Table of Contents
What SQLMap Command Lists All Database Users Automatically?
Learn how SQLMap’s –users option automates the enumeration of database user accounts. Understand how this function identifies usernames across supported DBMS types during penetration testing to enhance SQL injection exploitation.
Question
Which sqlmap option allows automatic enumeration of database users?
A. –file-read
B. –dump
C. –users
D. –os-shell
Answer
C. –users
Explanation
The –users flag lists database users.
The –users option in SQLMap is used to automatically enumerate all database user accounts from the target’s backend DBMS once a successful SQL injection point is identified. When executed, SQLMap queries the database’s system tables or metadata (depending on the DBMS type) to extract the list of database usernames. This feature helps penetration testers assess privilege levels and identify potential accounts for privilege escalation or lateral movement.
For example:
sqlmap -u "http://target.com/vuln.php?id=5" --users
This command retrieves a list of all valid DBMS user accounts, such as root, admin, or readonly.
The other options serve different purposes:
A. –file-read: Reads files from the server’s filesystem using SQL injection.
B. –dump: Extracts and displays the contents of database tables.
D. –os-shell: Opens an interactive operating system shell on the target, enabling direct command execution.
Ethical Hacking with Metasploit, SQL & Crypto certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Ethical Hacking with Metasploit, SQL & Crypto exam and earn Ethical Hacking with Metasploit, SQL & Crypto certificate.