SQL INJECTION (V): AUTOMATION WITH SQLMAP
- Layout for this exercise:
1 - SQLMAP
- SQLMAP is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers:
http://sqlmap.org/
- It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
- Option -u provides the URL target:
- Option --cookie specifies a cookie for connecting to the target:
- By default, let's use 1 for level and risks of the test:
- Enumeration is an ongoing process that can be run over databases, tables, columns, users, schemas, passwords, etc ...:
2 - Preparing the attack environment
- For this exercise let's use the vulnerable DVWA web application over XAMPP web server running on a Windows 10 machine.
- Taking the SQL Injection as vulnerability:
- Configuring the proxy:
- Using Burp to intercept the submission of the User ID=1:
- These two lines will be useful later, when launching the attack:
3 - Launching the attack
- Enumerating the databases with paramenter --dbs:
- Enumerating tables (--tables) at database dvwa (-D):
- Enumerating columns (--columns):
- Enumerating users, user identifiers and passwords, and giving default answers:
- The INFO notification indicates the file where the output is dumped:
