Foro de elhacker.net

Programación => Bases de Datos => Mensaje iniciado por: elbrujo20 en 2 Octubre 2015, 07:25 am


Título: Duda con sacar password en mysql
Publicado por: elbrujo20 en 2 Octubre 2015, 07:25 am
Bueno lo que pasa es que llevo dias intentanto hacer el primer reto de hackxcrack y es el de conseguir la password intento hacer una inyeccion sql pero me esta arrojando un error y no entiendo de que es no se mucho de mysql lo estoy haciendo en kali linux con sqlmap y trato de acer los mismos pasos si quiero sacar las columnas da error igual con las tablas hago los tutos que veo  que veo en internet pero solo consigo errores tambien al momento de sacar passwords
[21:44:19] [INFO] testing connection to the target URL
[21:44:20] [INFO] heuristics detected web page charset 'ascii'
[21:44:20] [INFO] testing if the target URL is stable. This can take a couple of seconds
[21:44:21] [INFO] target URL is stable
[21:44:21] [INFO] testing if GET parameter 'id' is dynamic
[21:44:21] [WARNING] GET parameter 'id' does not appear dynamic
[21:44:22] [WARNING] heuristic (basic) test shows that GET parameter 'id' might not be injectable
[21:44:22] [INFO] testing for SQL injection on GET parameter 'id'
[21:44:22] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[21:44:28] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[21:44:31] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[21:44:33] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
[21:44:35] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[21:44:37] [INFO] testing 'MySQL inline queries'
[21:44:38] [INFO] testing 'PostgreSQL inline queries'
[21:44:38] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
[21:44:38] [INFO] testing 'Oracle inline queries'
[21:44:39] [INFO] testing 'SQLite inline queries'
[21:44:39] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[21:44:41] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[21:44:43] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[21:44:46] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[21:44:48] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[21:44:50] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[21:44:52] [INFO] testing 'Oracle AND time-based blind'
[21:44:55] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[21:45:19] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[21:45:19] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly set it using option '--dbms'
[21:45:43] [WARNING] GET parameter 'id' is not injectable
[21:45:43] [CRITICAL] all tested parameters appear to be not injectable. Try to increase '--level'/'--risk' values to perform more tests. Also, you can try to rerun by providing either a valid value for option '--string' (or '--regexp')

Saludos


Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines