Penetration Testing mailing list archives
Re: Time based Blind SQL injection
From: Danux <danuxx () gmail com>
Date: Thu, 29 Mar 2012 09:50:02 -0500
Hi Yiannis, The intent was to share a script as a result of a pen-test, since when I was trying to use sqlmap and sqlninja does tools did not work for me, and I was spending more time trying to figure out how to make them work (possibly due to the lack of expertise on those tools). I did not find a way to tell the tool to replace spaces with %09 but one person in my blog (Miroslav) commented this related to sqlmap: "There is a mechanism called tampering scripts (switch --tamper) and in your case you could just use --tamper=space2randomblank (take a look into ./sqlmap/tamper script for more tampering scripts beside this space2randomblank.py one)" So, that could be an option. I added other features but nothing new and again, the intention is not to replace sqlmap or sqlninja just to share the script. On Thu, Mar 29, 2012 at 5:19 AM, Yiannis Koukouras <ikoukouras () gmail com> wrote:
So, the only difference, from other tools out there, is the support of TAB(%09)? Am I missing something? Ioannis (Yiannis) Koukouras CISSP, CISA, CISM, OSCP MSc in Computer Systems Security BEng in Electronic Engineering http://www.linkedin.com/in/ikoukouras On Mar 13, 2012 5:04 AM, "Danux" <danuxx () gmail com> wrote:Nothing new, just a different approach to automated the process of blind injection based on time. http://danuxx.blogspot.com/2012/03/time-based-blind-sql-injection.html Hope you find it useful. -- DanUx ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
-- DanUx ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Time based Blind SQL injection Danux (Mar 12)
- Re: Time based Blind SQL injection Yiannis Koukouras (Mar 29)
- Message not available
- Re: Time based Blind SQL injection Danux (Mar 29)
- Re: Time based Blind SQL injection Yiannis Koukouras (Mar 29)
- Re: Time based Blind SQL injection martin . mngoma (Mar 30)
- Re: Time based Blind SQL injection Danux (Mar 30)
- Re: Time based Blind SQL injection Danux (Mar 29)