https://techdoku.nogafam.es/ 2026-05-12T12:44:49+00:00 https://techdoku.nogafam.es/ https://techdoku.nogafam.es/lib/exe/fetch.php?media=wiki:dokuwiki.svg text/html 2020-02-08T21:16:57+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdoku.nogafam.es/doku.php?id=docu:csheet:ofsec:hack:sql:sqlserver&rev=1581196617&do=diff Gathering information about an SQL Server database Gather SQL Server data and valuable information once a sql-shell is obtained -- Add `FOR XML PATH('')` at the end of every query to get everything as 1 xml string. -- You can also use `FIELD + ', ' AS 'data()'` to get fields as string. text/html 2020-02-08T21:05:07+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdoku.nogafam.es/doku.php?id=docu:csheet:ofsec:hack:sql:testing&rev=1581195907&do=diff SQL Injection testing and exploiting with sqlmap Get, test, and exploit SQL injection vulnerabilities on a website. Using a OpenVPN tunnel and then tor is pretty recommended, although the timing-based attacks will mostly fail. # -u URL | the base url to use (with the http GET payload) # --dbs | fetch all databases once a viable technique found. # --tables | combined with -D DATABASE, fetch all tables from that database # --dump | dump the selected data (into …