SQLMAP – How to hack a Website’s SQL tables on Windows
SQL injection allows us to remotely pull down all the tables, login usernames and admin accounts for a website. The most powerful tool for SQL injection is SQLMAP, which we can use on Windows and KALI.
Test all your websites with SQLMAP to ensure that they are not vulnerable. It is simply essential that you test all your websites using this tool.
Step 1 – Download Python for Windows
Step 2 – Download SQLMAP for Windows
Install to C:/SQLMAP
Step 3 – Find a vulnerable website
Use Google. Search for the term
Browse to the website and then put a single dash at the end of the url.
so it reads php?=id1′
If you get an error the website is vulnerable. Part of EU data protection could include a test or attack against the SQL databases.
Step 4 – Run SQLMAP Wizard on Windows
Open a cmd prompt.
look for a second sqlmap-project-sqlmap-xxxx directory.
here you’ll see sqlmap.py listed… this is python scrip to be run.
Select Target Website – including the id=1
Select Injection Difficulty (default)
Go for defaults to start off with.
Select Enumeration level
Full enumeration of the database would be level 3- as shown
Step 5 – ATTACK CODES
SQLMAP will report the OS used first – regardless of what attack code is used.
How do we extract all databases?
Look for how many databases there are, and how many tables!!
How do we extract Tables?
http://www.website.com/page.php?id=1 –D www – tables
Did you see all the TABLES on the website list out?
Look for likely targets… eg Login, username or password table.
Here we find 11 tables.
Now that we can read the tables, we can start to dump the data out.
How do we get usernames?
http://www.website.com/page.php?id=1 –D www -T uk_cms_gb_login -C username –dump
Look for “admin”
How to get all the Login details?
http://www.website.com/page.php?id=1 –D www -T uk_cms_gb_login –columns
This should display columns with items such as Cookie, ID, IP, Password, Username.
Step 6 – Get Passwords (of Admin)
http://www.website.com/page.php?id=1 –D www -T uk_cms_gb_login -C password –dump
SQLMAP should be used against all your websites.
The last thing you want is someone to steal your entire database.
Further SQL queries