mailing list archives
Misc Web Pen testing scripts
From: "Baggett, Mark" <mark.baggett () morris com>
Date: Fri, 3 Sep 2010 12:31:09 -0400
I'm trying to learn python. Userpass.py was my first python script.
Eventually, I am going to write something that doesn't completely suck.
There scripts are still a work in progress. Send me comments and
suggestion off list. I hope they are useful. If you find errors before
I post these to the blog I'd appreciate a heads up.
Use to demonstrate POST based XSS attacks to a customer. Put get2post
on a single host then you can create URL's with the POST values for the
customer. Same functionality as
http://www.whiteacid.org/misc/xss_post_forwarder.php but on your own
server so you are not disclosing a customers XSS issues to a third
Grabs URL's & cookies as you browse and launches the tool of choice.
Here is a demo video http://www.vimeo.com/14667308
This is a MySQL blind SQL injector that uses a much different SQL
injection technique. Instead of repeatedly cutting the alphabet in half
or brute forcing the letters it uses a per letter frequency table to
predict the next letter. For example, if you have a Q there is a HIGH
probability that the next letter is a U. The technique is discussed and
http://www.exploit-db.com/papers/13696/ 47 fewer guesses than
bsqlbf.pl! 79 vs 126
I implemented this technique in python. You give the script a
vulnerable URL, and you put your SQL query in the URL with carets as
markers at the point on injection. This syntax enables flexible url
mark.baggett$ $ python sqlinjector.py
end of word found
Found target acuart in 79 guesses.
mark.baggett$ perl bsqlbf.pl -blind cat -sql "database()" -url
// Blind SQL injection brute force.
// aramosf () 514 es / http://www.514.es
trying: acuart#### results:
database() = acuart
total hits: 126
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
Main Web Site: http://pauldotcom.com
- Misc Web Pen testing scripts Baggett, Mark (Sep 03)