Nytro Posted August 6, 2009 Report Share Posted August 6, 2009 (edited) Project DescriptionMarathon Tool is a POC for using heavy queries to perform a Time-Based Blind SQL Injection attack. This tool is still work in progress but is right now in a very good alpha version to extract information from web applications using Microsoft SQL Server, Microsoft Access, MySQL or Oracle Databases.Application Supported features:Database Schema extraction from SQL Server, Oracle and MySQLData extraction from Microsoft Access 97/2000/2003/2007 databasesParameter Injection using HTTP GET or POSTSSL supportHTTP proxy connection availableAuthentication methods: Anonymous, Basic, Digest and NTLMVariable and value insertion in cookies (Does not support dynamic values)Configuration available an flexible for injectionsConfigurable LogCommon Help TopicsConfiguration: http://marathontool.codeplex.com/Wiki/View.aspx?title=ConfigurationReference Linkshttp://technet.microsoft.com/en-us/library/cc512676.aspxDownload:http://marathontool.codeplex.com/Release/ProjectReleases.aspx?ReleaseId=16106Source Code:http://marathontool.codeplex.com/SourceControl/changeset/view/35134 Edited August 6, 2009 by Nytro Quote Link to comment Share on other sites More sharing options...
