Hacking Tool: sqlmap
Database takeover tool

sqlmap is a CLI tool for automated discovery of SQL injection vulnerabilities in web applications.

What

sqlmapproject/sqlmap: Automatic SQL injection and database takeover tool

Category:

security

Tags:

hackingtutorial

Share this article on:

It has some… interesting features:

sqlmap -u 'url' --dump

Flags used:

Other interesting flags:

-f: Perform an extensive DBMS version fingerprint
--wizard: Simple wizard interface for beginner users
-v VERBOSE: Verbosity level: 0-6 (default 1)
--sql-query=QUERY: SQL statement to be executed
--sql-shell: Prompt for an interactive SQL shell
--search: Search column(s), table(s) and/or database name(s)
--technique=TECH: SQL injection techniques to use (default “BEUSTQ”)
- B: boolean-based blind (Add OR SQL. ex: OR 1=1 to get all rows)
- E: error-based (force an error with interesting error message, ex: cur_db() as numeric)
- U: UNION query-based (Start with UNION and add an extra query)
- S: stacked queries (Use ; and add a whole new query. End with -- so the rest of the query is commented out)
- T: time-based blind (if error messages are not displayed, use time to get a true/false answer IF(version()=5.3, sleep(5), 'false'))
- Q: inline queries (Inject subqueries)
--udf-inject: Inject custom user-defined functions
Operation System
- --reg-read: Read a Windows registry key value (also --reg-add & --reg-del)
- --os-cmd=OSCMD: Execute an operating system command
- --os-shell: Prompt for an interactive operating system shell

docker run --rm paoloo/sqlmap --help

mkdir sqlmap-data
docker run --rm -it -v ./sqlmap-data:/root/.sqlmap/ paoloo/sqlmap --url "url" --dump

During itenium’s Security Bootcamp sqlmap can be used to retrieve a flag hidden in a database by attacking a vulnerable web page.