'2010/05'에 해당되는 글 12건
- 2010/05/31 SQL Injection and Signature Evasion
- 2010/05/26 URL Encoding Reference
- 2010/05/25 sqlninja - a SQL Server injection & takeover tool
SQL-Injection: Attack-Types
SQL Injection and Signature Evasion.pdf
ASCII device control characters %00-%1f
| ASCII Character | Description | URL-encoding |
|---|---|---|
| NUL | null character | %00 |
| SOH | start of header | %01 |
| STX | start of text | %02 |
| ETX | end of text | %03 |
| EOT | end of transmission | %04 |
| ENQ | enquiry | %05 |
| ACK | acknowledge | %06 |
| BEL | bell (ring) | %07 |
| BS | backspace | %08 |
| HT | horizontal tab | %09 |
| LF | line feed | %0A |
| VT | vertical tab | %0B |
| FF | form feed | %0C |
| CR | carriage return | %0D |
| SO | shift out | %0E |
| SI | shift in | %0F |
| DLE | data link escape | %10 |
| DC1 | device control 1 | %11 |
| DC2 | device control 2 | %12 |
| DC3 | device control 3 | %13 |
| DC4 | device control 4 | %14 |
| NAK | negative acknowledge | %15 |
| SYN | synchronize | %16 |
| ETB | end transmission block | %17 |
| CAN | cancel | %18 |
| EM | end of medium | %19 |
| SUB | substitute | %1A |
| ESC | escape | %1B |
| FS | file separator | %1C |
| GS | group separator | %1D |
| RS | record separator | %1E |
| US | unit separator | %1F |
URL-encoding from %00 to %8f
| ASCII Value | URL-encode | ASCII Value | URL-encode | ASCII Value | URL-encode |
|---|---|---|---|---|---|
| æ | %00 | 0 | %30 | ` | %60 |
| %01 | 1 | %31 | a | %61 | |
| %02 | 2 | %32 | b | %62 | |
| %03 | 3 | %33 | c | %63 | |
| %04 | 4 | %34 | d | %64 | |
| %05 | 5 | %35 | e | %65 | |
| %06 | 6 | %36 | f | %66 | |
| %07 | 7 | %37 | g | %67 | |
| backspace | %08 | 8 | %38 | h | %68 |
| tab | %09 | 9 | %39 | i | %69 |
| linefeed | %0a | : | %3a | j | %6a |
| %0b | ; | %3b | k | %6b | |
| %0c | < | %3c | l | %6c | |
| c return | %0d | = | %3d | m | %6d |
| %0e | > | %3e | n | %6e | |
| %0f | ? | %3f | o | %6f | |
| %10 | @ | %40 | p | %70 | |
| %11 | A | %41 | q | %71 | |
| %12 | B | %42 | r | %72 | |
| %13 | C | %43 | s | %73 | |
| %14 | D | %44 | t | %74 | |
| %15 | E | %45 | u | %75 | |
| %16 | F | %46 | v | %76 | |
| %17 | G | %47 | w | %77 | |
| %18 | H | %48 | x | %78 | |
| %19 | I | %49 | y | %79 | |
| %1a | J | %4a | z | %7a | |
| %1b | K | %4b | { | %7b | |
| %1c | L | %4c | | | %7c | |
| %1d | M | %4d | } | %7d | |
| %1e | N | %4e | ~ | %7e | |
| %1f | O | %4f | %7f | ||
| space | %20 | P | %50 | € | %80 |
| ! | %21 | Q | %51 | %81 | |
| " | %22 | R | %52 | ‚ | %82 |
| # | %23 | S | %53 | ƒ | %83 |
| $ | %24 | T | %54 | „ | %84 |
| % | %25 | U | %55 | … | %85 |
| & | %26 | V | %56 | † | %86 |
| ' | %27 | W | %57 | ‡ | %87 |
| ( | %28 | X | %58 | ˆ | %88 |
| ) | %29 | Y | %59 | ‰ | %89 |
| * | %2a | Z | %5a | Š | %8a |
| + | %2b | [ | %5b | ‹ | %8b |
| , | %2c | \ | %5c | Π| %8c |
| - | %2d | ] | %5d | %8d | |
| . | %2e | ^ | %5e | Ž | %8e |
| / | %2f | _ | %5f | %8f |
URL-encoding from %90 to %ff
| ASCII Value | URL-encode | ASCII Value | URL-encode | ASCII Value | URL-encode |
|---|---|---|---|---|---|
| %90 | À | %c0 | ð | %f0 | |
| ‘ | %91 | Á | %c1 | ñ | %f1 |
| ’ | %92 | Â | %c2 | ò | %f2 |
| “ | %93 | Ã | %c3 | ó | %f3 |
| ” | %94 | Ä | %c4 | ô | %f4 |
| • | %95 | Å | %c5 | õ | %f5 |
| – | %96 | Æ | %c6 | ö | %f6 |
| — | %97 | Ç | %c7 | ÷ | %f7 |
| ˜ | %98 | È | %c8 | ø | %f8 |
| ™ | %99 | É | %c9 | ù | %f9 |
| š | %9a | Ê | %ca | ú | %fa |
| › | %9b | Ë | %cb | û | %fb |
| œ | %9c | Ì | %cc | ü | %fc |
| %9d | Í | %cd | ý | %fd | |
| ž | %9e | Î | %ce | þ | %fe |
| Ÿ | %9f | Ï | %cf | ÿ | %ff |
| %a0 | Ð | %d0 | |||
| ¡ | %a1 | Ñ | %d1 | ||
| ¢ | %a2 | Ò | %d2 | ||
| £ | %a3 | Ó | %d3 | ||
| %a4 | Ô | %d4 | |||
| ¥ | %a5 | Õ | %d5 | ||
| | | %a6 | Ö | %d6 | ||
| § | %a7 | %d7 | |||
| ¨ | %a8 | Ø | %d8 | ||
| © | %a9 | Ù | %d9 | ||
| ª | %aa | Ú | %da | ||
| « | %ab | Û | %db | ||
| ¬ | %ac | Ü | %dc | ||
| ¯ | %ad | Ý | %dd | ||
| ® | %ae | Þ | %de | ||
| ¯ | %af | ß | %df | ||
| ° | %b0 | à | %e0 | ||
| ± | %b1 | á | %e1 | ||
| ² | %b2 | â | %e2 | ||
| ³ | %b3 | ã | %e3 | ||
| ´ | %b4 | ä | %e4 | ||
| µ | %b5 | å | %e5 | ||
| ¶ | %b6 | æ | %e6 | ||
| · | %b7 | ç | %e7 | ||
| ¸ | %b8 | è | %e8 | ||
| ¹ | %b9 | é | %e9 | ||
| º | %ba | ê | %ea | ||
| » | %bb | ë | %eb | ||
| ¼ | %bc | ì | %ec | ||
| ½ | %bd | í | %ed | ||
| ¾ | %be | î | %ee | ||
| ¿ | %bf | ï | %ef |
URL Encoding (VB.net)
출처 : aybim.com.tr
ASCII,
character,
device control,
Encoding,
hi.pe.kr,
Reference,
Url,
URL-encoding,
URLEncode,
물고기,
프로그램
Sqlninja's goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv2.
There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on getting an interactive shell on the remote DB server and using it as a foothold in the target network. In a nutshell, here's what it does:
- Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB Server authentication mode)
- Bruteforce of the 'sa' password
- Privilege escalation to 'sa'
- Creation of a custom xp_cmdshell if the original one has been disabled
- Upload of executables
- Reverse scan in order to look for a port that can be used for a reverse shell
- Direct and reverse shell, both TCP and UDP
- DNS tunneled pseudoshell, when no ports are available for a bindshell
- Metasploit wrapping, when you want to use Meterpreter or even want to get GUI access on the remote DB server
- OS privilege escalation on the remote DB server using token kidnapping
- All of the above can be done with obfuscated SQL code, in order to confuse IDS/IPS systems
For the latest release and two flash demos, check out the address http://sqlninja.sourceforge.net/. The demos refer to a previous version but are still perfectly good to get a better understanding of the tool.
Read this manual carefully (yes, I mean all of it), as it will explain you what it is all about and how to make your way through all sqlninja options. Yes, I know that it's terribly long and boring, but since sqlninja has a plethora of options to play with (and no shiny green buttons), try to read the whole thing: it will help you to get the most of the tool and will save you a lot of time later.
## Demo ##
출처 : http://sqlninja.sourceforge.net/
Prev
Facebook
