Here is a question no pen tester can seem to answer.. Lets say I run nmap on the ip of a website. And find MySQL open. Instead of exploiting it like this. How can I use sqlmap against the webpage to dump the database or does it not work like that?
You can point sqlmap at an ip an port. The syntax is like this $ sqlmap -d "(mysql,mssql etc)://@:3306/" -f --banner --dbs --users (or pass whater SQL statement you want) Love how so many say SQLmap only does SQLi - RTFM It is a great enumeration and exploitation tool on database instances too.
you can create your own password (or username) wordlists. Use 'Cewl' or use rockyou.txt. In the video he uses a short list because otherwise it takes way to much time to bruteforce the username and password
Thanks for the video. I got this error: ERROR 2026 (HY000): TLS/SSL error: wrong version number after trying to use this --ssl-mode=disabled (doesn't work in Kali) I tried it with ubuntu, but I face another error... Any suggestion will be appreciated because I already tried to downgrade the protocol in Kali but without success. Thnaks again :)
LOGIN FAILED: root: (Unable to Connect: invalid packet: scramble_length(0) != length of scramble(21))
can you help me sir ?
Here is a question no pen tester can seem to answer.. Lets say I run nmap on the ip of a website. And find MySQL open. Instead of exploiting it like this. How can I use sqlmap against the webpage to dump the database or does it not work like that?
Sqlmap is for exploiting sql injection vulnerability only.Finding open mysql port doesn't mean the website is vulnerable to sql injection
You can point sqlmap at an ip an port. The syntax is like this $ sqlmap -d "(mysql,mssql etc)://@:3306/" -f --banner --dbs --users (or pass whater SQL statement you want) Love how so many say SQLmap only does SQLi - RTFM It is a great enumeration and exploitation tool on database instances too.
You fkin noob or somethin, "No pentester can awnser this".
You want attention, come ill give u attention
where can we get the .txt file? can you put it on the discription box or replay to me
you can create your own password (or username) wordlists. Use 'Cewl' or use rockyou.txt. In the video he uses a short list because otherwise it takes way to much time to bruteforce the username and password
Thanks for the video. I got this error: ERROR 2026 (HY000): TLS/SSL error: wrong version number after trying to use this --ssl-mode=disabled (doesn't work in Kali) I tried it with ubuntu, but I face another error... Any suggestion will be appreciated because I already tried to downgrade the protocol in Kali but without success. Thnaks again :)
when exploiting on Kali, you should use --ssl=FALSE option instead.
@@nhihuynh2857 excellent I did it as you said it worked, thanks
thank you very for this video, please increase the sound
Why don't you turn up the volume?
can I exploit it? if the port is filtered? Please let me know
Bro you should generate payload then it will exploit
Haw i bypass localhost from other host
ik i reply like 3 month ago , but you can't login in localhost from other host, or if u have vpn other host ^-^
@@Yuhimc thinks a lot