with kali linux, which is the preferred choice of most penetration testers. However, you can install sqlmap on other debian based linux systems using the command

Usage

we will make use of a website that is designed with vulnerabilities for demonstration purposes:
As you can see, there is a GET request parameter (cat = 1) that can be changed by the user by modifying the value of cat. So this website might be vulnerable to SQL injection of this kind. To test for this, we use SQLMAP. To look at the set of parameters that can be passed, type in the terminal,
image.png
The parameters that we will use for the basic SQL Injection are shown in the above picture. Along with these, we will also use the –dbs and -u parameter.
Step 1: List information about the existing databases
So firstly, we have to enter the web url that we want to check along with the -u parameter. We may also use the –tor parameter if we wish to test the website using proxies. Now typically, we would want to test whether it is possible to gain access to a database. So we use the –dbs option to do so. –dbs lists all the available databases.
image.png

We get the following output showing us that there are two available databases. Sometimes, the application will tell you that it has identified the database and ask whether you want to test other database types. You can go ahead and type ‘Y’. Further, it may ask whether you want to test other parameters for vulnerabilities, type ‘Y’ over here as we want to thoroughly test the web application.

image.png
We observe that there are two databases, acuart and information_schema

Step 2: List information about Tables present in a particular Database
To try and access any of the databases, we have to slightly modify our command. We now use -D to specify the name of the database that we wish to access, and once we have access to the database, we would want to see whether we can access the tables. For this, we use the –tables query. Let us access the acuart database.
image.png
In the above picture, we see that 8 tables have been retrieved. So now we definitely know that the website is vulnerable.

Step 3: List information about the columns of a particular table
If we want to view the columns of a particular table, we can use the following command, in which we use -T to specify the table name, and –columns to query the column names. We will try to access the table ‘artists’.
image.png

Step 4: Dump the data from the columns
Similarly, we can access the information in a specific column by using the following command, where -C can be used to specify multiple column name separated by a comma, and the –dump query retrieves the data

image.png
From the above picture, we can see that we have accessed the data from the database. Similarly, in such vulnerable websites, we can literally explore through the databases to extract information


Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.