Shulou(Shulou.com)06/01 Report--

0x00 SQLMAP Introduction

sqlmap is an open source testing tool that automatically detects and exploits SQL injection vulnerabilities and servers connected to the database. It has a very large detection engine, a sensor with multiple features, access to the underlying file system via database fingerprinting, and execution of commands via an external link.

Supported databases: MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite,Firebird, Sybase and SAP MaxDB

SQL injection techniques: error injection, time-based error injection, error injection, union injection

Enumerated data: users,password hasher,privileges,roles,databases,tables and columns

0x01 Sqlmap scan level (7 levels, default 1)

0. Show only python errors and serious messages

1. Basic information and warning information are displayed at the same time. (default)

2. Display debug information at the same time

3. Display the injected payload simultaneously

4. Display HTTP requests simultaneously

5. Display HTTP response header at the same time

6. Display HTTP response surface simultaneously

0x02 Target acquisition method

Parameters: -u or--url

eg:python sqlmap.py -u http(s)://targeturl[:port]/[...]

0x03 Get multiple target scans from text

Parameter: -m

The url format saved in the file is as follows, sqlmap will detect one by one

www.target1.com/vuln1.php? q=foobarwww.target2.com/vuln2.asp? id=1www.target3.com/vuln3/id/1*

0x04 Load HTTP request from file

Parameter: -r

sqlmap can fetch HTTP requests from a single text, which allows you to skip setting other parameters (such as cookies, POST data, etc.).

POST /vuln.php HTTP/1.1Host: www.target.comUser-Agent: Mozilla/4.0id=1

0x05 POST mode injection

Parameters: --data

This parameter is to submit the data in post mode, sqlmap will detect POST parameters as GET parameters.

eg:python sqlmap.py -u "http://www.target.com/vuln.php" --data="id=1"

0x06 Set timeout

Parameters: --timeout

You can set how long an HTTP (S) request exceeds to determine timeout, 10.5 means 10.5 seconds, default is 30 seconds.

0x07 Set retry timeout

Parameters: --retries

When HTTP (S) times out, you can set the number of connection retries, the default is 3 times

0x08 Test parameters

*

In pseudo-static injection testing, sqlmap cannot directly use test parameters, you can add * after the parameters you want to test parameters

eg:1.python sqlmap.py -u "http://targeturl/param1/value1*/param2/value2/"2.python sqlmap.py -u "http://targeturl/param1/value1/param2/value2/15*"

0x09 List the databases of the database system

Parameters: --dbs

All databases are listed when the current user has permission to read the table containing all database listing information.

0x10 List database tables

Parameters: --tables -D

Lists all tables for the specified database-D xxxx. If-D is not specified, all tables in all databases are enumerated.

0x11 List the fields in the library table

Parameters: --columns -T -D

Enumerates the specified database, specifying the fields in the table.

eg:python sqlmap.py -u "http://192.168.136.131/sqlmap/sqlite/get_int.php? id=1" --columns -D testdb -T users[...] Database: SQLite_masterdbTable: users[3 columns]+---------+---------+| Column | Type |+---------+---------+| id | INTEGER || name | TEXT || surname | TEXT |+---------+---------+

0x12 Get the number of data in the table

Parameters: --count

Enumerates the number of data in the specified database table.

eg:python sqlmap.py -u "http://192.168.21.129/sqlmap/mssql/iis/get_int.asp? id=1" --count -D testdb[...] Database: testdb+----------------+---------+| Table | Entries |+----------------+---------+| dbo.users | 4 || dbo.users_blob | 2 |+----------------+---------+

0x13 Gets data for the entire table or for a few fields.

--dump -D -T -C

List all fields of a table in a database

python sqlmap.py -u http://192.168.21.129/sqlmap/mssql/iis/get_int.asp? id=1 --dump -D testdb -T dbo.users

Enumerates data for a field of a table in a database.

python sqlmap.py -u http://192.168.21.129/sqlmap/mssql/iis/get_int.asp? id=1 --dump -D testdb -T dbo.users -C ID,NAME

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.