SQLMap obtain objective information

SQLMap not yet installed, you can see here: https://blog.csdn.net/weixin_45254208/article/details/104697014

1.sqlmap database connection

Service database MySQL, Oracle

python sqlmap.py -d "mysql://用户名:密码@地址:端口/数据库名" -f --banner --dbs --users

-f　　　　   演示广泛的DBMS版本指纹
--dbs　　      枚举DBMS数据库
--users          枚举DBMS用户
-b,--banner         检索DBMS的banner信息

Here Insert Picture Description

See more sqlmap command https://www.cnblogs.com/insane-Mr-Li/p/11272188.html

File database SQLite
slightly ......

2.sqlmap target url

使用命令-u,--url

python sqlmap.py -u "http://127.0.0.1/sqli-labs-master/Less-1/?id=1" --banner

Here Insert Picture Description

3.sqlmap read different file types SQL injection

Read from the multi-line text format files, a plurality of targets, a plurality of target detection, the parameter is -m

First create a desktop target.txt file, the file contains multiple url, I am here to write only two
Here Insert Picture Description

can then be probed

python sqlmap.py -m "文件路径" --banner

Here Insert Picture Description Enter Y selected by default

the first probe url finished, press ENTER to continue detecting the second url

The HTTP request is stored in a file, the parameters -r

After first enter into the Network http://127.0.0.1/sqli-labs-master/Less-1/,F12, then refresh, click the Less-1 /
Here Insert Picture Description
scroll down to find Requeat Headers, and then click view source

will request the following information copy down, or stored in target.txt in (a text file for testing purposes only, random file name)

will be replaced by -r parameter on the line

python sqlmap.py -r "文件路径" --banner

Here Insert Picture Description
The results error, the error message: does not contain a usable HTTP request ( HTTP request does not contain available), after examination, I found no target url parameters, did not interact with the database will not detect sqlmap.

Then add parameters Repeat the previous operation to save the content to view source in target.txt
Here Insert Picture Description

Enter the command again to probe a success

Target detection read from the configuration file sqlmap.conf, the parameter is -c

Read my installation tutorial to know my sqlmap file is placed python2 below (nonsense), I heard that now is not dependent sqlmap python2, and there python3 is OK, but I did not go to explore
Here Insert Picture Description
the following command, direct detection start will complain

python sqlmap.py -c sqlmap.conf

Here Insert Picture Description
After the need to open the file can modify parameters and save the

try after modification

ojbk

hangY0.0

Published 25 original articles · won praise 3 · Views 593

Private letter concerns

SQLMap obtain objective information

Guess you like