Posts

Showing posts from January, 2013

Telling sqlmap to Try Harder

When I first started learning about penetration testing sqlmap quickly became one of my favorite tools. For those who haven’t used it, sqlmap is a command line tool which automates the detection and exploitation of SQL injection flaws. I started by feeding sqlmap  URLs which contains a variable in the URL. The command for a URL like this is: ./sqlmap.py -u "http://172.16.222.100/gallery/gallery.php?id=null" Once the command is run sqlmap will automatically try a variety of SQL injection techniques to find vulnerabilities.  If it finds a vulnerability it will ask you if it can stop, once you say yes then you can rerun sqlmap with a variety of different options which can do everything from attempting to use the injection vulnerability to give you a shell to using the vulnerability to dump all of the information from the database. If you’re dumping a database and sqlmap recognizes encrypted password hashes it will even ask you if you’d like it to try to crack the password. After