Posts: 14
Threads: 4
Joined: Oct 2024
Hi guys,
I got access to a database using sqlmap but due to the huge size of the databases content it will take a long time for sqlmap to retrieve all the data .
The sql injection types that sqlmap found are : boolean based, error based, time based
My questions :
1- is there a faster way to extract the database content using sqlmap or anything else and how to do that?
2- is it possible to encrypt the database using sqlmap or anything else and how to do that?
Posts: 231
Threads: 14
Joined: Nov 2024
do the injections manually and configure them as you wish, don't depend so much on sqlmap.
The eternal glow of a mind without memories.
Posts: 90
Threads: 14
Joined: Jun 2023
 
(01-04-2025, 05:55 PM)k1083 Wrote: do the injections manually and configure them as you wish, don't depend so much on sqlmap.
Finding SQLi's and other vulns people should do manually but when it comes to injecting them, if sqlmap can do it, I think you should do it with SQLmap. Just my opinion though
Answer for OP: Do you mean like encrypting it from the server side so the devs couldn't access it or some shit? And when it comes to dumping, it shouldn't be too slow because you have error-based injection, just let it run on a RDP or something and use 10 threads.
If you mean encrypting it server-side and blackmailing them or something I don't really wanna give any advice on it cuz I am not a fan of it + don't even have much experience but first check if you have DBA perms, if you have them you can possibly upload a PHP shell with sqlmap and have full access for the site. If not, one of the most popular methods are finding an admin account and admin panel, then from there upload a shell.
DISCLAIMER: I AM NOT SELLING AND WILL NEVER BE SELLING ANYTHING ON HERE UNDER ThIS USERNAME/PROFILE.
Posts: 78
Threads: 2
Joined: Aug 2023
Login to the admin panel to get permissions
Posts: 14
Threads: 4
Joined: Oct 2024
01-05-2025, 06:46 AM
(This post was last modified: 01-05-2025, 06:51 AM by cybershadow404.)
(01-04-2025, 06:30 PM)420 Wrote: (01-04-2025, 05:55 PM)k1083 Wrote: do the injections manually and configure them as you wish, don't depend so much on sqlmap.
Finding SQLi's and other vulns people should do manually but when it comes to injecting them, if sqlmap can do it, I think you should do it with SQLmap. Just my opinion though
Answer for OP: Do you mean like encrypting it from the server side so the devs couldn't access it or some shit? And when it comes to dumping, it shouldn't be too slow because you have error-based injection, just let it run on a RDP or something and use 10 threads.
If you mean encrypting it server-side and blackmailing them or something I don't really wanna give any advice on it cuz I am not a fan of it + don't even have much experience but first check if you have DBA perms, if you have them you can possibly upload a PHP shell with sqlmap and have full access for the site. If not, one of the most popular methods are finding an admin account and admin panel, then from there upload a shell.
Thanks I have a website with a database exposed from URL, would you like to help me?
(01-04-2025, 05:55 PM)k1083 Wrote: do the injections manually and configure them as you wish, don't depend so much on sqlmap.
Is it hard to find this kind of vulnerabilities in websites nowadays? I have tried many manually but they are other people's SQL scripts?
Posts: 231
Threads: 14
Joined: Nov 2024
(01-05-2025, 06:46 AM)cybershadow404 Wrote: (01-04-2025, 06:30 PM)420 Wrote: (01-04-2025, 05:55 PM)k1083 Wrote: do the injections manually and configure them as you wish, don't depend so much on sqlmap.
Finding SQLi's and other vulns people should do manually but when it comes to injecting them, if sqlmap can do it, I think you should do it with SQLmap. Just my opinion though
Answer for OP: Do you mean like encrypting it from the server side so the devs couldn't access it or some shit? And when it comes to dumping, it shouldn't be too slow because you have error-based injection, just let it run on a RDP or something and use 10 threads.
If you mean encrypting it server-side and blackmailing them or something I don't really wanna give any advice on it cuz I am not a fan of it + don't even have much experience but first check if you have DBA perms, if you have them you can possibly upload a PHP shell with sqlmap and have full access for the site. If not, one of the most popular methods are finding an admin account and admin panel, then from there upload a shell.
Thanks I have a website with a database exposed from URL, would you like to help me?
(01-04-2025, 05:55 PM)k1083 Wrote: do the injections manually and configure them as you wish, don't depend so much on sqlmap.
Is it hard to find this kind of vulnerabilities in websites nowadays? I have tried many manually but they are other people's SQL scripts?
It's difficult when you don't know all the tasks, hey you must be careful not to go shooting SQLmap to everything like that, risking your ip.
The eternal glow of a mind without memories.
Posts: 14
Threads: 4
Joined: Oct 2024
01-05-2025, 07:18 AM
(This post was last modified: 01-05-2025, 07:25 AM by cybershadow404.)
(01-05-2025, 06:55 AM)k1083 Wrote: (01-05-2025, 06:46 AM)cybershadow404 Wrote: (01-04-2025, 06:30 PM)420 Wrote: (01-04-2025, 05:55 PM)k1083 Wrote: do the injections manually and configure them as you wish, don't depend so much on sqlmap.
Finding SQLi's and other vulns people should do manually but when it comes to injecting them, if sqlmap can do it, I think you should do it with SQLmap. Just my opinion though
Answer for OP: Do you mean like encrypting it from the server side so the devs couldn't access it or some shit? And when it comes to dumping, it shouldn't be too slow because you have error-based injection, just let it run on a RDP or something and use 10 threads.
If you mean encrypting it server-side and blackmailing them or something I don't really wanna give any advice on it cuz I am not a fan of it + don't even have much experience but first check if you have DBA perms, if you have them you can possibly upload a PHP shell with sqlmap and have full access for the site. If not, one of the most popular methods are finding an admin account and admin panel, then from there upload a shell.
Thanks I have a website with a database exposed from URL, would you like to help me?
(01-04-2025, 05:55 PM)k1083 Wrote: do the injections manually and configure them as you wish, don't depend so much on sqlmap.
Is it hard to find this kind of vulnerabilities in websites nowadays? I have tried many manually but they are other people's SQL scripts?
It's difficult when you don't know all the tasks, hey you must be careful not to go shooting SQLmap to everything like that, risking your ip.
ok ok i found it by the URL (moving through directories), i found it without the tools, because the page was badly designed. the question i asked at the beginning was for another database found by SQLmap.
Posts: 90
Threads: 14
Joined: Jun 2023
(01-05-2025, 06:46 AM)cybershadow404 Wrote: (01-04-2025, 06:30 PM)420 Wrote: (01-04-2025, 05:55 PM)k1083 Wrote: do the injections manually and configure them as you wish, don't depend so much on sqlmap.
Finding SQLi's and other vulns people should do manually but when it comes to injecting them, if sqlmap can do it, I think you should do it with SQLmap. Just my opinion though
Answer for OP: Do you mean like encrypting it from the server side so the devs couldn't access it or some shit? And when it comes to dumping, it shouldn't be too slow because you have error-based injection, just let it run on a RDP or something and use 10 threads.
If you mean encrypting it server-side and blackmailing them or something I don't really wanna give any advice on it cuz I am not a fan of it + don't even have much experience but first check if you have DBA perms, if you have them you can possibly upload a PHP shell with sqlmap and have full access for the site. If not, one of the most popular methods are finding an admin account and admin panel, then from there upload a shell.
Thanks I have a website with a database exposed from URL, would you like to help me?
(01-04-2025, 05:55 PM)k1083 Wrote: do the injections manually and configure them as you wish, don't depend so much on sqlmap.
Is it hard to find this kind of vulnerabilities in websites nowadays? I have tried many manually but they are other people's SQL scripts?
Yeah I guess I can help you, hit me up buddy. Also SQLi's are still fairly common actually, best way is to test for them manually.
@ k1083 good point, I pretty much always use --tor command with it as well for extra privacy and to prevent a possible IP ban.
DISCLAIMER: I AM NOT SELLING AND WILL NEVER BE SELLING ANYTHING ON HERE UNDER ThIS USERNAME/PROFILE.
Posts: 211
Threads: 7
Joined: Jul 2023
SQLMap supports multi-threading, which significantly speeds up the process by running concurrent queries. you can specify the number of threads using the --threads option.
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Leeching | http://breached26tezcofqla4adzyn22notfqw...an-Appeals if you feel this is incorrect.
Posts: 2
Threads: 0
Joined: Jan 2025
Yo can use threads to speed up and for encrypt only yo have to launch a script doing to update the cotent with AES_ENCRYPT
|
