Sqlmap using Notes

Sqlmap using Notes   Sqlmap Introduction

Official website: http://sqlmap.org

GitHub Address: Https://github.com/sqlmapproject/sqlmap

Instruction for use in English: http://www.91ri.org/6775.html

Sqlmap is an open-source penetration testing tool that can automatically detect and exploit SQL injection vulnerabilities and servers that access the database. It has a very powerful detection engine, a multi-feature penetration tester, access to the underlying file system via database fingerprint extraction, and execution of commands via a take-out connection.

Supported databases: MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, and SAP MaxDB

SQL injection Technology: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and Out-of-band

Enumeration data: Users, password hashes, privileges, roles, databases, tables and columns

...... Specific Reference website

  Sqlmap installation

The SQLMAP needs to be installed under the Linux system, which will be installed using Ubuntu14.04+sqlmap.

1. Prepare Ubuntu14.04, configure the network, install Python2.7.8
2. Download Sqlmap in two ways:

A) download directly at Https://github.com/sqlmapproject/sqlmap

b) using the GIT command:

git clone https://github.com/sqlmapproject/sqlmap.git Sqlmap-dev

3. Ensure Python installation is successful, run Python with version information

4. Run into the Xx/xx/sqlmap-dev folder at this point, run

Python sqlmap.py–h can get a basic parameter description

Python sqlmap.py–hh can get a detailed description of the parameters

Note that some features of Sqlmap require support from third-party libraries, and if certain parameter commands require the installation of a third party libraries, download the installation Yourself

  Sqlmap Use

Official address: click

The parameters of the Sqlmap are long, especially in the Help document under the-HH parameter.

1 . Information Display

- v can be set to 6 levels, to control the display of different information, generally choose 3 on the line

2 . Select Target

-D direct connection to the target database

-U connection destination URL address, commonly used, pay attention to the back of the id=*, no no no No

-M can connect multiple targets

-G through Google dork to select the target (what is Google dork?). is to search Google for the type of vulnerability you need to attack, to see the image, that is, Google search after the address obtained)

3 . Vulnerability Scanning

Enter the following command to exploit the URL (note that not all of them are vulnerable):

After the input program starts to run, the following diagram appears, indicating that Sqlmap began to exploit this URL.

From the results, you can get the server's operating system for Windows 2003 or XP

The type of database is Microsoft Access.

Enumeration:

-A Retrieve all content

--dbs Scan Database Information

--tables List all table information for the database

--columns List all field information in a database table

--CURRENT-DB list the current database name

--roles Enumerating Users

--dump-all column contents of all tables

--exclude-sysdbs Enumerating the table contents of a user database

--common-tables Violence crack Table

.... omitted here

Enter the command again:

, you can get the database name Microsoft_access_masterdb, where four tables are Company,news,products,userinfo

Try to enumerate the user names and enter the command:

。。。 Microsoft access is not allowed to make such enumerations.

Try enumerating the information for all tables, then enter the command:

So, look at the details in the Products table and enter the command:

When the result is a bit slow, the CTRL + C to the end, you can see some of the content, such as:

PS: Just simple introduction under the use of the basic operation, for security software testing, the author is also learning, to tell the truth no meaning, although very reluctant to do this thing, work no way

Sqlmap infiltration of abuses: infiltration of 126 network disks, SQL injection using Sqlmap

Sqlmap using Notes