SQL injection and database takeover tool- SQLMAP


Sqlmap is one of the most popular and powerful sql injection automation tool, also its an open source tool that detecting and exploiting SQL injection flaws and taking over of database servers. It automates SQL Injection discovery and exploitation processes.

SQLMAP Features

Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.

Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.

Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB and HSQLDB database management systems.

Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.

Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.

Support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry.

Support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns’ names contain string like name and pass.

Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.

Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.

Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice.

Support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command.




What is SQL Injection

SQL Injection is the manipulation of web based user input in order to gain direct access to a database or its functions. Read on through this SQL injection tutorial to understand how this popular attack vector is exploited.

The majority of modern web applications and sites use some form of dynamic content. This content can be in the form of articles, blog posts, comments, guest books, shopping carts, product lists, photo galleries, personal details, usernames, passwords the list goes on. Whether the web server is Apache on Linux or IIS on Windows, if its running a server side scripting language such as PHP, ASP, JSP, CFM it is likely there is a database in the background storing all this dynamic content.

SQL Injection involves bypassing the normal methods of accessing the database content and injecting SQL queries and statements directly to the database through the web application in order to steal, manipulate or delete the content. System access is even possible in many instances where the database is able to gain access to system resources, this can end up with entire system compromise and attackers in your network (not only stealing all your data).

Check more clarification.


You can download the latest tarball by clicking https://github.com/sqlmapproject/sqlmap/tarball/master or latest zipball by clicking  https://github.com/sqlmapproject/sqlmap/zipball/master.

Preferably, you can download sqlmap by cloning the https://github.com/sqlmapproject/sqlmap  repository:

git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev

sqlmap works out of the box with Pythonversion **2.6.x** and **2.7.x** on any platform.

cd /usr/local/src

wget 'https://github.com/sqlmapproject/sqlmap/tarball/master' --output-document=sqlmap.tar.gz

tar -zxvf sqlmap.tar.gz

cd sqlmap-d087565

python sqlmap.py --version

Thats all!!!

To get a list of basic options and switches use:

   python sqlmap.py -h

To get a list of all options and switches use:

   python sqlmap.py -hh

Using sqlmap for classic SQLi

python sqlmap.py -u ‘http://example.com/page.php?vulnparam=hello’

The target URL after the -u option includes a parameter vulnerable to SQLi (vulnparam). Sqlmap will run a series of tests and detect it very quickly. You can also explicitly tell sqlmap to only test specific parameters with the -p option. This is useful when the query contains various parameters, and you don’t want sqlmap to test everyting. You can use the –data option to pass any POST parameters.