SQLMAP is a automated SQL injection tool which does most of the work for you. If you don’t know what SQL injection is head over here: https://en.wikipedia.org/wiki/SQL_injection
Using SQLMAP, you can “hack” many databases in very short time. In the next post, i will show you how to dump database tables and credentials from a vulnerable database and explore.
Even if the passwords are stored using hashing functions ( https://en.wikipedia.org/wiki/Hash_function ), you can crack these hashes using online tools.
Here is the complete video guide for installation:
How to install SQLMAP in Ubuntu / any Linux distribution:
Step 1: Go to official site here http://sqlmap.org/ and under Download, click download zip ball.
Step 2: Now extract this zip and name it as sqlmap.
Step 3: Now move this folder to someother folder or you can skip to next step. But to prevent accidental deletion, move this folder to /opt folder.
sudo mv /home/kishorer747/Downloads/sqlmap/ /opt/
Now your sqlmap is located at /opt/sqlmap/
Step 4: Add sqlmap.py to SYSTEM PATH so that you can use it from anywhere.
Using following command open /home/kishorer747/.bashrc file ( also same as ~/.bashrc ) and paste the two lines in the end.
Add these lines:
#sqlmap path export SQLMAP_HOME=’/opt/sqlmap’ export PATH=$PATH:$SQLMAP_HOME
Step 5: Now that we have added SQLMAP home folder to system path, we can use it from any directory. In your terminal type see if it properly setup.
In later posts, I will show you how easily you can use this tool to exploit vulnerable databases.