The already robust and ingenious Nmap tool has received a whole slew of new scanning scripts that can be used to do all sorts of naughty endeavors. Notably, the SQLi module, since it is a necessary evil that we must cover here at Null Byte. This major update is going to fuel today's lesson.
SQLi stands for Sever Query Language Injection. This is a fancy term for exploiting the program that manages and organizes some web databases. SQLi is a fairly old exploit, yet it is still somehow very prominent in today's world. When a web administrator accidentally (at least, I hope it was an accident) allows remote SQL, the server's information can be viewed and manipulated by passing the page with the broken script an SQL injection.
These infamous and easy hacks were used against Sony too many times to count, so they are still very much prominent.
- Linux or Mac OSX
Step 1 Install the Latest Nmap
Text in bold is a terminal command.
If you're on Mac, you need to make sure you have Apple developer tools installed when compiling the software.
- Download the latest Nmap with the scripts here.
- Extract the archive source.
- Configure and compile the program.
./configure && make
- Install the software.
sudo make isntall
You can also just extract and run the program binaries from within their respective folders (i.e. /nmap, /zenmap) and run them as their binary executables.
Step 2 Scanning for SQLi Vulns with Nmap
- Pick a website to scan (make sure you have consent, or that you do not plan to do anything illegal to the site).
- Ping it for its IP address.
ping -c 3 www.example.com
- Copy the IP address it spits back and save it for use later.
- Enter this script to scan the root of your choice webserver, spidering for SQLi vulnerabilities. Replace 127.0.0.1 with the IP of your chosen server.
nmap -T4 -A -v --script sql-injection 127.0.0.1
- Watch this video to get an understanding of how to scan within the GUI interface.
Be a Part of Null Byte!