'DBMS'에 해당되는 글 2건

  1. 2011.04.12 SQL injection PT tool - sqlmap 0.9 (update)
  2. 2009.07.14 SQL로 Oracle Alert Log 파일 조회
2011.04.12 18:56

SQL injection PT tool - sqlmap 0.9 (update)



“sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.“


This is the change log:

  • Rewritten SQL injection detection engine (Bernardo and Miroslav).
  • Support to directly connect to the database without passing via a SQL injection, -d switch (Bernardo and Miroslav).
  • Added full support for both time-based blind SQL injection and error-based SQL injection techniques (Bernardo and Miroslav).
  • Implemented support for SQLite 2 and 3 (Bernardo and Miroslav).
  • Implemented support for Firebird (Bernardo and Miroslav).
  • Implemented support for Microsoft Access, Sybase and SAP MaxDB (Miroslav).
  • Extended old ‘–dump -C‘ functionality to be able to search for specific database(s), table(s) and column(s), –search switch (Bernardo).
  • Added support to tamper injection data with –tamper switch (Bernardo and Miroslav).
  • Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack (Miroslav).
  • Added support to enumerate roles on Oracle, –roles switch (Bernardo).
  • Added support for SOAP based web services requests (Bernardo).
  • Added support to fetch unicode data (Bernardo and Miroslav).
  • Added support to use persistent HTTP(s) connection for speed improvement, –keep-alive switch (Miroslav).
  • Implemented several optimization switches to speed up the exploitation of SQL injections (Bernardo and Miroslav).
  • Support to test and inject against HTTP Referer header (Miroslav).
  • Implemented HTTP(s) proxy authentication support, –proxy-cred switch (Miroslav).
  • Implemented feature to speedup the enumeration of table names (Miroslav).
  • Support for customizable HTTP(s) redirections (Bernardo).
  • Support to replicate the back-end DBMS tables structure and entries in a local SQLite 3 database, –replicate switch (Miroslav).
  • Support to parse and test forms on target url, –forms switch (Bernardo and Miroslav).
  • Added switches to brute-force tables names and columns names with a dictionary attack, –common-tables and –common-columns. Useful for instance when system table ‘information_schema‘ is not available on MySQL (Miroslav).
  • Basic support for REST-style URL parameters by using the asterisk (*) to mark where to test for and exploit SQL injection (Miroslav).
  • Added safe URL feature, –safe-url and –safe-freq (Miroslav).
  • Added –text-only switch to strip from the HTTP response body the HTML/JS code and compare pages based only on their textual content (Miroslav).
  • Implemented few other features and switches (Bernardo and Miroslav).
  • Over 100 bugs fixed (Bernardo and Miroslav).
  • Major code refactoring (Bernardo and Miroslav).
  • User’s manual updated (Bernardo).

Download sqlmap 0.9 (sqlmap-0.9.tar.gz/sqlmap-0.9.zip) here.

출처 :  www.pentestit.com


Trackback 1 Comment 0
2009.07.14 15:16

SQL로 Oracle Alert Log 파일 조회

DBMS LOG용 디렉토리 생성

CREATE OR REPLACE DIRECTORY DIR_BDUMP AS '/oracle/admin/SID/bdump/';

DBMS LOG 외부 테이블 생성

CREATE TABLE DBMSLOG (
  LOG_TEXT VARCHAR2(4000)
)
ORGANIZATION EXTERNAL (
  TYPE ORACLE_LOADER
  DEFAULT DIRECTORY DIR_BDUMP
  ACCESS PARAMETERS (
    RECORDS DELIMITED BY NEWLINE
    FIELDS TERMINATED BY '~'
    MISSING FIELD VALUES ARE NULL (
      LOG_TEXT CHAR(4000)
    )
  )
  LOCATION ('alert_SID.log')
)
REJECT LIMIT UNLIMITED;

DBMS LOG 뷰 생성

CREATE OR REPLACE VIEW DBMSLOG_VI
AS
SELECT LOG_RNUM
, LAST_VALUE(LOG_LNUM IGNORE NULLS)
OVER(ORDER BY LOG_RNUM ROWS BETWEEN UNBOUNDED PRECEDING
AND CURRENT ROW) LOG_SNUM
, LAST_VALUE(LOG_DATE IGNORE NULLS)
OVER(ORDER BY LOG_RNUM ROWS BETWEEN UNBOUNDED PRECEDING
AND CURRENT ROW) LOG_DATE
, TRC_FILE
, LOG_TEXT
FROM (SELECT ROWNUM LOG_RNUM
, NVL2(LOG_DATE, ROWNUM, NULL) LOG_LNUM
, LOG_DATE
, TRC_FILE
, LOG_TEXT
FROM (SELECT CASE REGEXP_INSTR(LOG_TEXT,
'[[:digit:]]{2}:[[:digit:]]{2}:[[:digit:]]{2}'
|| ' [[:digit:]]{4}')
WHEN 0 THEN NULL
ELSE TO_DATE(LOG_TEXT
, 'Dy Mon DD HH24:MI:SS YYYY'
, 'NLS_DATE_LANGUAGE=AMERICAN')
END LOG_DATE
, CASE REGEXP_INSTR(LOG_TEXT, '^Errors in file')
WHEN 1 THEN REGEXP_REPLACE(LOG_TEXT
, '^Errors in file (.*):$'
, '\1')
ELSE NULL
END TRC_FILE
, LOG_TEXT
FROM DBMSLOG));

COMMENT ON TABLE DBMSLOG_VI IS 'DBMS Alert 로그 뷰';

COMMENT ON COLUMN DBMSLOG_VI.LOG_RNUM IS 'DBMS Alert 로그 순번';
COMMENT ON COLUMN DBMSLOG_VI.LOG_SNUM IS 'DBMS Alert 로그 시작 순번 그룹';
COMMENT ON COLUMN DBMSLOG_VI.LOG_DATE IS 'DBMS Alert 로그 일시';
COMMENT ON COLUMN DBMSLOG_VI.TRC_FILE IS 'DBMS Alert Trace 파일';
COMMENT ON COLUMN DBMSLOG_VI.LOG_TEXT IS 'DBMS Alert 로그 내용';

DBMS LOG 파일 조회

SELECT A.LOG_DATE
, A.TRC_FILE
, A.LOG_TEXT
FROM (SELECT TO_CHAR(MIN(LOG_DATE), 'YYYY-MM-DD HH24:MI:SS') LOG_DATE
, SUBSTR(XMLAGG(XMLELEMENT(TEMP, CHR(10) || TRC_FILE)
ORDER BY LOG_RNUM)
.EXTRACT('//text()').GETSTRINGVAL(), 2) TRC_FILE
, SUBSTR(XMLAGG(XMLELEMENT(TEMP, CHR(10) || LOG_TEXT)
ORDER BY LOG_RNUM)
.EXTRACT('//text()').GETSTRINGVAL(), 2) LOG_TEXT
FROM DBMSLOG_VI
WHERE LOG_DATE BETWEEN TRUNC(SYSDATE - :DAY)
AND SYSDATE - :DAY
GROUP BY LOG_SNUM
ORDER BY LOG_SNUM DESC) A
WHERE LOG_TEXT LIKE '%' || :TEXT || '%';

참고

Query the Oracle Alert Log using SQL commands
Oracle Regular Expression(정규표현식)


Trackback 0 Comment 0