SQL Injection Tool 4

Immediately I will say that there was one change, the place where the requests will be inserted is marked {SQLINJ}, that is, if the parameter getid is vulnerable , then in the URL we write

http://localhost/test.php?getid=1{SQLINJ}
And if this is a text parameter then the URL will be

http://localhost/test.php?getid=1'{SQLINJ}
Well, everything else is like, actually, who wants to understand.

The program can be defined by animate viruses such as for example Kaspersky Antivirus 7.0 as HackTool
Detection report: malicious program HackTool.Win32.SQLInject.i 4 File: s-tool.exe

SQL Injection Tool 4
Sipt4.rar [2437KB]

Manual to SQL Injection TooL 3

1. Introduction.
Voobshchem here at last that hands have reached to write a manual to my program. So on 95% of questions on the program you will find the answer here.

2. Begin to use.

The first thing to do is enter the path to the vulnerable script, the HTTP server port, configure the proxy server proxy on the SETTINGS -> MAIN tab, set the server response timeout in the SETTINGS -> MAIN tab in milliseconds, and select the attack method. 2.1.

2.1.1 The GET Method
The method is used when the injection is present in the GET parameter.
Code: Example: http://www.target.ru/vulnscript.php?id=1
If the id parameter is vulnerable, the request to the server takes the form
Code: http://www.target.ru/vulnscript.php?id=1{SQL}

2.1.2 Method GET (With Cookie)
The method is used when the injection is present in cookies, but GET is used
Code: Example: http://www.target.ru/vulnscript.php?id=1
If the VulnCook parameter in cookies is vulnerable, the request to the server takes the form

Code: GET /vulnscript.php?id=1 HTTP / 1.0
Host: www.target.ru
Cookie: VulnCook = {SQL}
Connection: Close

It should be noted that if several cookie parameters are used, then all invulnerable parameters are entered into the table that appears when the Cookie parameters button is pressed , and the vulnerable parameter is entered in the Vulnerable parameter field, and its usual value is entered in the Value field, the same principle is used for POST parameters.

2.1.3 The Cookie Method (GET)
The method is used when the injection is present in the GET parameter, but on the server it is necessary to send in the header a certain cookie (NeedCook), for example for authorization
Code: Example: http://www.target.ru/vulnscript.php?id=1{SQL}
If the id parameter is vulnerable, the request to the server takes the form

Code: GET /vulnscript.php?id=1{SQL} HTTP / 1.0
Host: www.target.ru
Cookie: NeedCook = phpsession
Connection: Close

2.1.4 POST Method
The method is used when the injection is present in the POST parameter.
Code: Example: http://www.target.ru/vulnscript.php
If the id parameter is vulnerable, the request to the server takes the form

Code: POST /vulnscript.php?id=1 HTTP / 1.0
Host : www.target.ru
Connection: Close

Id = {SQL}

2.1.5 The POST (With Cookie) method is a very rare case
The method is used when the injection is present in cookies, but POST is used
Code: Example: http://www.target.ru/vulnscript.php
If the VulnCook parameter in cookies is vulnerable, the request to the server takes the form

Code: POST /vulnscript.php HTTP / 1.0
Host: www.target.ru
Cookie: VulnCook = {SQL}
Connection: Close

2.1.6 Cookie Method (POST)
The method is used when the injection is present in the POST parameter, but on the server it is necessary to send in the header a certain cookie (NeedCook), for example for authorization
Code: Example: http://www.target.ru/vulnscript.php
If the id parameter is vulnerable, the request to the server takes the form

Code: POST /vulnscript.php?id=1{SQL} HTTP / 1.0
Host: www.target.ru
Cookie: NeedCook = phpsession
Connection: Close

Id = 1 {SQL}.

2.2 Keyword or phrase (Text field String)

Here we introduce a word that we can find in this way.

An example for the GET method,
First look
Code: http://www.target.ru/vulnscript.php?id=1
Then we look
Code: http://www.target.ru/vulnscript.php?id=2
We find what is there here
Code: http://www.target.ru/vulnscript.php?id=1
Which is not here (we compare so to speak)
Code: http://www.target.ru/vulnscript.php?id=2
Nearby there is a field in which there is a value FOUND and NOT FOUND , it is just necessary to choose a method of search,

FOUND - This piece of code, or phrase is taken as the basis of correctness (a positive conclusion that the injection is made correctly)

NOT FOUND - This piece of code, or phrases, is taken as the basis for NOT correctness
(Also a positive conclusion that the injection was done correctly)

TIP: To automate the search, you can use the AUTO DETERMINE button, but it's worth noting that there may be a false definition or a false definition not, when a piece of the keyword is inside the tags.

2.3 The Use Basic Authorization checkbox and the Login and Password text fields serve to authorize to enter certain site locations or to access files.

3.1 Next, you need to determine the number of fields that are used in the query to the database, this can be done by clicking on the button "LET KNOW QUANTITY"

There are several options for miscalculation:

3.1.1. The drop-down menu "USE METHOD"
Here you can determine what method to make a miscalculation
- UNION SELECT
- ORDER BY
- GROUP BY
In general, the most common method is ORDER BY and UNION SELECT
But the preferred method for the program is UNION SELECT, since this method immediately determines the output fields (the FIELD SUPPORTS PRINTING text field) required for several program functions.

It should be noted that if you have defined the number of query fields using the ORDER BY and GROUP BY methods and have successfully determined, then you should specify the starting number of search fields and the final number equal to the number found and select the UNION SELECT method to define the fields with output, and press the button "LET KNOW QUANTITY" again.

3.1.2 The Determine suppots printing fields check box using LIMIT
It is needed as an alternative way to search for fields with output.

NOTE: you can also replace the value of the vulnerable parameter with an unreached value to determine the fields with output, again combining it with the check mark 3.1.2

After a successful selection of the number of fields, if you use the GET method, you will have a line in the Work URL field, clicking the "Show in Browser" button will open this query in the browser.

4.1 Identifying the database (SQL Injections -> Identifying DB)
4.1.1 Type of DB - At the moment the program can define two types of databases, these are MySQL and MSSQL

4.1.2 USER () - the name of the user of the database on whose behalf the connection to the database is made

There are 3 options for determining.

UNION - the most acceptable way to determine, the server is sent 1 request to determine the entire value at once.

TAKE ONE SYMBOL - character by character, brutit by one character.
And the interval can be specified on the settings tab.
BRUTE- symbolic definition, brutit all the drain.

Both options are for use in MySQL 3, or if not possible to determine by standard methods. Well, or for kamikaze.

4.1.3 DATABASE () - the name of the database to which the script is attached to execute the query.
The method of operation is similar to USER () p.4.1.2

4.1.4 VERSION () - the version of the database to which the script is attached to execute the query.
The method of operation is similar to USER () p.4.1.2

4.1.5 the CONVERT drop-down menu can help in determining values using UNION when the database uses one encoding, and the USER (), DATABASE (), VERSION () values use a different one.

5.1 Brut names of tables and field fields.
(SQL Injections -> Identifying DB -> MySQL / MSSQL)

Used to search through the names, as mentioned above. +
For a successful search, you must select the number of fields described in section 3.1.1

Here I note that the search uses words from external text dictionaries, so they must be connected on the SETTINGS -> DICTIONARY tab before starting work .
Dictionaries have 4 types
- Table dictionary
- Field dictionary
- Prefix dictionary
- Dictionary of Suffixes (Suffix dictionary)

NOTE : You can edit them on the same tab
.
To use the prefix and suffix dictionaries, you must check the appropriate checkboxes on the tab (SQL Injections -> Identifying DB -> MySQL / MSSQL)

"Use prefix from file when bruteforce tables and fields"
"Use suffix from file when bruteforce tables and fields"

To permanently use one prefix or suffix, you can enter them in the Prefix and Suffix fields. Then they will not be taken from dictionaries.

Then click "GET TABLE NAMES"

However, if you have all the words from the dictionary appear in this list, then the program settings are not correct.

After a successful search, you will see the existing table in the attacked database, you need to select the table you need so that its name appears in the gray field and continue scanning the table for finding the field names by pressing the button "GET FIELD NAMES"

NOTE : you can add prefixes and suffixes from the dictionaries to the field names, the program will ask you when you press the button "GET FIELD NAMES" .

6.1 Obtaining table and field names using the INFORMATION_SCHEMA table.
(SQL Injections -> Identifying DB -> DUMP INF_SCH)
Actual for MySQL5 and MSSQL

The function will work if you have at least one output field, and the number of fields is defined.

There are 2 options.
- Table names only - get only table names
- Table and column names - get the names of the tables and columns in them.

There is also a data entry delimiter, the top level ( FROM ) is set to 16 by default, since the first 15 tables are standard and do not carry much information.

The "GO DUMP" button starts the data acquisition process.
The received data can be saved to a file by pressing the button "SAVE TO FILE"

There is a drop-down menu "Convert" , the essence of the menu and its operation is identical to p.4.1.5

7.1 Symbol of arbitrary data
(SQL Injections -> OneChar BruteForce)
MySQL is current since version 4.1 and MSSQL.
Used for a character data bar from a table

The interval of brute is taken from the tab SETTINGS -> MAIN.

You can use query type, SELECT id FROM news

The "Preview SQL query" button displays a preliminary request to the server

The button "GET RESULT" starts the process of brute.

8.1 Obtaining data from the database. (SQL Injections -> Data BruteForce)
Actual for MySQL 4 and MSSQL

The function will work if you have at least one output field, and the number of fields is defined.

First you need to fill the Table field with the name of the table you want.
Next, you need to add the names of the required fields to the list by typing these names in the field below the list, and pressing the "ADD FIELD" button .

Field names can be obtained using tabs 5.1 and 6.1.

NOTE: you can delete unnecessary fields from the list using the "REMOVE FIELD" button

Next, the start and end position of the line is adjusted. In order to check the correctness of the settings, you can press the "TEST" button , if everything is ok, then you should have the value of the selected fields separated by a colon ":" in the list corresponding to the first line in the database in the field to the left of the "TEST" button

If the value appears, you can start receiving the data, for this press the button "GET IT" .

The received data can be saved to a file by pressing the button "SAVE TO FILE"

9.1 Back connect from MSSQL
Used to make the connection from the database. In doing so, the MSSQL master.xp_cmdshell database procedure is used to implement the backcontext, you need to check the IP address in the line and set the NetCat path in the SETTINGS -> MAIN tab.

With successful operation, you will have a command console in which you will open a connection to the server.
10.1 Working with files

10.1.1 MySQL
Used to work with files via SQL injection

10.1.1.1 Reading a file

The function will work if you have at least one output field, and the number of fields is defined.

You need to register the absolute path to the file on the server in the lower frame field.

Example: /home/user/public_hmtl/index.php

And press the "READ" button . In case of successful reading, the file will appear on the screen in the editor window, where you can save this file using the menu item "SAVE FILE"

10.1.1.2 Uploading a file to the server

The function will work if:
1) you have at least one output field,
2) the number of fields is determined.
3) IN THE SERVER CONFIGURATION, SHOULD NOT BE SCREENED !!

Again, you need to register the absolute path to the created file on the server in the upper frame field.

There are 2 options for uploading the file.
- UNION - uses INTO OUTFILE (standard version)
- ENCLOSED BY - used in MySQL since version 3 (it is advisable to use when version 1 does not work)

The text of the file to be uploaded to the server is entered in the text field from the bottom.

10.1.2 MSSQL
Everything is done by analogy with item 10.1.1

11.1 Terminal
Used to send arbitrary packets to the server, as well as to view the response of the server (header and response body). There is a search function in the body.

The request is written in "HTTP REQUEST"
The response header is written "ANSWER: HTTP HEADER"
The response body is written "ANSWER: HTTP BODY"

The request is sent by pressing the "SEND REQUEST" button

12.1 History
Here all the requests to the server are displayed, and additional information.
You can save it by using the menu item "HISTORY -> SAVE LOG" , or clear it by pressing the same "HISTORY -> CLEAR LOG"

13.1 Settings
13.1.1 General
Translation of the interface (Path to language file).
Path for NetCat (Path to NetCat) - used in paragraph 9.1
Proxy settings
- use proxy
- IP address
- Port
Symbol interval ( BruteForce symbol code interval ) - used in 4.1.2-4.1.5 and 7.1

Menu 1. Close the SQL statement (Close SQL) - used to cut off the original query, so that an error does not appear.
For each database, different "Closures" are used
- MySQL = / *
- MSSQL = -

Menu 2. Change quotes to an analogue (Change quotes to)
Used to bypass filtering with scripts.

Menu 3. Change the space for the analog (Change space to)
Used to bypass filtering with scripts

Other features:

Main menu.

Double Tools - the program window is enlarged, it is possible to arrange the program tabs arbitrarily, for convenience, for example, any window with a terminal or history, encoders and decoders

Default Settings - all settings of the program are reset.

STOP - stops the program.

Utilities section

Contains a variety of encoders and string decoders, such as HEX, BASE64, URL-LIKE, PHP CHR

Your SQLHack.

Liked? Subscribe to RSS news!
You can also support shram.kiev.ua, press:

It will not be superfluous for your friends to learn this information, share their article with them!

Expand / Collapse

Comments

When commenting on, remember that the content and tone of your message can hurt the feelings of real people, show respect and tolerance to your interlocutors even if you do not share their opinion, your behavior in the conditions of freedom of expression and anonymity provided by the Internet, changes Not only virtual, but also the real world. All comments are hidden from the index, spam is controlled.

All news

Site
Forum

The Japanese "Virginity Killer" Photo 2017-03-10
How to choose the right wine for your dish Photo 2017-03-08
How to dress by age and not look stupid Photo 2017-03-08
Sexual variant "Follow me" Photo 2017-03-08
Plate of healthy food Photo 2017-03-08
NASA has opened free access to its software Photo 2017-03-08
Kate Moss, the main beauty of the generation, the femme fatale Photo 2017-03-08
101 Method of application of the paracord Photo 2017-03-05
Everything you wanted to know about tires. Marking, types, seasonality Photo 2017-03-05
How to choose quality natural spices and spices Photo 2017-03-04
Emma Watson (26 years) undressed for the March Vanity Fair Photo 2017-03-04
Emma Watson (Emma Watson) undressed for Natural Beauty Photo 2017-03-04
Tattoo with the image of famous heroes Photo 2017-03-03
Scheme of all municipal transport in Kiev Photo 2017-02-28
How often to have sex according to age Photo 2017-02-28
Fisherman's calendar and forecast of the biting of peaceful / predatory fish for 2017 Photo 2017-02-26
Fishing knots, how to tie a hook, prepare for summer Photo 2017-02-26
Euthanasia Coaster, a project of roller coasters designed for the death penalty Photo 2017-02-26
VEB Page can be evidence in court Photo 2017-02-26
In such a cosplay, you yourself will want to play Photo 2017-02-25
A smart selection of girls from Japan. Photo 2017-02-25
GOI paste (from GOI - State Optical Institute) Photo 2017-02-24
Unnecessary things, which you should quickly get rid of Photo 2017-02-24
Harmful daily habits, because of which there is bloating Photo 2017-02-24
The levers of control of aircraft engines (ORE), it is not enough ... Photo 2017-02-24
Modern design of the Business card Photo 2017-02-23
Cats, artist Vladimir Rumyantsev Photo 2017-02-23
Interesting facts about the film Prometheus Photo 2017-02-23
What did the NASA conference say? Photo 2017-02-21
The format of the SSL certificate, how to convert the certificate to .pem, .cer, .crt, .der, pkcs or pfx Photo 2017-02-21
Types of bleeding and first aid rules you need to know! Photo 2017-02-20

Japanese "Virginity killer" In Japan, a new trend: a sweater called Virgin-Killing Sweater or ... Photo 2017-03-10
How to choose the right wine for your dish The rule "red for meat, white for fish" is in effect ... Photo 2017-03-08
How to dress by age and not look stupid How long have you felt? Go, I suppose, like a pimple ... Photo 2017-03-08
Sexual version of "Follow Me" A few years ago, Russian photographers Murad and Natalia Osman created ... Photo 2017-03-08
A plate of healthy food Harvard University and modern science conducts numerous studies to optimize ... Photo 2017-03-08
NASA has opened free access to its software NASA has opened free access to the software catalog 2017-2018. How to ... Photo 2017-03-08
Kate Moss, the main beauty of the generation, the fatal woman Every generation has its own main beauty, a fatal woman, who ... Photo 2017-03-08
101 Paracord method of use For most people the paracord is known as a very convenient device with ... Photo 2017-03-05
Everything you wanted to know about tires. Marking, types, seasonality Tires are the main link between the car and the road. From the ... Photo 2017-03-05
How to choose quality natural spices and spices How to choose natural spices and spices in the market or in ... Photo 2017-03-04
Emma Watson (26 years old) undressed for the March Vanity Fair Emma undressed for the March Vanity Fair, true, on the cover ... Photo 2017-03-04
Emma Watson (Emma Watson) undressed for the book Natural Beauty Emma decided to do this for the book Natural Beauty! And she ... Photo 2017-03-04
A tattoo featuring famous heroes A bitane tattoo artist creates incredibly realistic tattoos with images of famous heroes ... Photo 2017-03-03
Scheme of all municipal transport in Kiev The scheme indicates all buses, trolleybus and tram routes, and ... Photo 2017-02-28
How often you need to have sex according to age Many are curious to know whether they are having sex too much or too much ... Photo 2017-02-28
Fisherman's calendar and the forecast of the biting of peaceful / predatory fish for 2017 There are certain phases of the luminary, when you just need to be alone ... Photo 2017-02-26
Fishing knots how to tie a hook, prepare for the summer The type of knot is chosen taking into account the type of fishing line used (monofilament or ... Photo 2017-02-26
Euthanasia Coaster, a project of roller coasters designed for the death penalty The author acknowledges that the roller coaster is not the optimal machine for the ... Photo 2017-02-26
VEB Page can be evidence in court It is necessary to understand that, for example, copyrights are violated not by the existing ... Photo 2017-02-26
In such a cosplay, you yourself will want to play The main prototypes of a costume game - cartoon characters, anime, video games, movies, ... Photo 2017-02-25
A smart selection of girls from Japan. The Japanese (Japanese nihondzin / nipponzin, nihon-minzoku) are the people, the main (more than 98%) ... Photo 2017-02-25

Cats. Artist Vladimir Rumyantsev. Photo 2017-02-23
Prometheus - Interesting Facts Photo 2017-02-23
Did you see the Lithuanian Cheerleaders? Worth Seeing! 2017-02-23
Olsen, Elizabeth / Elizabeth Olsen Photo 2017-02-23
She sat at the Window, And He Entered Her Car ... Photo 2017-02-23
Photo of Cats, Cats, Kitties Photo 2017-02-23
How the Turtle Can Run Photo 2017-02-23
Bengal Cat Talking With a Kitten 2017-02-23
National Bank Introduces New Coin to Circulation (Photo) Photo 2017-02-23
Protasov Yar 30 Years Ago Photo 2017-02-23
Photo of the Animals Photo 2017-02-23
Nasa Broadcast What's Reported At the Nasa Photo Conference 2017-02-23
Something, Size With Jupiter, Rushing "Through" the Sun Photo 2017-02-22
Central Streets of Kiev Will Be Blocked For Five Days Photo 2017-02-20
3 Folk Ways to Make the Vagina Narrow And Elastic Photo 2017-02-20
Monica Bellucci In The Magazine Gq Italy, February 2017 Photo 2017-02-20
The Serebro Group In Maxim Magazine, March 2017 Photo 2017-02-20
What to Do If You Have been Detained by Police - 146 Article Piracy Photo 2017-02-20
New Free Os has appeared Photo 2017-02-18
Wood Under the Electron Microscope Photo 2017-02-18
The Market of Payment Cards In 2016, Demonstrated a Significant Growth Photo 2017-02-18

Social

Your IP: 66.249.93.30
Your Country: European Union

Free 50 UAH for your Monobank card?