sqlmap-database-pentesting

# SQLMap Database Penetration Testing ## Purpose Provide systematic methodologies for automated SQL injection detection and exploitation using SQLMap. This skill covers database enumeration, table and column discovery, data extraction, multiple target specification methods, and advanced exploitation techniques for MySQL, PostgreSQL, MSSQL, Oracle, and other database management systems. ## Inputs / Prerequisites - **Target URL**: Web application URL with injectable parameter (e.g., `?id=1`) - **SQLMap Installation**: Pre-installed on Kali Linux or downloaded from GitHub - **Verified Injection Point**: URL parameter confirmed or suspected to be SQL injectable - **Request File (Optional)**: Burp Suite captured HTTP request for POST-based injection - **Authorization**: Written permission for penetration testing activities ## Outputs / Deliverables - **Database Enumeration**: List of all databases on the target server - **Table Structure**: Complete table names within target database - **Column Mapping**: Column names and data types for each table - **Extracted Data**: Dumped records including usernames, passwords, and sensitive data - **Hash Values**: Password hashes for offline cracking - **Vulnerability Report**: Confirmation of SQL injection type and severity ## Core Workflow ### 1. Identify SQL Injection Vulnerability #### Manual Verification ```bash # Add single quote to break query http://target.com/page.php?id=1' # If error message appears, likely SQL injectable ...