Penetration Testing
Re: Time based Blind SQL injection Mar 29 2012 02:50PM
Danux (danuxx gmail com) (1 replies)
Hi Yiannis,

The intent was to share a script as a result of a pen-test, since when
I was trying to use sqlmap and sqlninja does tools did not work for
me, and I was spending more time trying to figure out how to make them
work (possibly due to the lack of expertise on those tools). I did not
find a way to tell the tool to replace spaces with %09 but one person
in my blog (Miroslav) commented this related to sqlmap:

"There is a mechanism called tampering scripts (switch --tamper) and
in your case you could just use --tamper=space2randomblank (take a
look into ./sqlmap/tamper script for more tampering scripts beside
this space2randomblank.py one)"

So, that could be an option.

I added other features but nothing new and again, the intention is not
to replace sqlmap or sqlninja just to share the script.

On Thu, Mar 29, 2012 at 5:19 AM, Yiannis Koukouras <ikoukouras (at) gmail (dot) com [email concealed]> wrote:
>
> So, the only difference, from other tools out there, is the support of
> TAB(%09)?
>
> Am I missing something?
>
> Ioannis (Yiannis) Koukouras
> CISSP, CISA, CISM, OSCP
> MSc in Computer Systems Security
> BEng in Electronic Engineering
> http://www.linkedin.com/in/ikoukouras
>
> On Mar 13, 2012 5:04 AM, "Danux" <danuxx (at) gmail (dot) com [email concealed]> wrote:
>>
>> Nothing new, just a different approach to automated the process of
>> blind injection based on time.
>>
>> http://danuxx.blogspot.com/2012/03/time-based-blind-sql-injection.html
>>
>> Hope you find it useful.
>>
>>
>> --
>> DanUx
>>
>> ------------------------------------------------------------------------

>> This list is sponsored by: Information Assurance Certification Review
>> Board
>>
>> Prove to peers and potential employers without a doubt that you can
>> actually do a proper penetration test. IACRB CPT and CEPT certs require a
>> full practical examination in order to become certified.
>>
>> http://www.iacertification.org
>> ------------------------------------------------------------------------

>>

--
DanUx

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]
Re: Time based Blind SQL injection Mar 29 2012 07:04PM
Yiannis Koukouras (ikoukouras gmail com) (1 replies)
Re: Time based Blind SQL injection Mar 30 2012 09:07AM
martin mngoma gmail com (1 replies)
Re: Time based Blind SQL injection Mar 30 2012 03:39PM
Danux (danuxx gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus