While using SQLMap is not allowed on the OSCP exam, it is an ethical hacking standard and you should be very familiar with it. It is commonly used in interviews for junior penetration tester questions to weed out the wannabees.
Enjoy this tutorial, how to use SQLMap with DVWA. Why not see the video I made as part of the online ethical hacking course, Become An Ethical Hacker, titled “Use SQLMap To Hack DVWA Web App”? Be sure to LIKE and SUBSCRIBE to the channel!
Table of Contents
Here’s What You Need
- Kali Linux VM
- Metasploitable 2
- SQLMap see the Github repo
For this tutorial you will need Burp Suite setup or set it up before proceeding. By the way are you setting up Burp correctly? I made a guide for how to correctly setup Burp suite, take a look!
Install SQLMAP
The steps to install SQLMap are simple, according to the Github repo they are as following:
[kali@kali:/] $ git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-devNow to get help you can use the -h flag or -hh to show all the options.
[kali@kali:/sqlmap-dev] $ python sqlmap.py -h
[kali@kali:/sqlmap-dev] $ python sqlmap.py -hhNow to use SQLMap to attack the DVWA web app there are a few things to understand and strategize on how we will proceed from here.
There is one thing we need to be able to dump the databases on DVWA, and that is the session id or the security token from an authenticated user session. Additionally the security setting needs to be set to LOW on the DVWA app. Luckily this can be set as a part of the request header’s cookie fields.
Login To DVWA
Login to the DVWA app using the default credentials, admin:password. After you login to DVWA web app navigate to the SQL Injection tab on the left panel. This will open the vulnerable web page which is powered by a PHP script on the DVWA server.
Create The Request File In Burp Suite
You can proceed to do manual exploitation using the sqlmap tool or you can save this request and use it to automate some of the discovery and exploitation process. Once we hit submit on the app after putting in 1 to test the sql page input form, the request will look something like this in Burp Suite.
Save this to a file.
Use Request Files With SQLMAP
Now that we have the request saved as a file we can use it with SQLMap.
[kali@kali:~/sqlmap-dev $ ./sqlmap.py -r /home/kali/request –cookie=”PHPSESSID=769931ceced0c7d9b24c7aa8ef2b93c2; security=low” –-dump
Dump DVWA Database Using SQLMAP
kali@kali:~/sqlmap-dev$ ./sqlmap.py -u “http://192.168.1.85/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit” –cookie=”PHPSESSID=769931ceced0c7d9b24c7aa8ef2b93c2; security=low” –-dump
This will also dump the contents of the databases on the DVWA app server.
That is all there is to using SQLMap to hack DVWA, feel free to explore the many possibilities.
Want to learn more ethical hacking? I highly recommend buying my book made for beginners to Pentesting Become An Ethical Hacker. Check the price on Amazon.
