sqlmap relies on the -Metasploit Framework for some of its post-exploitation takeover +Metasploit Framework for some of its post-exploitation takeover features. You need to grab a copy of it from the -download +download page - the required version is 3.5 or higher. For the ICMP tunneling out-of-band takeover technique, sqlmap requires Impacket library too.
@@ -418,7 +418,7 @@ subversion repository. message to the user.Switch: --predict-output
This switch is used in inference algorithm for sequential statistical
-prediction of characters of value being retrieved. Based on items given in
-txt/common-outputs.txt together with the knowledge of current
-enumeration used statistical table with the most promising values is being
-built. In case that the value can be found among the common output values,
-as the process progresses, subsequent character tables are being narrowed
-more and more. If used in combination with retrieval of common DBMS
-entities, as with system table names and privileges, speed up is
-significant. Of course, you can edit the common outputs file according to
-your needs if, for instance, you notice common patterns in database table
-names or similar.
txt/common-outputs.txt combined with the knowledge of current
+enumeration used. In case that the value can be found among the common
+output values, as the process progresses, subsequent character tables are
+being narrowed more and more. If used in combination with retrieval of
+common DBMS entities, as with system table names and privileges, speed up
+is significant. Of course, you can edit the common outputs file according
+to your needs if, for instance, you notice common patterns in database
+table names or similar.
Note that this switch is not compatible with --threads
switch.
Note that the multi-threading switch does not affect any other SQL -injection technique. The maximum number of concurrent requests is set to -10 for performance and site reliability reasons.
+The maximum number of concurrent requests is set to 10 for +performance and site reliability reasons.
Note that this switch is not compatible with
--predict-output switch.
--tamper switch.
@@ -1701,12 +1701,12 @@ def tamper(payload):
You can check valid and usable tamper scripts in the tamper/
directory.
Example against a MySQL target assuming > character, spaces and
-SELECT string are banned:
Example against a MySQL target assuming that > character,
+spaces and capital SELECT string are banned:
.-$ python sqlmap.py -u "http://debiandev/sqlmap/mysql/get_int.php?id=1" --tamper \ +$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" --tamper \ tamper/between.py,tamper/randomcase.py,tamper/space2comment.py -v 3 [hh:mm:03] [DEBUG] cleaning up configuration parameters @@ -1816,7 +1816,7 @@ injected) page content with the injected wrong page content. This way the distinction will be based upon string presence or regular expression match. -In cases with lot of active (e.g. scripts, embeds, etc.) content in the +
In cases with lot of active content (e.g. scripts, embeds, etc.) in the HTTP responses' body, you can filter pages (
@@ -2987,7 +2987,7 @@ a--text-onlyswitch) just for their textual content. This way, in a good number of cases, you can automatically tune the detection engine.<DB_NAME>/<TABLE_NAME>.csvfile intoYou can then use sqlmap itself to read and query the locally created SQLite 3 file. For instance,
+sqlite:///tmp/sqlmap/output/192.168.136.131/dump/testdb.sqlite3 --tablepython sqlmap.py -d -sqlite:///tmp/sqlmap/output/debiandev/dump/testdb.sqlite3 --table.Simple wizard interface for beginner users
diff --git a/doc/README.pdf b/doc/README.pdf index 6b1d90096..f47d69ccb 100644 Binary files a/doc/README.pdf and b/doc/README.pdf differ diff --git a/doc/README.sgml b/doc/README.sgml index a588c4bf4..289d0dd13 100644 --- a/doc/README.sgml +++ b/doc/README.sgml @@ -40,10 +40,10 @@ it packaged in their formats and ready to be installed. Windows users can download and install the Python setup-ready installer for x86, AMD64 and Itanium too. -sqlmap relies on thefor some of its post-exploitation takeover features. You need to grab a copy of it from the - + page - the required version is 3.5 or higher. For the ICMP tunneling out-of-band takeover technique, sqlmap requiresIntegration with other IT security open source projects, - and and . @@ -650,7 +650,7 @@ release only. October 20 , sqlmap first point release,0.6.1 , goes public. This includes minor bug fixes and the first contact between the -tool and: +tool and : an auxiliary module to launch sqlmap from within Metasploit Framework. The goes public again. @@ -1403,16 +1403,16 @@ Switch: --predict-output This switch is used in inference algorithm for sequential statistical -prediction of characters of value being retrieved. Based on items given in -txt/common-outputs.txt together with the knowledge of current -enumeration used statistical table with the most promising values is being -built. In case that the value can be found among the common output values, -as the process progresses, subsequent character tables are being narrowed -more and more. If used in combination with retrieval of common DBMS -entities, as with system table names and privileges, speed up is -significant. Of course, you can edit the common outputs file according to -your needs if, for instance, you notice common patterns in database table -names or similar. +prediction of characters of value being retrieved. Statistical table with +the most promising character values is being built based on items given in +txt/common-outputs.txt combined with the knowledge of current +enumeration used. In case that the value can be found among the common +output values, as the process progresses, subsequent character tables are +being narrowed more and more. If used in combination with retrieval of +common DBMS entities, as with system table names and privileges, speed up +is significant. Of course, you can edit the common outputs file according +to your needs if, for instance, you notice common patterns in database +table names or similar.
Note that this switch is not compatible with --threads @@ -1666,7 +1666,7 @@ The format of a valid tamper script is as follows: from lib.core.enums import PRIORITY # Define which is the order of application of tamper scripts against the payload -__priority__ = PRIORITY.HIGHEST +__priority__ = PRIORITY.NORMAL def tamper(payload): ''' @@ -1675,8 +1675,9 @@ def tamper(payload): retVal = payload - # your code to tamper the original payload (retVal) + # your code to tamper the original payload + # return the tampered payload return retVal @@ -1685,11 +1686,11 @@ You can check valid and usable tamper scripts in the tamper/ directory.
-Example against a MySQL target assuming > character, spaces and -SELECT string are banned: +Example against a MySQL target assuming that > character, +spaces and capital SELECT string are banned:
-$ python sqlmap.py -u "http://debiandev/sqlmap/mysql/get_int.php?id=1" --tamper \ +$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" --tamper \ tamper/between.py,tamper/randomcase.py,tamper/space2comment.py -v 3 [hh:mm:03] [DEBUG] cleaning up configuration parameters @@ -1809,7 +1810,7 @@ This way the distinction will be based upon string presence or regular expression match. -In cases with lot of active (e.g. scripts, embeds, etc.) content in the +In cases with lot of active content (e.g. scripts, embeds, etc.) in the HTTP responses' body, you can filter pages (--text-only switch) just for their textual content. This way, in a good number of cases, you can automatically tune the detection engine. @@ -3116,7 +3117,7 @@ a <DB_NAME>/<TABLE_NAME>.csv file into
You can then use sqlmap itself to read and query the locally created SQLite 3 file. For instance, python sqlmap.py -d -sqlite:///tmp/sqlmap/output/debiandev/dump/testdb.sqlite3 --table. +sqlite:///tmp/sqlmap/output/192.168.136.131/dump/testdb.sqlite3 --table.
Simple wizard interface for beginner users