SlideShare a Scribd company logo

Sqlmap

Download as PPTX, PDF
S
shamshad9

The document discusses sqlmap, an open-source penetration testing tool for detecting and exploiting SQL injection vulnerabilities. It details the capabilities of sqlmap, including support for various database management systems and techniques for database enumeration. Additionally, it outlines steps for using sqlmap in penetration testing, emphasizing its automation of the exploitation process.

Education
1 of 27
Downloaded 12 times
1
2
3
4
5
6
7
8
9
10
11
12
Most read
13
14
Most read
15
16
17
Most read
18
19
20
21
22
23
24
25
26
27
sqlmap PENETRATION TESTING TOOL Presented By, SHAMSHAD T MCA
CONTENT • INTRODUCTION • PENETRATION TESTING TOOL • SQL INJECTION • SQLMAP • FEATURES • SQLMAP ENUMERATION • STEPS • CONCLUSION • REFERENCES
INTRODUCTION  Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering.  It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution based on Knoppix.
The third core developer Raphaël Hertzog joined them as a Debian expert. Kali Linux is based on Debian Testing. Kali Linux was released on the 13th March, 2013 as a complete, top-to-bottom rebuild of BackTrack Linux, adhering completely to Debian development standards.
PENETRATION TESTING TOOL Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit. The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization's security policy compliance, its employees' security awareness and the organization's ability to identify and respond to security incidents.
 SQL injection is a code injection technique that might destroy your database.  SQL injection is one of the most common web hacking techniques.  SQL injection is the placement of malicious code in SQL statements, via web page input. SQL Injection
sqlmap  sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out- of-band connections.  Sqlmap is developed in python.
Sqlmap
FEATURES  Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix database management systems.  Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.  Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
Support to dump database tables entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry. Support to search for specific database names, specific tables across all databases or specific columns across all databases' tables
Sqlmap ENUMERATION  DBMS Server hostname : --hostname  Dbms user the application is using: --current-user  Applications current DB: --current-db  If the current user is a DB: --is-dba  List the DBMS users: --users  List all DBMS users ,password hashes: --passwords  List all available databases: --dbs  List all tables or just for a specific database: --tables(-D <database name>)  List all columns or for a specific table from that database: --columns  Count table entries  Dump data from a database/table/column: --dump,--dump-all
STEP S Step #1 Start sqlmap First, fire up Kali and go to Applications -> Database Assessment ->sqlmap, as shown in the screenshot below
Step #2 Find a Vulnerable Web Site  In order to get "inside" the web site and, ultimately the database, we are looking for web sites that end in "php?id=xxx" where xxx represents some number. Those who are familiar with google hacks/dorks can do a search on google by entering:  inurl:index.php?id=  inurl:gallery.php?id=
Step #3 Open sqlmap When you click on sqlmap, you will be greeted by a screen that below. Sqlmap is a powerful tool, written as a Python script (we will be doing Python tutorial soon) that has a multitude of options.
Step #4 Determine the DBMS Behind the Web Site Before we begin hacking a web site, we need to gather We need to know what we are hacking. The start sqlmap on this task, we type: kali> sqlmap -u "the entire URL of the vulnerable web page“ or this case:
For eg: kali> sqlmap -u "http://www.webscantest.com/datastore/ search_get_by_id.php?id=4"
 When we do so, sqlmap will return results like that below. Notice where I highlighted that the web site backend is using MySQL 5.0
Step #5 Find the Databases We take the command we used above and append it with --dbs, like this: kali > sqlmap -u "http://www.webscantest.com/datastore/ search_get_by_id.php?id=4" --dbs
When we run this command against www.webscantest.com we get the results like
 Notice that I have circled the two available databases, information schema and webscantest. Information schema is included in every MySQL installation and it includes information on all the objects in the MySQL instance, but not data of interest.  Although it can be beneficial to explore that database to find objects in all the databases in the instance, we will focus our attention on the other database here, webscantest, that may have some valuable information.
Step #6 Get More Info from the Database So, now we know what the DBMS is (MySQL 5.0) and the name of a database of interest (webscantest). The next step is to try to determine the tables and columns in that database. In this way, we will have some idea what data is in the database, where it is and what type of data it contains (numeric or string). All of this information is critical and necessary to extracting the data. To do this, we need to make some small revisions to our sqlmap command. Everything else we have used above remains the same, but now we tell sqlmap we want to see the tables and columns from the webscantest database. We can append our command with --columns - D and the name of the database, webscantest such as this:
When we do so, sqlmap will target the webscantest database and attempt to enumerate the tables and columns in this database. kali > sqlmap -u "http://www.webscantest.com/datastore/ search_get_by_id.php?id=4" -D webscantest --tables kali > sqlmap -u "http://www.webscantest.com/datastore/ search_get_by_id.php?id=4" -D webscantest -T accounts -- columns
Sqlmap
Step #6 Get More Info from the Tables kali > sqlmap -u "http://www.webscantest.com/datastore/ search_get_by_id.php?id=4" -D webscantest -T accounts –C uname,passwd --dump Display all the username and password. But the password is a hashed password. The password is encrypted and we need to decrypt it. To crack the password we need another kali tool that is hash_identifier to identify the type of hash.
CONCLUSION  sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.  By using this tool we can find the vulnerable wbsites and access the database.
REFERENCES • http://sqlmap.org/ • https://hackertarget.com/sqlmap-tutorial/ • https://www.binarytides.com/sqlmap-hacking-tutorial/  Youtube
Sqlmap

More Related Content

PPTX
Sqlmap
Rushikesh Kulkarni
 
PPTX
Lex & yacc
Taha Malampatti
 
PDF
Snyk Intro - Developer Security Essentials 2022
Liran Tal
 
PPTX
Sqlmap
Institute of Information Security (IIS)
 
DOC
Vlsm exercises solutions
Gerry Ismanto
 
PPTX
Understanding NMAP
Phannarith Ou, G-CISO
 
PPTX
Pid controllers
Abhishek Mehta
 
PDF
Deep Learning - Overview of my work II
Mohamed Loey
 
Sqlmap
Rushikesh Kulkarni
 
Lex & yacc
Taha Malampatti
 
Snyk Intro - Developer Security Essentials 2022
Liran Tal
 
Sqlmap
Institute of Information Security (IIS)
 
Vlsm exercises solutions
Gerry Ismanto
 
Understanding NMAP
Phannarith Ou, G-CISO
 
Pid controllers
Abhishek Mehta
 
Deep Learning - Overview of my work II
Mohamed Loey
 

What's hot (20)

PPT
SQLMAP Tool Usage - A Heads Up
Mindfire Solutions
 
PDF
Sql injection with sqlmap
Herman Duarte
 
PPTX
Sqlmap
SiddharthWagh7
 
PDF
Sql Injection - Vulnerability and Security
Sandip Chaudhari
 
PPTX
SQL INJECTION
Anoop T
 
PDF
sqlmap internals
Miroslav Stampar
 
PPTX
Sql injection
Hemendra Kumar
 
PPTX
Sql injection
Sasha-Leigh Garret
 
PPT
SQL Injection
Adhoura Academy
 
PPTX
Sql injections - with example
Prateek Chauhan
 
PPTX
Sql injection
Zidh
 
PPT
Sql injection attack
RajKumar Rampelli
 
PPT
Sql injection
Nikunj Dhameliya
 
PPT
A Brief Introduction in SQL Injection
Sina Manavi
 
PDF
SQL injection: Not Only AND 1=1 (updated)
Bernardo Damele A. G.
 
PDF
SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012
Scott Sutherland
 
PPTX
Introduction to Cloud Security
Legal Services National Technology Assistance Project (LSNTAP)
 
PPTX
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
PPTX
Ppt on sql injection
ashish20012
 
PPT
MySQL Atchitecture and Concepts
Tuyen Vuong
 
SQLMAP Tool Usage - A Heads Up
Mindfire Solutions
 
Sql injection with sqlmap
Herman Duarte
 
Sqlmap
SiddharthWagh7
 
Sql Injection - Vulnerability and Security
Sandip Chaudhari
 
SQL INJECTION
Anoop T
 
sqlmap internals
Miroslav Stampar
 
Sql injection
Hemendra Kumar
 
Sql injection
Sasha-Leigh Garret
 
SQL Injection
Adhoura Academy
 
Sql injections - with example
Prateek Chauhan
 
Sql injection
Zidh
 
Sql injection attack
RajKumar Rampelli
 
Sql injection
Nikunj Dhameliya
 
A Brief Introduction in SQL Injection
Sina Manavi
 
SQL injection: Not Only AND 1=1 (updated)
Bernardo Damele A. G.
 
SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012
Scott Sutherland
 
Introduction to Cloud Security
Legal Services National Technology Assistance Project (LSNTAP)
 
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
Ppt on sql injection
ashish20012
 
MySQL Atchitecture and Concepts
Tuyen Vuong
 
Ad

Similar to Sqlmap (20)

PPTX
sqlmap- using -kali -linux by-22011556-105.pptx
NasirAli233814
 
PDF
Sql Injection 0wning Enterprise
n|u - The Open Security Community
 
PPTX
Web application penetration using SQLMAP.
asmitaanpat
 
PPT
Mysql
Rathan Raj
 
PPT
Php classes in mumbai
aadi Surve
 
PPT
Mysql ppt
Sanmuga Nathan
 
PDF
SQL Injection
Abhinav Nair
 
PDF
zLAMP
Abdul Jaleel Kavungal
 
PPT
Mysql
guest817344
 
PPTX
Database Systems and SQL
SabahtHussein
 
PDF
Sql injection manish file
yukta888
 
PDF
SULTHAN's PHP, MySQL & wordpress
SULTHAN BASHA
 
ODP
Sql installation
Balakumaran Arunachalam
 
PPT
Sql php-vibrant course-mumbai(1)
vibrantuser
 
PDF
Introduction to Apache Amaterasu (Incubating): CD Framework For Your Big Data...
DataWorks Summit
 
PDF
Practical Approach towards SQLi ppt
Ahamed Saleem
 
PPTX
Powering a Graph Data System with Scylla + JanusGraph
ScyllaDB
 
PPTX
Using Cassandra with your Web Application
supertom
 
DOC
Database Security Explained
wensheng wei
 
PPTX
IMC Summit 2016 Breakout - William Bain - Implementing Extensible Data Struct...
In-Memory Computing Summit
 
sqlmap- using -kali -linux by-22011556-105.pptx
NasirAli233814
 
Sql Injection 0wning Enterprise
n|u - The Open Security Community
 
Web application penetration using SQLMAP.
asmitaanpat
 
Mysql
Rathan Raj
 
Php classes in mumbai
aadi Surve
 
Mysql ppt
Sanmuga Nathan
 
SQL Injection
Abhinav Nair
 
zLAMP
Abdul Jaleel Kavungal
 
Mysql
guest817344
 
Database Systems and SQL
SabahtHussein
 
Sql injection manish file
yukta888
 
SULTHAN's PHP, MySQL & wordpress
SULTHAN BASHA
 
Sql installation
Balakumaran Arunachalam
 
Sql php-vibrant course-mumbai(1)
vibrantuser
 
Introduction to Apache Amaterasu (Incubating): CD Framework For Your Big Data...
DataWorks Summit
 
Practical Approach towards SQLi ppt
Ahamed Saleem
 
Powering a Graph Data System with Scylla + JanusGraph
ScyllaDB
 
Using Cassandra with your Web Application
supertom
 
Database Security Explained
wensheng wei
 
IMC Summit 2016 Breakout - William Bain - Implementing Extensible Data Struct...
In-Memory Computing Summit
 
Ad

Recently uploaded (20)

PDF
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PPTX
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
PDF
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
Origin of periodic table-Mendeleev’s Periodic-Modern Periodic table
Mithil Fal Desai
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
RMMM.pdf make it easy to upload and study
sajedul2
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
Institutional Correction lecture only . . .
limvtheghins
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
Origin of periodic table-Mendeleev’s Periodic-Modern Periodic table
Mithil Fal Desai
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 

Sqlmap

  • 2. CONTENT • INTRODUCTION • PENETRATION TESTING TOOL • SQL INJECTION • SQLMAP • FEATURES • SQLMAP ENUMERATION • STEPS • CONCLUSION • REFERENCES
  • 3. INTRODUCTION  Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering.  It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution based on Knoppix.
  • 4. The third core developer Raphaël Hertzog joined them as a Debian expert. Kali Linux is based on Debian Testing. Kali Linux was released on the 13th March, 2013 as a complete, top-to-bottom rebuild of BackTrack Linux, adhering completely to Debian development standards.
  • 5. PENETRATION TESTING TOOL Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit. The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization's security policy compliance, its employees' security awareness and the organization's ability to identify and respond to security incidents.
  • 6.  SQL injection is a code injection technique that might destroy your database.  SQL injection is one of the most common web hacking techniques.  SQL injection is the placement of malicious code in SQL statements, via web page input. SQL Injection
  • 7. sqlmap  sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out- of-band connections.  Sqlmap is developed in python.
  • 9. FEATURES  Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix database management systems.  Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.  Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
  • 10. Support to dump database tables entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry. Support to search for specific database names, specific tables across all databases or specific columns across all databases' tables
  • 11. Sqlmap ENUMERATION  DBMS Server hostname : --hostname  Dbms user the application is using: --current-user  Applications current DB: --current-db  If the current user is a DB: --is-dba  List the DBMS users: --users  List all DBMS users ,password hashes: --passwords  List all available databases: --dbs  List all tables or just for a specific database: --tables(-D <database name>)  List all columns or for a specific table from that database: --columns  Count table entries  Dump data from a database/table/column: --dump,--dump-all
  • 12. STEP S Step #1 Start sqlmap First, fire up Kali and go to Applications -> Database Assessment ->sqlmap, as shown in the screenshot below
  • 13. Step #2 Find a Vulnerable Web Site  In order to get "inside" the web site and, ultimately the database, we are looking for web sites that end in "php?id=xxx" where xxx represents some number. Those who are familiar with google hacks/dorks can do a search on google by entering:  inurl:index.php?id=  inurl:gallery.php?id=
  • 14. Step #3 Open sqlmap When you click on sqlmap, you will be greeted by a screen that below. Sqlmap is a powerful tool, written as a Python script (we will be doing Python tutorial soon) that has a multitude of options.
  • 15. Step #4 Determine the DBMS Behind the Web Site Before we begin hacking a web site, we need to gather We need to know what we are hacking. The start sqlmap on this task, we type: kali> sqlmap -u "the entire URL of the vulnerable web page“ or this case:
  • 16. For eg: kali> sqlmap -u "http://www.webscantest.com/datastore/ search_get_by_id.php?id=4"
  • 17.  When we do so, sqlmap will return results like that below. Notice where I highlighted that the web site backend is using MySQL 5.0
  • 18. Step #5 Find the Databases We take the command we used above and append it with --dbs, like this: kali > sqlmap -u "http://www.webscantest.com/datastore/ search_get_by_id.php?id=4" --dbs
  • 19. When we run this command against www.webscantest.com we get the results like
  • 20.  Notice that I have circled the two available databases, information schema and webscantest. Information schema is included in every MySQL installation and it includes information on all the objects in the MySQL instance, but not data of interest.  Although it can be beneficial to explore that database to find objects in all the databases in the instance, we will focus our attention on the other database here, webscantest, that may have some valuable information.
  • 21. Step #6 Get More Info from the Database So, now we know what the DBMS is (MySQL 5.0) and the name of a database of interest (webscantest). The next step is to try to determine the tables and columns in that database. In this way, we will have some idea what data is in the database, where it is and what type of data it contains (numeric or string). All of this information is critical and necessary to extracting the data. To do this, we need to make some small revisions to our sqlmap command. Everything else we have used above remains the same, but now we tell sqlmap we want to see the tables and columns from the webscantest database. We can append our command with --columns - D and the name of the database, webscantest such as this:
  • 22. When we do so, sqlmap will target the webscantest database and attempt to enumerate the tables and columns in this database. kali > sqlmap -u "http://www.webscantest.com/datastore/ search_get_by_id.php?id=4" -D webscantest --tables kali > sqlmap -u "http://www.webscantest.com/datastore/ search_get_by_id.php?id=4" -D webscantest -T accounts -- columns
  • 24. Step #6 Get More Info from the Tables kali > sqlmap -u "http://www.webscantest.com/datastore/ search_get_by_id.php?id=4" -D webscantest -T accounts –C uname,passwd --dump Display all the username and password. But the password is a hashed password. The password is encrypted and we need to decrypt it. To crack the password we need another kali tool that is hash_identifier to identify the type of hash.
  • 25. CONCLUSION  sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.  By using this tool we can find the vulnerable wbsites and access the database.
  • 26. REFERENCES • http://sqlmap.org/ • https://hackertarget.com/sqlmap-tutorial/ • https://www.binarytides.com/sqlmap-hacking-tutorial/  Youtube