парсер sql dumper

[bimbim]

Подскажите пожалуйста софт для выкачки БД по sql инжекту.
У трагета 5 бд по 400-500 таблиц. SQLmap в 10 тредов по errorbased медленно ретрив делает.
Чем выкачивают подобные объемы? вручную на каждую таблицу sqlmap запускать? или есть более елегантные решения?

 

[molotov477]

You can try with ghauri but in my experience, that is even slower than sqlmap, if you can retrieve DB credentials and you have access to the DB port, you can use the mysql or client for the DB (mssql, postgres, oracle etc) it is to connect directly to it and then exfil/ dump data, that is the easiest and most reliable solution but for that you need to have access to the DB port and it should be open so you can connect to it.

Otherwise Sqlmap is the only solution for you as much as I know.

 

[bimbim]

You can try with ghauri but in my experience, that is even slower than sqlmap, if you can retrieve DB credentials and you have access to the DB port, you can use the mysql or client for the DB (mssql, postgres, oracle etc) it is to connect directly to it and then exfil/ dump data, that is the easiest and most reliable solution but for that you need to have access to the DB port and it should be open so you can connect to it.

Otherwise Sqlmap is the only solution for you as much as I know.

Dont have access to port

 

[blackhat1717]

Используйте sql map, поэтому, если вы уверены, что у вас правильное имя пользователя и пароль, проблема, скорее всего, в разрешенных IP-адресах. При создании пользователя MySQL обычно разрешают доступ только с localhost. Поэтому у вас могут быть правильные имя пользователя и пароль, но вы можете использовать их только локально на сервере. С другой стороны, тот факт, что сервер принимает соединения извне, может указывать на то, что некоторым другим IP-адресам разрешено подключаться. В этом случае вам нужно выяснить, какие IP-адреса разрешены, и подключиться с одного из них.

 

[molotov477]

Dont have access to port

Well then patience is the only way, you can try with ghauri but like I said in my experience, the speed is more less the same if not less, dumping databases can be a bit tiresome task if the table structure is complicated or if too many lines are there. Another way you can try is to see if you can get a os-shell and get a reverse shell onto your server and then use that to connect to the db locally and exfil data but again, that depends if you can get os-shell via sqlmap and the server it self has internet connectivity to send you a reverse shell.

 

[bimbim]

Well then patience is the only way, you can try with ghauri but like I said in my experience, the speed is more less the same if not less, dumping databases can be a bit tiresome task if the table structure is complicated or if too many lines are there. Another way you can try is to see if you can get a os-shell and get a reverse shell onto your server and then use that to connect to the db locally and exfil data but again, that depends if you can get os-shell via sqlmap and the server it self has internet connectivity to send you a reverse shell.

cannot get os-shell