How does the --os-shell parameter in Sqlmap work? Is it still anonymous over Tor?

Asked Apr 24 '22 at 01:19

Active Sep 07 '22 at 11:55

Viewed 203 times

How does the --os-shell parameter in Sqlmap work? I know its uploading a backdoor, but how is Sqlmap uploading it and is the file just a normal reverse shell trojan?

Also, is it still anonymous when being used over the --tor switch?

edited Sep 07 '22 at 11:55

asked Apr 24 '22 at 01:19

UndercoverDog

For your second question, see https://security.stackexchange.com/q/261018/106285 – forest Apr 24 '22 at 01:20
I asked that question aswell, but sending a HTML get/post request is something completely different than using a reverse shell – UndercoverDog Apr 24 '22 at 01:53
1

Oh I didn't notice it was you who asked that! Anyway, the `--tor` switch sets the entire program to use Tor for all TCP connections. It's not possible to do this for a reverse shell though, because it would need to know your real IP. Have you read the manual page for sqlmap to see what that parameter does? – forest Apr 24 '22 at 01:55

How does the --os-shell parameter in Sqlmap work? Is it still anonymous over Tor?

0 Answers0