Docsity
Docsity

Prepara tus exámenes
Prepara tus exámenes

Prepara tus exámenes y mejora tus resultados gracias a la gran cantidad de recursos disponibles en Docsity


Consigue puntos base para descargar
Consigue puntos base para descargar

Gana puntos ayudando a otros estudiantes o consíguelos activando un Plan Premium


Orientación Universidad
Orientación Universidad


SQLMAP for Dummies V2, Apuntes de Informática

Asignatura: Sistemas operativos, Profesor: , Carrera: Ingeniería en Informática, Universidad: UPCO

Tipo: Apuntes

2013/2014

Subido el 18/06/2014

motionxd
motionxd 🇪🇸

1 documento

1 / 16

Toggle sidebar

Esta página no es visible en la vista previa

¡No te pierdas las partes importantes!

bg1
SQLMAP For Dummies v2 - TheAnonMatrix
Feel free to comment the doc and post questions.
SQLMAP For Dummies v2
By TheAnonMatrix
http://www.twitter.com/TheAnonMatrix
1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff

Vista previa parcial del texto

¡Descarga SQLMAP for Dummies V2 y más Apuntes en PDF de Informática solo en Docsity!

[email protected] Feel free to comment the doc and post questions.

SQLMAP For Dummies v

By TheAnonMatrix

http://www.twitter.com/TheAnonMatrix

[email protected] Feel free to comment the doc and post questions.

Requirements

  1. Tutorial Introduction 1.2 Disclaimer
  2. Setting up for the tutorial 2.1 Proxychains 2.2 TOR
  3. Information Gathering
  4. Basic SQLMAP Introduction 4.1 Fingerprinting 4.2 Using SQLMAP to creat a dump. 4.3 --Level and --Risk.
  5. Output variations 5.1 --Schema and --Column 5.2 Other variations

[email protected] Feel free to comment the doc and post questions. of access to a place/system you shouldn't have, you are by my definition a hacker. Skids are just those retarded people who learn shit to show epeen and argue on what a hacker is. Now, i do hope you enjoy my tutorial on SQLMap and care to add a comment on how much you love me if you find this interesting :) Sharing is caring, the only thing i requires is source to lead back to this site and credits to me as i work my ass off to figure these things and explain them.

Happy Hacking!

1.2 Disclaimer

I do not take any responsibility for what retarded people might manage with the information i write or state in this tutorial. This program was not meant to be used for illegal activities, but a

tool to check for vulnerabilities on your own website. Never use this tool or any other tools on a website you do not own. I am serious.

2. Setting up for the tutorial

So, to hide your ass i recommend two solutions. Proxychains or setting up TOR. Both uses the

TOR proxy but got a variation in use. I am assuming you are using Backtrack 5 R1, thus i can skip some explanations. I do recommend using the --random-agent switch in SQLMAP, else you

can see the user agent contains SQLMAP, that is not a clever idea.

2.1 Proxychains

Proxychains is simple in the use, as we can state what ever we wanna do after the program

name. However, it does post a line for every connection we make. Using SQLMap this can pretty much cover the terminal with information you honestly don't need that much. So i prefer to

remove it.

[email protected] Feel free to comment the doc and post questions.

Open it, scroll down to and find quiet_mode, and make sure that line do not have a “#”. Fixed and ready to go!

2.2 TOR

First find /etc/apt/sources.list open it and add

deb http://deb.torproject.org/torproject.org lucid main

Open the terminal and use this commands:

gpg --keyserver keys.gnupg.net --recv 886DDD

gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-

key add -

More commands ran as root:

apt-get update

apt-get install tor tor-geoipdb

apt-get install polipo

Start tor:

/etc/init.d/tor start

Grab the copy of this config file:

https://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/

polipo.conf

Go to /etc/polipoconfig and replace the file with the one above. restart polipo:

[email protected] Feel free to comment the doc and post questions.

4. Basic SQLMAP Introduction

4.1 Fingerprinting

-u The URL input

--fingerprint arg flag telling SQLMAP to do a fingerprint

--tor tells SQLMAP we want to use a TOR proxy

--random-agent tells SQLMAP we want to have a random selected agent in the header

Doing a fingerprint on a website helps you determin what kind of back-end system the website is running. Database system operating system and application technology. Please note that SQLMAP already will start looking for vulnerabilities in the page to fetch the information. This could be our result:

[email protected] Feel free to comment the doc and post questions.

4.2 Using SQLMAP to creat a dump.

--DBS Fetches the available databases.

-D Selects one the listed databases

--Tables Fetches the tables in the Database if specified with -D, if not; dump all the tables. If a Database have been used before, it will use that database.

-T Fetches the entries inside the given table. Requires -D and -- Dump

--Dump Dumps the given table, specified with -T

--Dump-all Dumps everything inside -D, if its not specified it will dump everything.

[email protected] Feel free to comment the doc and post questions.

As you can see above we got the tables inside the database information_schema. Nothing to interesting, but i guess we wanna see closer on the table “VIEW”. Thus we select the database

(-D information_schema) and the table we wanna see (-T VIEWS). using -T we need to add a option telling SQLMAP we wanna dump it all to a text file, thus we use --dump.

and the result:

Note: i did cancel the dump because of the null values, there is nothing there.

Now, if we wanna skip doing all this shit and just get right to the dumping we could just use the - -dump-all option and dump everything as it comes in order.

[email protected] Feel free to comment the doc and post questions.

This sums up the basics of SQLMAP dumping and now we will progress with some of the other options inside SQLMAP, for a better understanding how we can do injections and dumping even

better.

4.3 --Level and --Risk.

SQLMAP detects a lot of the common vulnerabilities by using the guide above. But what is you KNOW there is an vulnerability there, and SQLMAP is not detecting it? Thus the --Level and - -Risk switch should be used. using the --Level and --Risk switch the more “noise” you will be creating therefor if you actually apply these switches you should be behind proxy or VPN for safety.

--Level Value: 1 to 5 (Default: 1)

--Risk Value: 0 to 3 (default 1)

[email protected] Feel free to comment the doc and post questions.

NOTE --schema: Does not need to be given a table input as we fetch all the column info for the given database with this input

NOTE--column: Notice we specify a table when using --column.

If we use --column and define tables (-T) as VIEWS we would end up with this:

[email protected] Feel free to comment the doc and post questions.

With --schema we would end up with the same result, but for every table in the database. But how does this help us? Imagen we got a table named “admin”, we could use --column to view this and see what information we can get. What about a larger table like “User_credentials”? We could see the

information and select the fields we wanna dump! In other words, we could skip the unusable

primary key values and number of posts, and instead only select the username, password and mail columns in the table.

In this example we will select the columns CHECK_OPTION and TABLE_NAME. Note they are splitted using a comma, this applies to all places in SQLMAP where we can select more than

one database (-D) or table (-T).

Our command line arg. Notice there is no space between CHECK_OPTION and TABLE_NAME

[email protected] Feel free to comment the doc and post questions. 12.02. Revision 1 done. Needs to be filled out and small parts to be added. Should work as a tutorial for beginners now!

11.02. Written the section about Information gathering and Basic SQLMAP Introduction.

10.02. Written tutorial introduction and disclaimer. Starting up with Proxychains and TOR setup.

08.02. Document launched. Menu done and text to be done.