切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
269 SQLMAP 1[复制链接]
发表于 2012-9-12 00:35:25 | 显示全部楼层 |!read_mode!
获得代码
  1. root@Dis9Team:/# cd /pen/
  2. root@Dis9Team:/pen# mkdir sql
  3. root@Dis9Team:/pen# cd sql/
  4. root@Dis9Team:/pen/sql# git clone https://github.com/sqlmapproject/sqlmap.git sqlmap
  5. Cloning into sqlmap...
复制代码
PATH设定
  1. root@Dis9Team:/pen/sql# nano /root/.bashrc
复制代码

添加:

alias sqlmap=’python /pen/sql/sqlmap/sqlmap.py’
生效

  1. root@Dis9Team:/pen/sql# source /root/.bashrc
复制代码
帮助选项
  1. root@Dis9Team:/pen/sql# sqlmap -h

  2.     sqlmap/1.0-dev-dbce417 - automatic SQL injection and database takeover tool

  3. http://sqlmap.org

  4. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

  5. [*] starting at 23:05:25

  6. Usage: python /pen/sql/sqlmap/sqlmap.py [options]

  7. Options:
  8.   -h, --help            Show basic help message and exit
  9.   -hh                   Show advanced help message and exit
  10.   -v VERBOSE            Verbosity level: 0-6 (default 1)

  11.   Target:
  12.     At least one of these options has to be specified to set the source to
  13.     get target urls from

  14.     -u URL, --url=URL   Target url
  15.     -g GOOGLEDORK       Process Google dork results as target urls

  16.   Request:
  17.     These options can be used to specify how to connect to the target url

  18.     --data=DATA         Data string to be sent through POST
  19.     --cookie=COOKIE     HTTP Cookie header
  20.     --random-agent      Use randomly selected HTTP User-Agent header
  21.     --proxy=PROXY       Use a HTTP proxy to connect to the target url

  22.   Injection:
  23.     These options can be used to specify which parameters to test for,
  24.     provide custom injection payloads and optional tampering scripts

  25.     -p TESTPARAMETER    Testable parameter(s)
  26.     --dbms=DBMS         Force back-end DBMS to this value

  27.   Detection:
  28.     These options can be used to specify how to parse and compare page
  29.     content from HTTP responses when using blind SQL injection technique

  30.     --level=LEVEL       Level of tests to perform (1-5, default 1)
  31.     --risk=RISK         Risk of tests to perform (0-3, default 1)

  32.   Techniques:
  33.     These options can be used to tweak testing of specific SQL injection
  34.     techniques

  35.     --technique=TECH    SQL injection techniques to test for (default "BEUST")

  36.   Enumeration:
  37.     These options can be used to enumerate the back-end database
  38.     management system information, structure and data contained in the
  39.     tables. Moreover you can run your own SQL statements

  40.     -b, --banner        Retrieve DBMS banner
  41.     --current-user      Retrieve DBMS current user
  42.     --current-db        Retrieve DBMS current database
  43.     --passwords         Enumerate DBMS users password hashes
  44.     --tables            Enumerate DBMS database tables
  45.     --columns           Enumerate DBMS database table columns
  46.     --schema            Enumerate DBMS schema
  47.     --dump              Dump DBMS database table entries
  48.     --dump-all          Dump all DBMS databases tables entries
  49.     -D DB               DBMS database to enumerate
  50.     -T TBL              DBMS database table to enumerate
  51.     -C COL              DBMS database table column to enumerate

  52.   Operating system access:
  53.     These options can be used to access the back-end database management
  54.     system underlying operating system

  55.     --os-shell          Prompt for an interactive operating system shell
  56.     --os-pwn            Prompt for an out-of-band shell, meterpreter or VNC

  57.   General:
  58.     These options can be used to set some general working parameters

  59.     --batch             Never ask for user input, use the default behaviour
  60.     --check-tor         Check to see if Tor is used properly
  61.     --flush-session     Flush session files for current target
  62.     --tor               Use Tor anonymity network

  63.   Miscellaneous:
  64.     --wizard            Simple wizard interface for beginner users

  65. [!] to see full list of options run with '-hh'

  66. [*] shutting down at 23:05:25

  67. root@Dis9Team:/pen/sql#
复制代码
结构
  1. root@Dis9Team:/pen/sql/sqlmap# ls -la
  2. total 96
  3. drwxr-xr-x 14 root root 4096 2012-09-04 23:05 .
  4. drwxr-xr-x 3 root root 4096 2012-09-04 22:55 ..
  5. drwxr-xr-x 2 root root 4096 2012-09-04 22:58 doc #帮助文档
  6. drwxr-xr-x 11 root root 4096 2012-09-04 23:05 extra
  7. drwxr-xr-x 8 root root 4096 2012-09-04 22:58 .git
  8. -rw-r–r– 1 root root 34 2012-09-04 22:58 .gitignore
  9. drwxr-xr-x 9 root root 4096 2012-09-04 23:05 lib
  10. drwxr-xr-x 4 root root 4096 2012-09-04 23:05 plugins
  11. drwxr-xr-x 6 root root 4096 2012-09-04 22:58 procs
  12. -rw-r–r– 1 root root 1353 2012-09-04 22:58 README.md
  13. drwxr-xr-x 2 root root 4096 2012-09-04 22:58 shell # WEBSHELL 默认上传的SHELL
  14. -rw-r–r– 1 root root 17770 2012-09-04 22:58 sqlmap.conf #配置
  15. -rwxr-xr-x 1 root root 3296 2012-09-04 22:58 _sqlmap.py
  16. -rwxr-xr-x 1 root root 593 2012-09-04 22:58 sqlmap.py
  17. -rw-r–r– 1 root root 3461 2012-09-04 23:05 _sqlmap.pyc
  18. drwxr-xr-x 2 root root 4096 2012-09-04 22:58 tamper #自定义脚本
  19. drwxr-xr-x 20 root root 4096 2012-09-04 23:05 thirdparty
  20. drwxr-xr-x 2 root root 4096 2012-09-04 22:58 txt # 字典
  21. drwxr-xr-x 4 root root 4096 2012-09-04 22:58 udf # 一些数据库组件
  22. drwxr-xr-x 3 root root 4096 2012-09-04 22:58 xml
  23. root@Dis9Team:/pen/sql/sqlmap#
复制代码





操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-9-21 08:03

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部