What is SQLmap?
SQL-injection is one of the most common attack methods in Ethical hacking. Where Hackers inject code in the entry field of any website and if that site is vulnerable they can take advantage of it and retrieve all the data in the database.So to make our websites SQL injection proof we can test our website by performing the SQL-Injection on it but it can take a lot of time to learn about all the SQL codes and then test on our site. so to solve this problem we use SQLmap. SQLmap is a tool made in python and with the help of this tool, we can automate the task of checking SQL vulnerability on our website.
This is an Open Source project and you can check out it on GitHub @sqlmapproject.This is a really powerful tool and can cause you a lot of trouble if you miss use it.
NOTE: THIS POST IS ONLY FOR EDUCATIONAL PURPOSE. ME AND THIS SITE DOES NOT SUPPORT ANY CRIMINAL ACTIVITY. IF YOU ARE DOING ANY SORT OF MISUSE OF THIS INFORMATION THIS SITE IS NOT RESPONSIBLE FOR THAT. THIS SITE ONLY SUPPORT ETHICAL HACKING.
How to Install SQLmap in Termux?
To install SQLmap in termux you can copy-paste the below commands and it will be installed on your phone.
Step 1:
Before installing SQLmap in your termux you must update and upgrade to make sure all packages are up to date if you skip this command it can cause errors some time.
apt update && apt upgrade -y
This step will Update all the dependencies in the Termux app.
Step 2:
Now we need to install git in termux to download the SQLmap in termux from the GitHub repository and we also need to install python2 in termux because the SQLmap tool is written in python language.
pkg install git python python2 -y
This command will install Git and Python in your termux.
Step 3:
Now we will clone the actual SQLmap tool from the Github repository using the git command. The total size of this tool is 60MB and can take some time to install depending upon your downloading speed.
git clone https://github.com/sqlmapproject/sqlmap
Step 4:
Change directory to the sqlmap folder if you don't know about this command it's highly suggested that you read this post : [All Termux Basic commands].
cd sqlmap
Step 5:
All Set!!! You only need to type the below command to check if everything is perfectly working or not.
python2 sqlmap.py
Step 6:
Now if you see this Screen that means the tool is correctly installed and you can start using it. Below you can use the basic use of the SQLmap tool.
How to Use SQLmap in Termux?
SQLmap is a SQL injection tool and you can use it on any website where you have Authentication to Test it. For this tutorial post, I am showing practical on A Test Website and this website is specifically made for performing tests so you can use this site too.
Step 1:
After performing the above installation you will be in the SQLmap folder but if you are not in the folder you need to move in first then you can use the below command to check the database of the website.
python2 sqlmap.py -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs
In the above command, If you want you can change it to your site for testing purpose.
This command will show you a list of all the databases for the site.
Step 2:
Now Select a Database from the list where you think the important files will be and in the below command change the green part with your database name.
python2 sqlmap.py -u http://testphp.vulnweb.com/listproducts.php?cat= -D acuart --tables
This command will give you a list of tables in the database like this picture.
Step 3:
Now select any database, In my case, I am gonna try to find the ID and password from the database so I am selecting the users Table. so in this command, we are going to find out all the columns in the users folders🔥.
python2 sqlmap.py -u http://testphp.vulnweb.com/listproducts.php?cat= -D acuart -T users --columns
This command will give you all the columns in the Users table.
Step 4:
We are almost done, now we know the path of the files and we can just dump them, Here first i am gonna dump all the usernames from the database. Just type the below commands and it will dump the database but if you doing this on your website then make sure you change the variable part of the command(the green parts).
python2 sqlmap.py -u http://testphp.vulnweb.com/listproducts.php?cat= -D acuart -T users -C uname --dump
Now you will see the username table, In this website, there is only one username so you can see the username in the below pic.
Step 5:
We will use the same command to retrieve the passwords from the database.
python2 sqlmap.py -u http://testphp.vulnweb.com/listproducts.php?cat= -D acuart -T users -C pass --dump
Here you can see I got the password of the username in the below Picture.
Conclusion:
This is a really serious chapter in the world of hacking, I know I have only explained it only one website but you can subscribe to my youtube channel and FB Page and just DM me there and I will help you to understand these things more. Please use this tool cautiously and don't start doing SQLmaping on random sites. If you wanna read more post like this comment down below and i will write more of these posts. If you like this post you should check out : [Install Fsocity in Termux] Thanks for reading and as always Stay Ethical👾.
0 Comments