We all know that the most important step for network infiltration is to get the background database administrator password and user name, then how to get this user name and password? Need to use today's said Sqlmap, it not only applies to the intranet environment, the external network environment is also very popular, and in Kali Linux inside is particularly important, it is almost "barren", then I will briefly introduce the use of the next sqlmap.
First we get a station and test to see if there is any injection:
Here you can see that the station is injected with Boolean-based blinds, time-based blinds, and joint injection queries:
And it bursts out the OS type and the type of database:
Then see what database it has:
You can see that there are six databases:
Then continue querying the table fields of the security database:
You can see that there are four tables:
Next we step through the fields in the Users table:
You can see that three fields have been burst:
Finally, the username and password fields are exploded:
View results:
Login to the background to view the user name and password:
14 user names and passwords were burst;
Similarly, a field explosion is performed on the user's mailbox:
The above is to burst the mailbox.
Next want to server upload a word trojan file 1.php:
Maybe I wrote the remote path is wrong, so that did not upload to the server, then to my local look:
The following direct claim:
Indicate the remote path:
Or that, that's my dad. The remote path of the target server is not acquired, otherwise it can get the shell, get the shell and then create users by themselves and join the Administrators group, or directly use their own to discuss the Trojan horse to control the server.
Sqlmap use of SQL injection