Jump to content
Nytro

Marathon Tool [ SQL Injection ]

By Nytro, in Programe hacking

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted (edited)

2dlroz6.jpg

Project Description

Marathon Tool is a POC for using heavy queries to perform a Time-Based Blind SQL Injection attack. This tool is still work in progress but is right now in a very good alpha version to extract information from web applications using Microsoft SQL Server, Microsoft Access, MySQL or Oracle Databases.

Application Supported features:

Database Schema extraction from SQL Server, Oracle and MySQL

Data extraction from Microsoft Access 97/2000/2003/2007 databases

Parameter Injection using HTTP GET or POST

SSL support

HTTP proxy connection available

Authentication methods: Anonymous, Basic, Digest and NTLM

Variable and value insertion in cookies (Does not support dynamic values)

Configuration available an flexible for injections

Configurable Log

Common Help Topics

Configuration: 

http://marathontool.codeplex.com/Wiki/View.aspx?title=Configuration

Reference Links

http://technet.microsoft.com/en-us/library/cc512676.aspx

Download:

http://marathontool.codeplex.com/Release/ProjectReleases.aspx?ReleaseId=16106

Source Code:

http://marathontool.codeplex.com/SourceControl/changeset/view/35134

Edited by Nytro

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...