SQLite3

Let's suppose we have successfully managed to download a database:

We can see that there is an SQlite database in the current folder.

To access it we use: sqlite3 <database-name>:

From here we can see the tables in the database by using the .tables command:

At this point we can dump all of the data from the table, but we won't necessarily know what each column means unless we look at the table information. First let's use PRAGMA table_info(customers); to see the table information, then we'll use SELECT * FROM customers; to dump the information from the table:

We can see from the table information that there are four columns: custID, custName, creditCard and password. You may notice that this matches up with the results. Take the first row:

0|Joy Paulson|4916 9012 2231 7905|5f4dcc3b5aa765d61d8327deb882cf99

We have the custID (0), the custName (Joy Paulson), the creditCard (4916 9012 2231 7905) and a password hash (5f4dcc3b5aa765d61d8327deb882cf99).

PreviousSensitive Data Exposure NextXML External Entity

Last updated 4 years ago