SQLMAP – Authenticate via NTLM under Windows

Top 19 Statistics About Cybercrime in 2019

Sqlmap is a powerful open-source tool for automating the process of detecting and exploiting SQL injection flaws. It comes preinstalled in Linux distributions like Kali Linux or BackBox.

Some features include:

  • Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
  • Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band.
  • Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port, and database name.
  • Support to enumerate users, password hashes, privileges, roles, databases, tables, and columns.
  • Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
  • Support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry.

And many other features like fingerprint, enumeration, and takeover.

Sqlmap installation under Windows

 To run sqlmap under Windows with NTLM authentication, we need to install python-ntlm first.

sqlmap requires python-ntlm

sqlmap requires python-ntlm

  1. Install Python 2.7.17 – https://www.python.org/downloads/release/python-2717/
  2. Download sqlmap – https://github.com/sqlmapproject/sqlmap/zipball/master
  3. Install setuptools, download https://bootstrap.pypa.io/ez_setup.py
    python ez_setup.py
Setuptools installation

Setuptools installation


4. Download and extract python-ntlm from https://github.com/mullender/python-ntlm

cd python-ntlm-master\python26
python setup.py install

Download and extract python-ntlm

5. Run sqlmap:

python sqlmap.py -u https://URL –auth-type NTLM –auth-cred “Domain\Username:Password”




To get a list of basic options and switches use: sqlmap -h. To get a list of all options and switches use: sqlmap -hh.

To get an overview of sqlmap capabilities, we recommend reading the user’s manual (https://github.com/sqlmapproject/sqlmap/wiki).


Get in Touch With A LIFARS Expert Today!