What is the following command used for sqlmap py
|
Show Some usefull sqlmap command for testing SQL injection vulnerability. 1.Analyzing the current user is dba Tags: sqlmap commandssqlmap tutorial Hi All, In my previous arctice i have described SQL Injection Exploitation using SQLmap In this article we will see what are the different ways by which we can execute sqlmap tool.
For more information about different commands of sqlmap click here Process 1:- For demonstration purpose i will be using bWAPP on my localhost, i will use the same setup which i have shown you in my previous article URL:- http://localhost/bWAPP/sqli_1.php?title=%27&action=search So lets start how we can execute sqlmap by capturing the entire request. Step 1: Capture the request in proxy like burp as shown below  Fig 2: Capturing the request which contains vulnerable parameter Step 2 :Copy the request and save it in the folder where you have installed your sqlmap Fig 3: Copying the request which contains vulnerable parameter Step 3: Copy + Paste it in the folder where you have installed the sqlmap. In my case i have installed sqlmap on below directory:- So i will create one text file and will save the request say sqlmap_text.txt Fig 4: Creating text file on sqlmap folder Step 4:- Press Ctrl +Shift + Right Click(mouse) to open command prompt Fig 5: Opening cmd on sqlmap location Fig 6: command prompt at sqlmap folder location Step 5:- Now its time to execute sqlmap. The command will be as below sqlmap.py -r text_file_name -p vulnerable_parameter --level=3 --risk=3 Where, Target:- -r = REQUESTFILE Load HTTP request from a file Injection:- -p = TESTPARAMETER Testable parameter(s) Detection:- --level = LEVEL Level of tests to perform (1-5, default 1) --risk=RISK Risk of tests to perform (0-3, default 1) To know more about the different sqlmap command in command prompt type sqlmap.py --help So the final command will be sqlmap.py -r sqlmap_test.txt -p title --level=3 --risk=3 Fig 7: sqlmap command Fig 8: sqlmap output showing database name And like wise you can fetch information like Database Users Tables in Database Colums from the user table Database dump Process 2:- What if you are testing application which has NTLM authentication, to know more about how to set NTLM authentication click here. So if you want to set traffic to pass from your localhost set the command as follow sqlmap.py --proxy=http://127.0.0.1:8080 -r text_file_name -p vulnerable_parameter --level=3 --risk=3 Where, Request:- --proxy=PROXY Use a proxy to connect to the target URL Now your SQLMap will attack on your web application through Burp suite which is already taking care of NTLM Authentication. Process 3:- If you are testing application in client environment where Then it might be possible that cipher suit compatibility issue with application/web server so in that case you might not get proper output in your sqlmap GUI also you will not get any response in your burpsuit history as traffic you are routing is through burp proxy. Below error you will encounter 1- In Burp response you will get error like OR 2- In sqlmap you will receive error like below or So in that case follow below step to solve this issue :- 1 - Set up burp suite as follow By doing above setting at burp level now your sqlmap can easily handle each request. Soon i will be updating many other techniques of using sqlmap. Stay tuned :) Thanks you. What is the following command used for SQLmap?Now use the following SQLMap command: sqlmap -u http://192.168.202.162/cat.php?id=1 -p id –proxy=”http://localhost:8080″ Now, think about a scenario where the SQLinjection keywords like OrderBy and Union are blacklisted on the server. We can bypass these types of implementations by using the camel casing technique.
Which option in SQLmap can be used to exploit a post parameter?You can use the --data option to pass any POST parameters. To maximize successful detection and exploitation, I usually use the --headers option to pass a valid User-Agent header (from my browser for example).
What is level in SQLmap?The level defines the number of checks/payload to be performed. The value ranges from 1 to 5. 5, being the maximum, includes large number of payloads in the scan. The risk and level are recommended to be increased if SQLMap is not able to detect the injection in default settings.
What is random agent in SQLmap?Basic arguments for SQLmap
However, it is possible to fake it with the option --user-agent by providing custom User-Agent as the option's argument. 4. --random-agent , sqlmap will randomly select a User-Agent from the ./txt/user-agents.txt. 5. --threads=THREADS Max number of concurrent HTTP(s) requests (default 1)
|
