# Screenshots

Verbose output (option `-v` set to `3`):

![Verbose output set to 3](images/sqlmap_verbose_3.png)

Concatenation of three tamper scripts to obfuscate the injected SQL payloads (option `--tamper` set to `between,randomcase,space2comment`):

![Tamper scripts in action](images/sqlmap_tamper_in_action.png)

Cracking dumped databased users' password hashes (switch `--passwords`):

![Users' password hashes cracking](images/sqlmap_cracking_password_hashes.png)

Enumerating database table's columns (switch `--columns`):

![Database table's columns dump](images/sqlmap_enumerating_columns.png)

Mnemonics (option `-z` set to `"flu,bat,tec=B"`):

![Mnemonics usage](images/sqlmap_mnemonics.png)

Conducting through tests only if positive heuristic(s) (switch `--smart`):

![Smart mode](images/sqlmap_smart.png)

DNS exfiltration technique (option `--dns-domain`):

![DNS exfiltration technique](images/sqlmap_dns_exfiltration.png)

Identify WAF/IDS/IPS protection (switch `--identify-waf`):

![Identify WAF/IDS/IPS protection](images/sqlmap_identify_waf.png)

HTTP parameter pollution (switch `--hpp`):

![HTTP parameter pollution](images/sqlmap_hpp.png)

Replicating table to a local SQLite3 database (option `--dump-format` set to `SQLITE`):

![Replicated table](images/sqlmap_replicate_result.png)

Dumping table to HTML format (option `--dump-format` set to `HTML`):

![Dumped table to HTML](images/sqlmap_dump_html.png)

OS pwn mode (Meterpreter) (switch `--os-pwn`):

![OS pwn mode](images/sqlmap_os_pwn.png)

OS shell mode (switch `--os-shell`):

![SQL shell mode](images/sqlmap_os_shell.png)

SQL shell mode (switch `--sql-shell`):

![SQL shell mode](images/sqlmap_sql_shell.png)

Wizard mode (switch `--wizard`):

![Wizard mode](images/sqlmap_wizard.png)