Penetration Testing Step by Step: Database Enumeration

Database Enumeration

Enumeration With SQLmap

SQLmap is noisy as hell.

Here is the official options/examples page: For example, save a captured header as an input file for SQLmap:

Load HTTP request from a file

Option: -r

One of the possibilities of sqlmap is loading of raw HTTP request from a textual file. That way you can skip usage of a number of other options (e.g. setting of cookies, POSTed data, etc).

Sample content of a HTTP request file:

POST /vuln.php HTTP/1.1
User-Agent: Mozilla/4.0


Note that if the request is over HTTPS, you can use this in conjunction with switch --force-ssl to force SSL connection to 443/tcp. Alternatively, you can append :443 to the end of the Host header value.

For a simpler example see this tutorial:

Find a page with a form you can attack, preferably using GET strings. This should let you enumerate databases:

./ -u

Now list tables:

./ -u --tables



Leave a Reply