SQLMap takes long time, when i choose level=5 and risk=3
Question
当我设置 risk=3 和 level=5 时,sqlmap 需要很长时间,大约 1 小时才能完成任务,真的很乏味,我是渗透测试的新手,请帮助我。
python sqlmap.py -u "Application url" --dbms=MySQL --threads=10 -time-sec=10 --level=3 --risk=2 --cookie="PHPSESSID:1r4fk7m10s3sj0nkbgdu1a48v0" --batch -v2 -o --keep-alive --user-agent="Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" --no-cast --no-escape --tamper="space2comment,between"
2 answers
solution1
0 2019-10-07 20:32:49
Sometimes SQL injection is very slow and tedious (like if it requires time-based blind SQLi).
In your case, it looks like you are using -time-sec=10 , which from the output of the help command is: Seconds to delay the DBMS response . So, you appear to be artificially delaying the response by 10 seconds per request. If that is necessary, of course it will take forever. If it isn't necessary, then, well... take it out and it should finish (at least) twice as fast.
Also, keep in mind that SQLi can be very noisy, and could get you caught on a pentest. Often, slow and steady is preferred.
solution2
0 2019-12-26 09:38:05
setting higher risk and level values increases the number of attempts with different added attacks on the parameter. You should start with medium values a.ka. level=2 risk=1..etc..and then increment if it doesn't work. As the other user pointed out...sqlmap is very noisy. In a some Databases ..it will actually leave behind all the attempts as entry into the table rows.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.