iOpenV

SQLmap Tutorial

1, Sqlmap direct database: - d

Service oriented database (with knowledge of database username and password):
DBMS://USER: PASSWORD @DBMS_IP: DBMS_PORT/DATABASE NAME
File type database (assuming the absolute path of the database is known): DBMS://DATABASE_FIL EPATH (SQL ite, Microsoft Access, Firebird, etc.).

For example: Python sqlmap.py - d" myspl://admin: Admin; 192 168 21.17:3306/testdb "- f banner -- dbs -- users".

Banner: You can access information such as software developers, software names, versions, service types, etc. Through this information, you can use certain tools and directly use the corresponding EXP to attack
- user: Obtain user root privileges.

2, URL detection

Sqlmap directly detects single URL with parameters of - u or - URL
URL format: http (s)://targetURL [: port...]/file name
For example: Python sqlmap.py - u http://wwtarget.com/vuln.php?id= ";" 1"- Banner.

III. File Reading

Sqlmap supports reading targets from different types of files for Sq | injection detection

1. - I Read HTTP request log files from Burpsuite proxy or WebScarab proxy

In the preliminary work, use Burpsuite to capture packets, and then place the captured HTTP files in the file log. The following steps: .

1. Create a file (this step can also be created in Bursuite)
2.
3.

4

5 Check the SQL injection section:
Copy the test.txt file to the sqlmap file

Python sqlmap.py - l test.txt
Keep going, yes

2. - x reads target detection from the sitemap XML site map file

3. - m reads multiple targets from a multi line text format file and detects multiple targets

The meaning is that there are multiple URL addresses in a notebook, and to detect multiple URLs.

4. - r reads HTTP requests from a text file as the target for SQL injection detection

Injection of HTTP message headers: reference/cookie
Python sqlmap.py - r test.txt .

5. - c Read the target probe from the configuration file sqlmap.conf

Enter the target address to be explored in sqlmap.conf under the sqlmap file, and then execute
from the command line Python sqlmap.py - c sqlmap.conf.

4, Google batch scan injection - g (not recommended)

Python sqlmap.py - g "inurl:" PHP? ID= 1
Inurl: Unified Resource Locator (Extension: Common search key instructions: int itle, site, domain).

Related articles

Latest articles

Hot tags:

java python linux javascript using error android vue.js solution mysql data vue file c++ windows installation configuration c ubuntu method implementation between spring function project spring-boot server system sql database issue c# springboot html docker oracle idea environment command version methods image process resolve uses network excel failed time display