Need to query Google for vulnerable SQL servers and extract MD5 hashes? The sqlscan.py Python script is your tool then. If you are using Backtrack release 5 you will first need install Python 2.4.4 and then fix sqlscan.py by following the instructions here and here. Once you have sqlscan.py functioning without errors proceed to the example below.backtrack, google query, hash, information gathering, injection, inurl, Linux, MD5, md5 hash, python, python 2.4, sql, SQL injection, sql scanner, sqlscan, sqlscan.py, vulnerable, web application analysis, web crawlers
Posts Tagged “SQL injection”
Dec 19 2012
Mar 20 2012
Recently I have been doing a lot of testing on a couple of my web sites that run WordPress and realized that securing your site takes a bit of effort. There are some plugins that do a great job at certain things however I wasn’t able to find any that did a great job of securing everything that I would prefer be secured. Below I describe a multi-pronged approach to securing your WordPress site from hacking attempts using multiple WordPress plugins as well as performing a couple manual steps that ensure the WordPress details exposed to the world are minimal..htaccess, bulletproof security, login, login enumeration, login lockdown, login logger, plugin, really simple captcha, ReWriteCond, RewriteRule, secure wordpress, SQL injection, user id enumeration, vulnerability, WordPress, wordpress security, WP, WP Block Admin
Well, I run with psymera a CTF game and we are constantly adding new VMWare machines and new tests just to keep on playing and not get bored. As part of a internal training where I work I started to create some videos on how to use SQLMap (I promise to upload here shortly in a big rant about it) so I started on what everyone does: update your version.
And something interesting happened, sqlmap enumeration broke (gorgeous) but it didn’t look much like it, it baffled me at first, so much that I had to do all by hand and asked psymera if he changed something, he said no.
So this is the info of the updated sqlmap version to that date:
root@fsckOSX:/pentest/database/sqlmap# svn info Path: . URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap Repository Root: https://svn.sqlmap.org/sqlmap Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb Revision: 4380 Node Kind: directory Schedule: normal Last Changed Author: stamparm Last Changed Rev: 4380 Last Changed Date: 2011-09-19 12:08:08 -0700 (Mon, 19 Sep 2011)
the SVN rev is 4380, latest at Sep 19th, here is the example of a run against the vulnerable web server with this revision.database, mysql, sql, SQL injection, sqlmap, svn
Mar 08 2009
The directions below will provide simple instructions on changing the prefix to your WordPress blog’s MySQL database from wp_ to whatever you choose. Its a good idea to change this prefix to prevent zero-day SQL injection attacks from being performed against your WordPress installation since your database tables will be known to everyone if you use the default prefix. So follow the below directions to make the change that should only cause minimal downtime if the steps are followed properly.