The command uses sqlmap, a powerful SQL injection and database penetration testing tool. The flag -u specifies the target URL, and -dbs instructs sqlmap to enumerate the available databases on the DBMS behind that URL.
Command Breakdown:
-u: Target URL with injectable parameters
-dbs: Retrieve and enumerate all available database names
This is a common first step in identifying vulnerable DBMS structures after confirming SQL injection.
Incorrect Options:
A. Backdoor creation is not the default function of sqlmap.
C. Retrieving SQL statements would require additional options like --trace or --sql-query.
D. Option D is not technically accurate—sqlmap is used for injection and enumeration, not searching statements.
Reference – CEH v13 Official Courseware:
Module 14: Hacking Web Applications
Section: “SQL Injection Tools and Automation”
Tool Reference: sqlmap usage and options
=
Submit