0x00 前言

参考Micro8系列第三十五课:https://micro8.gitbook.io/micro8/contents-1/31-40/35-yu-sqlmap-jie-he-gong-ji

0x01 MSF联动Sqlmap(非session模式)

MSF在非session模式下与session模式下都支持第三方的加载与第三方框架的融合。代表参数为load。两种模式下的load意义不同。

本次主要针对非session模式下的load sqlmap进行讲解。

在MSF中加载sqlmap并查看相关的命令:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
msf6 > load sqlmap
[*] Sqlmap plugin loaded
[*] Successfully loaded plugin: Sqlmap
msf6 > help sqlmap

Sqlmap Commands
===============

    Command            Description
    -------            -----------
    sqlmap_connect     sqlmap_connect <host> [<port>]
    sqlmap_get_data    Get the resulting data of the task
    sqlmap_get_log     Get the running log of a task
    sqlmap_get_option  Get an option for a task
    sqlmap_get_status  Get the status of a task
    sqlmap_list_tasks  List the knows tasks. New tasks are not stored in DB, so lives as long as the console does
    sqlmap_new_task    Create a new task
    sqlmap_save_data   Save the resulting data as web_vulns
    sqlmap_set_option  Set an option for a task
    sqlmap_start_task  Start the task

MSF上的sqlmap插件依赖于sqlmap的sqlmapapi.py,在使用前需要启动sqlmapapi.py:

1
2
3
4
5
6
root@dde077eebdfc:/# sqlmapapi -s -p 8080
[03:44:06] [INFO] Running REST-JSON API server at '127.0.0.1:8080'..
[03:44:06] [INFO] Admin (secret) token: ebf9b14a44c4e745aa334cb85f222e7c
[03:44:06] [DEBUG] IPC database: '/tmp/sqlmapipc-9kqmx9_b'
[03:44:06] [DEBUG] REST-JSON API server connected to IPC database
[03:44:06] [DEBUG] Using adapter 'wsgiref' to run bottle

然后在MSF上建立任务即可。

而sqlmap对MSF也完美支持。