Penetration Test NOTES: Testing an Access database with Sqlmap

Source: Internet
Author: User
Tags ibm db2 md5 md5 encryption microsoft sql server postgresql connection reset

Sqlmap is an open source automated SQL injection tool written by Python with the following features:

    • Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, A variety of database management systems such as HSQLDB and Informix.
    • Full support for Boolean blind, time-type blind, error-based injection, joint query injection, and heap query injection.
    • Supports direct connection to a database without a SQL injection point, such as database certificates, IP addresses, ports, and database names, if such conditions permit.
    • Supports enumeration of users, passwords, hashes, permissions, roles, databases, data tables, and columns.
    • Supports automatic identification of password hashed format and decoding password hashes through a dictionary.
    • Support for completely downloading a table in a database, or downloading only a few columns from a table, or even downloading only some of the data in a column, depends entirely on the user's choice.
    • Support for searching the database management system for the specified database name, table name, or column name
    • Support for downloading or uploading files when the database management system is MySQL, PostgreSQL, or Microsoft SQL Server.
    • Support execution of arbitrary commands and return to standard output when the database management system is MySQL, PostgreSQL, or Microsoft SQL Server

When wandering around the Internet, find the homepage of a company in Inner Mongolia, click the News option to find the URL as shown:

Enter the classic and1=1 test, the page does not change

Then and1=2 test, the page shows blank

There is a suspicion of injection points. Drop to Sqlmap test, results show there is injection, background database access, Web site using JSP

Then look at the table, enter the--tables option, and continue the test

Prompt does not retrieve table, whether to test with default table (of course), y default carriage return

Then use your own table name to enter, and then type the thread. Enter 5 here

May be too fast, there is a connection is reset error, regardless of it, not a moment to slow down a bit

A bunch of error messages, wait a while, the results come out

Next look at the admin table what, 5 threads too fast, this time 3, continue to explode

There are no known security devices or server performance issues, and 3 threads still have a connection reset.

Burst 4 Columns with the following:

Now, let's see what's in these columns.

After a long wait, the data burst.

You can see that the password is encrypted, 32-bit, should be MD5 encryption, the MD5 decryption site to try luck, and then go to the next backstage or other way to continue the intrusion. No discussion is going on here.

Penetration Test NOTES: Testing an Access database using Sqlmap

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.