sqlmap
Performed automated SQL Injection attacks.
Link
How I used it
SQLMap answers the SQL injection question fast: Is this parameter vulnerable? If yes, dump everything. It’s the lazy (and smart) way to exploit SQL injection without manually crafting payloads.
| Category | What I use | Why I chose it |
|---|---|---|
| Dump All | Dump everything using the all switch. | When I don't know what I'm looking for or just want everything fast. It might be lazy, but it is effective. |
| Database Dump | Dump database via SQL Injection. | Trying to dump the user table to get a user password hash, for cracking purposes. |
Proof
- THM GameZone - Dumping the database.
- HTB Love - Grab everything using the all option.
Commands I Use Most
Exploit with All Switch
┌──(kali㉿kali)-[~/Documents/htb/love] └─$ sqlmap -r request.txt --batch --level=1 --risk=3 -r request.txt --dbms=mysql -p voter --all
Dump the Database
┌──(kali㉿kali)-[~/Documents/thm/gamezone] └─$ sqlmap -r request.txt --dbms=mysql --dump
What I Learned the Hard Way
Choose the right parameter
Getting no results because I choose the wrong parameter to check. Ran it three time with the same results before I finally check the request.txt file to see my blunder. Fixed it and finally got my plunder! Always double-check your request.txt file.
Used the Wrong Level and Risk
After struggling to get the results that I want, I had to play with the risk and level switch and the results magically appeared. Wild, wild stuff.
When sqlmap Let Me Down
Sometimes, the SQL injection is so tricky that it just requires that edge of human ingenuity to craft the right payload.