Hey...let's start for the begging:
Target
At least one of these options has be provided to set the target(s). Direct connection to the database
Target
At least one of these options has be provided to set the target(s). Direct connection to the database
Option: -d
Run sqlmap against a single database instance. This option accepts a connection string in one of following forms:
DBMS://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME (MySQL, Oracle, Microsoft SQL Server, PostgreSQL, etc.)
DBMS://DATABASE_FILEPATH (SQLite, Microsoft Access, Firebird, etc.)
For example:
python sqlmap.py -d "mysql://admin:admin@192.168.21.17:3306/testdb" -f --banner --dbs --users
Second Part:
Load HTTP request from a file
Option: -r
Run sqlmap against a single database instance. This option accepts a connection string in one of following forms:
DBMS://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME (MySQL, Oracle, Microsoft SQL Server, PostgreSQL, etc.)
DBMS://DATABASE_FILEPATH (SQLite, Microsoft Access, Firebird, etc.)
For example:
python sqlmap.py -d "mysql://admin:admin@192.168.21.17:3306/testdb" -f --banner --dbs --users
Second Part:
Load HTTP request from a file
Option: -r
One of the possibilities of sqlmap is loading of raw HTTP request from a
textual file. That way you can skip usage of a number of other options
(e.g. setting of cookies, POSTed data, etc).
Sample content of a HTTP request file provided as an argument to this option:
POST /vuln.php HTTP/1.1
Host: www.target.com
User-Agent: Mozilla/4.0
id=1
Note that if the request is over HTTPS, you can use this in conjunction with switch --force-ssl to force SSL connection to 443/tcp. Alternatively, you can append :443 to the end of the Host header value.
AND THIRD PART:
Process Google dork results as target addresses
Option: -g
Sample content of a HTTP request file provided as an argument to this option:
POST /vuln.php HTTP/1.1
Host: www.target.com
User-Agent: Mozilla/4.0
id=1
Note that if the request is over HTTPS, you can use this in conjunction with switch --force-ssl to force SSL connection to 443/tcp. Alternatively, you can append :443 to the end of the Host header value.
AND THIRD PART:
Process Google dork results as target addresses
Option: -g
It is also possible to test and inject on GET parameters based on results of your Google dork.
This option makes sqlmap negotiate with the search engine its session cookie to be able to perform a search, then sqlmap will retrieve Google first 100 results for the Google dork expression with GET parameters asking you if you want to test and inject on each possible affected URL.
For example:
python sqlmap.py -g "inurl:\".php?id=1\""
http://cyberlearning.web.id/wiki/index.php/Sqlmap:_intro#Target_2
This option makes sqlmap negotiate with the search engine its session cookie to be able to perform a search, then sqlmap will retrieve Google first 100 results for the Google dork expression with GET parameters asking you if you want to test and inject on each possible affected URL.
For example:
python sqlmap.py -g "inurl:\".php?id=1\""
http://cyberlearning.web.id/wiki/index.php/Sqlmap:_intro#Target_2
No comments:
Post a Comment