Web Hacking
◾
367
Enumerating Databases
The first step would obviously be to enumerate all the databases present in the application. We will
use the following command from within sqlmap to do this:
./sqlmap.py –u http://172.20.10.4/sqli/?support=yes --dbs
Enumerating Tables
We
have now found five databases, of which three are default for mysql—“information_schema”,
“mysql”, and “performance_schema”—and two that the user created are “dvwa” and “test”. Let’s
try to extract all the tables present in the dvwa database. We will use the following command:
./sqlmap.py –u http://172.20.10.4/sqli/?support=yes –D dvwa --tables
The --tables instructs the sqlmap to extract all the tables from the dvwa database. We’ve man-
aged to find two tables in the dvwa database. Next, we would try to enumerate
the columns in the
table that we are interested in.
Enumerating the Columns
We found two tables, guestbook and users.
For obvious reasons, we are more interested in the
content of the “users” table. We will supply the following command to extract the columns
present
in the “users” table.
368
◾
Ethical Hacking and Penetration Testing Guide
Command
./sqlmap.py –u http://172.20.10.4/sqli/?support=yes –D dvwa –T
users
--columns
Extracting Data from the Columns
We found several columns in the “users” table. We will now ask sqlmap
to display information
present in the “users” column. For this purpose, we would use the following command:
Command
./sqlmap.py –u http://172.20.10.4/sqli/?support=yes –D dvwa –T users
--dump
The --dump would extract the data from all the columns present in the “users” table.
Dostları ilə paylaş: 
