'sqlite'에 해당되는 글 2건

  1. 2011.04.12 SQL injection PT tool - sqlmap 0.9 (update)
  2. 2009.06.09 XAMPP for Windows
2011. 4. 12. 18:56

SQL injection PT tool - sqlmap 0.9 (update)



“sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.“


This is the change log:

  • Rewritten SQL injection detection engine (Bernardo and Miroslav).
  • Support to directly connect to the database without passing via a SQL injection, -d switch (Bernardo and Miroslav).
  • Added full support for both time-based blind SQL injection and error-based SQL injection techniques (Bernardo and Miroslav).
  • Implemented support for SQLite 2 and 3 (Bernardo and Miroslav).
  • Implemented support for Firebird (Bernardo and Miroslav).
  • Implemented support for Microsoft Access, Sybase and SAP MaxDB (Miroslav).
  • Extended old ‘–dump -C‘ functionality to be able to search for specific database(s), table(s) and column(s), –search switch (Bernardo).
  • Added support to tamper injection data with –tamper switch (Bernardo and Miroslav).
  • Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack (Miroslav).
  • Added support to enumerate roles on Oracle, –roles switch (Bernardo).
  • Added support for SOAP based web services requests (Bernardo).
  • Added support to fetch unicode data (Bernardo and Miroslav).
  • Added support to use persistent HTTP(s) connection for speed improvement, –keep-alive switch (Miroslav).
  • Implemented several optimization switches to speed up the exploitation of SQL injections (Bernardo and Miroslav).
  • Support to test and inject against HTTP Referer header (Miroslav).
  • Implemented HTTP(s) proxy authentication support, –proxy-cred switch (Miroslav).
  • Implemented feature to speedup the enumeration of table names (Miroslav).
  • Support for customizable HTTP(s) redirections (Bernardo).
  • Support to replicate the back-end DBMS tables structure and entries in a local SQLite 3 database, –replicate switch (Miroslav).
  • Support to parse and test forms on target url, –forms switch (Bernardo and Miroslav).
  • Added switches to brute-force tables names and columns names with a dictionary attack, –common-tables and –common-columns. Useful for instance when system table ‘information_schema‘ is not available on MySQL (Miroslav).
  • Basic support for REST-style URL parameters by using the asterisk (*) to mark where to test for and exploit SQL injection (Miroslav).
  • Added safe URL feature, –safe-url and –safe-freq (Miroslav).
  • Added –text-only switch to strip from the HTTP response body the HTML/JS code and compare pages based only on their textual content (Miroslav).
  • Implemented few other features and switches (Bernardo and Miroslav).
  • Over 100 bugs fixed (Bernardo and Miroslav).
  • Major code refactoring (Bernardo and Miroslav).
  • User’s manual updated (Bernardo).

Download sqlmap 0.9 (sqlmap-0.9.tar.gz/sqlmap-0.9.zip) here.

출처 :  www.pentestit.com


Trackback 1 Comment 0
2009. 6. 9. 19:29

XAMPP for Windows

The XAMPP 1.7.1 is available!

We've released a new version of XAMPP, including:

  • Apache HTTPD 2.2.11 + Openssl 0.9.8i
  • MySQL 5.1.33
  • PHP 5.2.9
  • phpMyAdmin 3.1.3.1
  • XAMPP CLI Bundle 1.3
  • FileZilla FTP Server 0.9.31
  • Mercury Mail Transport System 4.62
Please visit the win32 compatibility list.

Vista Note: Because missing or insufficient write permissions in the c:\program files folder of the default vista installation, we recommend to use alternate folders for XAMPP e.g. c:\xampp or c:\myfolder\xampp.

Big thanks to Chris from www.nat32.com for his fast adaption of his XAMPP Control Panel. Download older versions of XAMPP (even the "old" WAMPP) directly from Source Forge.

Download

* XAMPP

You can download XAMPP for Windows as three different variations:
Installer
Easy and safe: XAMPP with a comfortable installer.
ZIP archive
For purists: XAMPP as ordinary ZIP archive.
Self-extracting ZIP archive
Economical: XAMPP as very small self-extracting 7-ZIP archive.
XAMPP for Windows 1.7.1, 2009/04/14

Version

Size

Content
XAMPP Windows 1.7.1
[Basic package]
Apache HTTPD 2.2.11, MySQL 5.1.33, PHP 5.2.9, Openssl 0.9.8i, phpMyAdmin 3.1.3.1, XAMPP Control Panel 2.5, XAMPP CLI Bundle 1.3, Webalizer 2.01-10, Mercury Mail Transport System v4.62, FileZilla FTP Server 0.9.31, SQLite 2.8.15, ADODB 5.06a, Zend Optimizer 3.3.0, eAccelerator 0.9.5.3, XAMPP Security, Ming. For Windows 2000, 2003, XP, VISTA. See also README
Installer 35 MB Installer
MD5 checksum: 9a0974516975432788c3c853ae31e518
ZIP 82 MB ZIP archive
MD5 checksum: 98c5db072a4163fa7772f32769bcfdd8
EXE (7-zip) 31 MB Selfextracting 7-ZIP archive
MD5 checksum: 6208b5e9154fe191061076e3965bb76a
Devel Package 1.7.1 Development Package with Include and Lib-Files from the Apache 2.2.11, MySQL 5.1.33, PHP 5.2.9, OpenSSL 0.9.8i (libs & includes) & drivers.
ZIP 46 MB ZIP archive
MD5 checksum: b0b2b85d2bba322be6939bb99efdc7c9
EXE (7-zip) 23 MB Selfextracting 7-ZIP archive
MD5 checksum: 688406de1a0d76d19aa21e9469f3287c
Upgrade Package 1.7.1 With Apache 2.2.11, PHP 5.2.9, OpenSSL 0.9.8i, MySQL 5.1.33, phpMyAdmin 3.1.3.1, FileZilla FTP Server 0.9.31, XAMPP CLI Bundle 1.3. for XAMPP 1.7.0. CHANGES
Installer 30 MB Installer
MD5 checksum: a6fa85f5c1cfa2049c69e35dd12484d6
ZIP 69 MB ZIP archive
MD5 checksum: b67325f381de3167976a2951808cb6c9
EXE (7-zip) 26 MB Selfextracting 7-ZIP archive
MD5 checksum: 66bb840246137c3a83fa173696337307

* XAMPP Add-Ons

The following packages are extensions (add-ons) for the above XAMPP package.
XAMPP for Windows Add-Ons

Version

Size

Content
Perl 5.10.0-2.2.11
XAMPP 1.7.1
Apache 2.2.11
Attention: Not recommended for upgrade installations!
Perl 5.10.0 (no ActivePerl) and mod_perl 2.0.4 Add-on package for the XAMPP 1.7.1 with Apache 2.2.11. Needs NT, 2000 or XP systems! For the older XAMPP Version you need the older Perl XAMPP add-ons on www.sourceforge.net.
See also README PERL MODULES
Installer 14 MB Installer
MD5 checksum: 3dbe957a0f4a918da85f587bb175a43f
ZIP 30 MB ZIP archive
MD5 checksum: ab36b2842067c07365246279d3b74314
EXE (7-zip) 13 MB Selfextracting ZIP archive
MD5 checksum: 34f14562fec5bea313bc195035fd1574
Tomcat 6.0.18
XAMPP 1.7.x
Tomcat 6.0.18 and mod_jk 1.2.27 for the XAMPP base package 1.7.x. NEEDS SUN J2SE SDK 5/6. The Addon Installer is build for the XAMPP Installer Version only. See also README
Installer 8 MB Installer
MD5 checksum: 18b979a1329d3b536d9d11289d6e6e06
ZIP 10 MB ZIP archive
MD5 checksum: fbdd2e7e6e228f8ddff272b472899e07
EXE (7-zip) 8 MB Selfextracting 7-ZIP archive
MD5 checksum: a9e6d071ead5ff2d275a124dac181024

* XAMPP Lite

»XAMPP Lite« is an additional extra small XAMPP edition. It's the successor of the old MiniXAMPP. But in contrast to the big XAMPP it's not updated really often.
XAMPP Lite

Version

Size

Content
XAMPP Lite 1.7.1 XAMPP Lite is a very reduced version of XAMPP with Apache 2.2.11 + PHP 5.2.9 + MySQL 5.1.33 + phpMyAdmin 3.1.3.1 + OpenSSL 0.9.8i + SQLite 2.8.15 + XAMPP Control Panel 2.5 + XAMPP CLI Bundle 1.3. For lovers! For the lite versions exist no upgrades or addons. XAMPP Lite is an only "Take-Run-Delete-Forget-it" package.
ZIP 50 MB ZIP archive
MD5 checksum: f4d40cd261519f6d325066fbef84b4ae
EXE (7-zip) 18 MB Selfextracting ZIP archive
MD5 checksum: 8f8de43051dc03c79f75a39e6c0db240

The Installation

* Method A: Installation with the Installer

Using the installer version is the easiest way to install XAMPP.

 

The install wizard of XAMPP win32

After the installation is complete, you will find XAMPP under Start / Programs / XAMPP. You can use the XAMPP Control Panel to start/stop all server and also install/uninstall services.

 

The XAMPP control panel for start/stop Apache, MySQL, FilaZilla & Mercury or install these server as services

* Method B: "Installation" without the Installer

Download and unzip the 7-zip or zip archives into the folder of your choice.

In this case, we unpacked XAMPP to D:\Program Files and will get a D:\Program Files\XAMPP folder. Next, open the XAMPP folder and run the "setup-xampp.bat" file.

All paths in the configuration will be updated.

Finally, start the different servers with the existing start/stop batch files or use the GUI version "xampp-control.exe".

Note: If you work with the Installer version of XAMPP, you do not need to execute "setup_xampp.bat".

* »I want to start XAMPP without setup!«

If you extract XAMPP in a top level folder like c:\xampp or d:\xampp etc., you can start XAMPP directly. That means you do not need to execute the "setup_xampp.bat" at all. Apache, MySQL and Mercury Mail server will start up correctly! FileZilla FTP server will not start because it requires absolute paths. Please note: Do not use a double-xampp-folder like c:\xampp\xampp! You need a single-xampp folder like d:\xampp(\apache and so on). Otherwise you must run the "setup-xampp.bat" to set up the path configurations.

The Practice

* The xampp cli (xampp common line interface)

For all friends of the console (cmd) here the new build "xampp_cli" by Carsten Wiedmann.

Usage: xampp_cli «command» «service»

Example 1: Apache and MySQL starting and stopping
xampp_cli start xampp
xampp_cli stop xampp

Example 2: Apache installing and removing as service
xampp_cli installservice apache
xampp_cli deinstallservice apache

Example 3: Mercury starting and stopping
xampp_cli start mercury
xampp_cli stop mercury

* Practice 1: Start, stop & test XAMPP

The universal control center is the XAMPP Control from www.nat32.com which is not included in the Lite version.

.\xampp\xampp-control.exe

Some more server scripts:
Apache & MySQL start: .\xampp\xampp_start.exe
Apache & MySQL stop: .\xampp\xampp_stop.exe
Apache start: .\xampp\apache_start.bat
Apache stop: .\xampp\apache_stop.bat
MySQL start: .\xampp\mysql_start.bat
MySQL stop: .\xampp\mysql_stop.bat
Mercury Mailserver start: .\xampp\mercury_start.bat
(Mercury only GUI. Stop with GUI)
FileZilla Server setup: .\xampp\filezilla_setup.bat
FileZilla Server start: .\xampp\filezilla_start.bat
FileZilla Server stop: .\xampp\filezilla_stop.bat

Test: After Apache starts, open the URL http://localhost or http://127.0.0.1 and examine all of the XAMPP examples and tools.

* Practice 2: Installing a particular server as a service

You can install some servers as a service under these platforms: NT4, 2000/2003, XP and (sometimes) Vista. Therefore you can use one of these scripts:

Apache service install: .\xampp\apache\apache_installservice.bat
Apache service uninstall: .\xampp\apache\apache_uninstallservice.bat
MySQL service install: .\xampp\mysql\mysql_installservice.bat
MySQL service uninstall: .\xampp\mysql\mysql_uninstallservice.bat
FileZilla service (un)install: .\xampp\filezilla_setup.bat
Mercury: No service installation available!

* Practice 3: Installation of Addons

Many additional addons exist for the development with the main package. At the moment, the official addons for win32 from this side are:
  • Perl Addon with Mod_Perl and a selection important Perl Modules
  • Tomcat Addon (Requirement: SUN J2SE SDK must already be installed)
  • Cocoon for Tomcat Addon (Requirement: Tomcat Addon must already be installed)
  • Python Addon
The recommended rule for the installation is this: The XAMPP Installer version needs the Installer Addon, the ZIP (7-Zip) package needs the ZIP (7-Zip) Addon. For the ZIP Addon please unpack the package into the XAMPP main directory directly. Afterwards execute the "setup_xampp.bat". That's all. Installer Addon package makes everything automatically. There is nothing to do.

Note: Everyone can build a new XAMPP Addon for his project. For example you will find some other addons for XAMPP at http://sourceforge.net/projects/xamppaddon.

* Practice 4: The XAMPP upgrades

When individual components of the XAMPP collection are upgraded, we will bring XAMPP up to date as well. However, some developments are not compatible to our last release and so we cannot upgrade these elements. Usually we are able to update all servers and programms in XAMPP. NOT the configuration files because you could have modified them. Tip: If you have the installer version it is much easier to use the installer upgrade. All others should take the (7-)ZIP archive. Extract that package in the XAMPP folder directly and overwrite the older files.

A matter of security (A MUST READ!)

* The XAMPP Security console

As mentioned before, XAMPP is not meant for production use but only for developers in a development environment. XAMPP is configured is to be as open as possible and to allow the web developer anything he/she wants. For development environments this is great but in a production environment it could be fatal.

Here a list of missing security in XAMPP:

  • The MySQL administrator (root) has no password.
  • The MySQL daemon is accessible via network.
  • PhpMyAdmin is accessible via network.
  • Examples are accessible via network.
  • The user of Mercury and FileZilla are known.
Please secure XAMPP before publishing anything online. A firewall or an external router are only sufficient for low levels of security. For slightly more security, you can run the "XAMPP Security console" and assign passwords.

To fix the most important of the security weaknesses simply call the following URL (access only from localhost):

Before version 1.4.15:
http://127.0.0.1/xampp/xamppsecurity.php

Since version 1.4.15:
http://127.0.0.1/security

The root password for MySQL, PhpMyAdmin, and also a XAMPP directory protection can be established here. For Mercury and FileZilla, please remember to change the configuration settings (e.g. user and passwords). Or if you do not need any of these servers, simply do not start them -- That is secure, too.

The Uninstallation

* Method A: The Installer version

If you installed with the Installer version, please use the Uninstaller! The Uninstaller will delete all XAMPP entries from your registry and it will uninstall some installed services included with XAMPP. We highly recommend that you use the Uninstall program for removing XAMPP installations from the Installer version.

* Method B: Installation from ZIP and 7-ZIP package

Shut down the XAMPP server and exit all panels. If you installed any services, shut them down too.

To uninstall XAMPP that was installed from ZIP packages, simply delete the entire folder where XAMPP is installed. There are no registry entries and no environment variables to clean up... just simply good, clean code! Don't forget to uninstall any services you might have installed.

Basic Questions

* Question 1: What is the "Lite" version of XAMPP?

XAMPP Lite (means "light" as in "light-weight") is a smaller bundle of XAMPP components, which is recommended for quick work using only PHP and MySQL. Some servers or tools such as Mercury Mail and FileZilla FTP are missing in the Lite version. Additionally, there are no Install Shield versions, add-ons or upgrades for the Lite version.

* Question 2: Where should I place my web content?

The main folder for all WWW documents is at \xampp\htdocs. If you put a test.html file here you can browse for it at http://localhost/test.html (if Apache server is running). Use the same procedure with all PHP or cgi files. You can create subfolders for your content too. For example, create the folder \xampp\htdocs\new and copy your test.html file there. Then enter the URL http://localhost/new/test.html to view this in your browser.

Further file characteristics in the overview:

  • CGI - Executable: Overall, Allowed endings: .cgi => base package
  • PHP - Executable: Overall, Allowed endings: .php .php4 .php3 .phtml => base package
  • MOD Perl - Executable: .\xampp\htdocs\modperl, Allowed endings: .pl => Perl addon
  • ASP Perl - Executable: .\xampp\htdocs\modperlasp, Allowed endings: .asp => Perl Addon
  • JSP Java - Executable: .\xampp\tomcat\webapps\java (u.a), Allowed endings: .jsp => Tomcat addon
  • Servlets Java - Executable: .\xampp\tomcat\webapps\java (u.a), Allowed endings: .html (u.a) => Tomcat addon
  • MOD Python - Executable: .\xampp\htdocs\python, Allowed endings: .py => Python addon Spyce Python - Executable: .\xampp\htdocs\python, Allowed endings: .spy => Python addon

* Question 3: Can I move the XAMPP installation?

Yes, but only if you installed it using the ZIP (z-zip) archive method. After moving the XAMPP package, you must execute the "setup-xampp.bat" to update all configuration files. In this case you can make a copy of XAMPP and put this in a directory somewhere. At last execute the "setup-xampp" and make your tests. Try it out.

If you installed with the Installer, then you must completely uninstall XAMPP and reinstall it at the new location. This is the only way to ensure that all changes made to the registry are cleaned up, and updated for the new location.

* Question 4: How can I generate "automatic start sites" or default start pages?

If you browse to a folder like http://localhost/xampp/ the Apache server will return a start site automatically. The Apache server looks for a start page for your site, such as index.html or index.php. This is configurable from the "DirectoryIndex" directive in the httpd.conf file. Here you can define the names and the arrangement for your start sites.

In XAMPP the "DirectoryIndex" directive list is as follows:

index.php index.php4 index.php3 index.cgi index.pl index.html index.htm index.html.var index.phtml

* Question 5: How can I switch between PHP5 and PHP4 and back?

XAMPP (not Lite!) contains both PHP5 and PHP4. To switch between the versions please use the "php-switch.bat" ($path-to-xampp\xampp\php-switch.bat). NOTE: The Apache server must be stopped before you make these changes.

* Question 6: Where can I change the configuration?

You adjust XAMPP settings with plain-text configuration files. The following files exist:
  • Apache basic configuration: .\xampp\apache\conf\httpd.conf
  • Apache SSL: .\xampp\apache\conf\ssl.conf
  • Apache Perl (only addon): .\xampp\apache\conf\perl.conf
  • Apache Tomcat (only addon): .\xampp\apache\conf\java.conf
  • Apache Python (only addon): .\xampp\apache\conf\python.conf
  • PHP: .\xampp\php\php.ini
  • MySQL: .\xampp\mysql\bin\my.ini
  • phpMyAdmin: .\xampp\phpMyAdmin\config.inc.php
  • FileZilla FTP: .\xampp\FileZillaFTP\FileZilla Server.xml
  • Mercury Mail basic configuration: .\xampp\MercuryMail\MERCURY.INI
  • Sendmail: .\xampp\sendmail\sendmail.ini

* Question 7: Do I have to go online to work with XAMPP?

No! You can work "offline" with XAMPP. In other words, you do NOT have to be connected to the Internet, because your own computer will provide all the hosting and serving features.

* Question 8: Where is what?

Directory Content
\xampp\anonymous Anonymous FTP example folder
\xampp\apache Apache server directory
\xampp\cgi-bin Dir for executing cgi scripts
\xampp\FileZillaFTP FileZilla FTP server directory
\xampp\htdocs Main http docs directory
\xampp\install For Setup XAMPP (do not delete!)
\xampp\licenses Dito
\xampp\MercuryMail Mercury Mail SMTP POP3 IMAP server dir
\xampp\mysql MySQL server directory
\xampp\perl Perl directory
\xampp\php PHP (4+5) directory
\xampp\phpmyadmin phpMyAdmin directory
\xampp\security Extra directory for security configs
\xampp\tmp The temporary folder
\xampp\webalizer Webalizer web statistic directory
\xampp\webdav WebDAV Authoring example folder

READ ME

* Where can I get more information (FAQs, etc.)?

Please visit our XAMPP Windows FAQs:
http://www.apachefriends.org/en/faq-xampp-windows.html

Or use our forum for questions:
http://www.apachefriends.org/f/

* XAMPP and services

For all NT/2000 users, in both packages you will find the install and uninstall files to build all servers as services in the respective directories.
  • apache_installservice.bat => Apache install as service/li>
  • apache_uninstallservice.bat => Apache uninstall as service
  • mysql_installservice.bat => MySQL install as service
  • mysql_uninstallservice.bat => MySQL uninstall as service
After all changes don't forget to restart your system. Note! To uninstall the mysql service you must first of all have stopped the mysql service!

* MySQL and PHP

MySQL starts without a password for "root". So in PHP you can connect the MySQL-Server with: mysql_connect("localhost","root","");
If you want to set a password for "root" in MySQL, please use "mysqladmin" under Console. For example:

\...\xampp\mysql\bin\mysqladmin -u root password secret

Attention. After changing the password for root, don't forget to inform PHPMyAdmin. Search the "config.inc.php" under \...\xampp\phpmyadmin\ and edit the following lines:

$cfg['Servers'][$i]['user'] = 'root'; // MySQL SuperUser
$cfg['Servers'][$i]['auth_type'] = 'http'; // HTTP MySQL authentification

Now the correct password for "root" is required, before PHPMyAdmin starts.

Please see also the three methods in the Windows FAQ:
http://www.apachefriends.org/en/faq-xampp-windows.html#password0
원문 : http://www.apachefriends.org/

Trackback 12 Comment 0