Metasploit/Kali & Backtrack

sqlmap

๐“›๐“พ๐“ฌ๐“ฎ๐“ฝ๐“ฎ_๐“ข๐“ฝ๐“ฎ๐“ต๐“ต๐“ช 2015. 9. 9.
728x90
๋ฐ˜์‘ํ˜•

SQLMAP ๊ฐ์ง€ ๋ฐ SQL ์ฃผ์ž… ์ทจ์•ฝ์ ์„ ์ด์šฉํ•˜์—ฌ ๋ฐ์ดํ„ฐ๋ฒ ์ด์Šค ์„œ๋ฒ„์˜ ์ธ๊ณ„ ๊ณผ์ •์„ ์ž๋™ํ™”ํ•˜๋Š” ์˜คํ”ˆ ์†Œ์Šค ์นจ์ž… ํ…Œ์ŠคํŠธ ๋„๊ตฌ์ž…๋‹ˆ๋‹ค. ,์ด๊ฒƒ์€ ๋ฐ์ดํ„ฐ๋ฒ ์ด์Šค์—์„œ ๊ธฐ๋ณธ ํŒŒ์ผ ์‹œ์Šคํ…œ์— ์•ก์„ธ์Šคํ•˜๊ณ  ๋ฐ–์„ ํ†ตํ•ด ์šด์˜ ์ฒด์ œ์—์„œ ๋ช…๋ น์„ ์‹คํ–‰ํ•˜๋Š” ํŽ˜์น˜ ๋ฐ์ดํ„ฐ์— ๊ถ๊ทน์  ์ธ ์นจ์ž… ํ…Œ์Šคํ„ฐ ๋ฐ ๋ฐ์ดํ„ฐ๋ฒ ์ด์Šค ์ง€๋ฌธ์—์„œ ์ง€์† ์Šค์œ„์น˜์˜ ๋„“์€ ,๋ฒ”์œ„์— ๋Œ€ํ•œ ๋งŽ์€ ํ‹ˆ์ƒˆ ๊ธฐ๋Šฅ,โ€‹โ€‹ ๊ฐ•๋ ฅํ•œ ๊ฒ€์ƒ‰ ์—”์ง„์ด ํฌํ•จ๋˜์–ด ์žˆ์Šต๋‹ˆ๋‹ค .

root@kali:~# sqlmap = automatic SQL injection tool


๋„์›€๋ง


root@kali:~# sqlmap -h
Usage: python sqlmap [options]

Options:
  -h, --help            Show basic help message and exit
  -hh                   Show advanced help message and exit
  --version             Show program's version number and exit
  -v VERBOSE            Verbosity level: 0-6 (default 1)

  Target:
    At least one of these options has to be provided to define the
    target(s)

    -u URL, --url=URL   Target URL (e.g. "http://www.site.com/vuln.php?id=1")
    -g GOOGLEDORK       Process Google dork results as target URLs

  Request:
    These options can be used to specify how to connect to the target URL

    --data=DATA         Data string to be sent through POST
    --cookie=COOKIE     HTTP Cookie header value
    --random-agent      Use randomly selected HTTP User-Agent header value
    --proxy=PROXY       Use a proxy to connect to the target URL
    --tor               Use Tor anonymity network
    --check-tor         Check to see if Tor is used properly

  Injection:
    These options can be used to specify which parameters to test for,
    provide custom injection payloads and optional tampering scripts

    -p TESTPARAMETER    Testable parameter(s)
    --dbms=DBMS         Force back-end DBMS to this value

  Detection:
    These options can be used to customize the detection phase

    --level=LEVEL       Level of tests to perform (1-5, default 1)
    --risk=RISK         Risk of tests to perform (0-3, default 1)

  Techniques:
    These options can be used to tweak testing of specific SQL injection
    techniques

    --technique=TECH    SQL injection techniques to use (default "BEUSTQ")

  Enumeration:
    These options can be used to enumerate the back-end database
    management system information, structure and data contained in the
    tables. Moreover you can run your own SQL statements

    -a, --all           Retrieve everything
    -b, --banner        Retrieve DBMS banner
    --current-user      Retrieve DBMS current user
    --current-db        Retrieve DBMS current database
    --passwords         Enumerate DBMS users password hashes
    --tables            Enumerate DBMS database tables
    --columns           Enumerate DBMS database table columns
    --schema            Enumerate DBMS schema
    --dump              Dump DBMS database table entries
    --dump-all          Dump all DBMS databases tables entries
    -D DB               DBMS database to enumerate
    -T TBL              DBMS database table(s) to enumerate
    -C COL              DBMS database table column(s) to enumerate

  Operating system access:
    These options can be used to access the back-end database management
    system underlying operating system

    --os-shell          Prompt for an interactive operating system shell
    --os-pwn            Prompt for an OOB shell, Meterpreter or VNC

  General:
    These options can be used to set some general working parameters

    --batch             Never ask for user input, use the default behaviour
    --flush-session     Flush session files for current target

  Miscellaneous:
    --wizard            Simple wizard interface for beginner users



sqlmap usage example


root@kali:~# sqlmap -u "http://192.168.1.250/?p=1&forumaction=search" --dbs

    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org


728x90
๋ฐ˜์‘ํ˜•

'Metasploit > Kali & Backtrack' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

netool ์„ค์น˜๋ฐฉ๋ฒ•(how to install netool)  (0) 2016.12.16
kali linux 2.0 apt-get  (0) 2015.12.10
Reading package lists Error  (0) 2015.11.16
SSLsplit  (0) 2015.09.07
how to hack wifi using backtrack  (0) 2015.09.03

๋Œ“๊ธ€