Sqlmap😈: Leaking sensitive info🤫 on MySQL & WordPress Sites😉

Cybermorans🤗

Earlier, In part 1 👆 I showed you the SQL injection: most common method of hacking online databases and how to use it against a MySQL database ☠️ with Sqlmap 😏 In this post, we will look at how to extract the key data from that database, the ultimate goal?....data leaks!😈....think the source of data for wikileaks....panama leaks...BGFI bank leaks....cyprus papers...leaks are done by whistleblowers and activist hacker groups 🦹‍♂️

The first step was to do reconnaissance on the database using google dorks to find it and sqlmap to scan for the data we need 👇

1. 👉 database management system (DBMS)

2. 👉 database name

3. 👉 tables

4. 👉 name of the column whose data we seek

In the previous tutorial, we acquired all that info by scanning a website called www.webscantest.com.

You can go back 👈 to the previous article to see how we did it. Now though, we use that data we got during recon to exfiltrate sensitive info from the database😈

Morans, Lets do this..💪

Extracting Data 🚀

Now we have all the key information we need, it's time to extract that credit card information. Navigate to the help screen for sqlmap by entering 👇

sqlmap --help

see 👆, we need to use the --dump option in sqlmap along with the column and table name. Such as;

• --dump

• -C billing_CC_number

• -T orders

• -D webscantest

Put all that data together and see whether we can extract that credit card data from the database 👇

sqlmap -u "http://www.webscantest.com/datastore/search_get_by_id.php?id=4" --dump -C billing_CC_number -T orders -D webscantest

👆 sqlmap has extracted then dumped the data to my Kali system in a .csv format and saved it to 👇

 /root/.sqlmap/output/www.webscantest.com/dump/webscantest/orders.csv

Now, we have all the credit card data in a .csv file format that can be opened in Excel, a text editor or any spreadsheet program...lets go shopping😝

😈 You have successfully compromised a back-end database from a web application using SQL Injection techniques and, most of all, we were able to extract key data from the database☠️

If we need more data such as expiration dates or first name and last name, we can extract that data by simply replacing the credit card column name in our sqlmap command with the appropriate column name👽 (e.g. billing_firstname) in the table🧐

Conclusion 🤖

Subscribe to receive notifications of similar posts 😜 where we will be reverse engineering malware and the technical aspect of vulnerabilities as well as how an attacker may use this vulnerability as an attack vector and other Infosec stuff...😋

Morans,

Thank you for your time, Like and leave a comment/review and as always, stay awesome! 😋👊 💪