Sqlmap using Notes
Sqlmap
Introduction
Official website: http://sqlmap.org
GitHub Address: Https://github.com/sqlmapproject/sqlmap
Instruction for use in English: http://www.91ri.org/6775.html
Sqlmap is an open-source penetration testing tool that can automatically detect and exploit SQL injection vulnerabilities and servers that access the database. It has a very powerful detection engine, a multi-feature penetration tester, access to the underlying file system via database fingerprint extraction, and execution of commands via a take-out connection.
Supported databases: MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, and SAP MaxDB
SQL injection Technology: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and Out-of-band
Enumeration data: Users, password hashes, privileges, roles, databases, tables and columns
...... Specific Reference website
Sqlmap
installation
The SQLMAP needs to be installed under the Linux system, which will be installed using Ubuntu14.04+sqlmap.
- Prepare Ubuntu14.04, configure the network, install Python2.7.8
- Download Sqlmap in two ways:
A) download directly at Https://github.com/sqlmapproject/sqlmap
b) using the GIT command:
git clone https://github.com/sqlmapproject/sqlmap.git Sqlmap-dev
3. Ensure Python installation is successful, run Python with version information
4. Run into the Xx/xx/sqlmap-dev folder at this point, run
Python sqlmap.py–h can get a basic parameter description
Python sqlmap.py–hh can get a detailed description of the parameters
Note that some features of Sqlmap require support from third-party libraries, and if certain parameter commands require the installation of a third party libraries, download the installation Yourself
Sqlmap
Use
Official address: click
The parameters of the Sqlmap are long, especially in the Help document under the-HH parameter.
1 . Information Display
- v can be set to 6 levels, to control the display of different information, generally choose 3 on the line
2 . Select Target
-D direct connection to the target database
-U connection destination URL address, commonly used, pay attention to the back of the id=*, no no no No
-M can connect multiple targets
-G through Google dork to select the target (what is Google dork?). is to search Google for the type of vulnerability you need to attack, to see the image, that is, Google search after the address obtained)
3 . Vulnerability Scanning
Enter the following command to exploit the URL (note that not all of them are vulnerable):
After the input program starts to run, the following diagram appears, indicating that Sqlmap began to exploit this URL.
From the results, you can get the server's operating system for Windows 2003 or XP
The type of database is Microsoft Access.
Enumeration:
-A Retrieve all content
--dbs Scan Database Information
--tables List all table information for the database
--columns List all field information in a database table
--CURRENT-DB list the current database name
--roles Enumerating Users
--dump-all column contents of all tables
--exclude-sysdbs Enumerating the table contents of a user database
--common-tables Violence crack Table
.... omitted here
Enter the command again:
, you can get the database name Microsoft_access_masterdb, where four tables are Company,news,products,userinfo
Try to enumerate the user names and enter the command:
。。。 Microsoft access is not allowed to make such enumerations.
Try enumerating the information for all tables, then enter the command:
So, look at the details in the Products table and enter the command:
When the result is a bit slow, the CTRL + C to the end, you can see some of the content, such as:
PS: Just simple introduction under the use of the basic operation, for security software testing, the author is also learning, to tell the truth no meaning, although very reluctant to do this thing, work no way
Sqlmap infiltration of abuses: infiltration of 126 network disks, SQL injection using Sqlmap
Sqlmap using Notes