Results 1 to 10 of 10

Thread: SQL Injection && ASM hints / tuts

  1. #1
    Junior Member
    Join Date
    May 2007
    Posts
    40

    Default SQL Injection && ASM hints / tuts

    Hi If I found a sql injection hole how do I make a shell or lass list out of it?
    I am able to login User: 1'1 PAss: fubar


    Were can I find information about Asm and sploits that I can understand Articels like this: Metasploit: SMB2: 351 Packets from the Trampoline ?
    Any Hints or tuts for me?

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by *YAPP* View Post
    Hi If I found a sql injection hole how do I make a shell or lass list out of it?
    I am able to login User: 1'1 PAss: fubar
    Depends on what host Operating System is being used and what DBMS is running. There's lots of papers about SQL Injection out there, ask Google to direct you to the appropriate one after you find out the answers to the previous questions.

    Quote Originally Posted by *YAPP* View Post
    Were can I find information about Asm and sploits that I can understand Articels like this: Metasploit: SMB2: 351 Packets from the Trampoline ?
    Any Hints or tuts for me?
    Start reading about how to exploit buffer overflow vulnerabilities. Theres some links in my last post to AnActivists "Pentesting Documentation" thread.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Junior Member
    Join Date
    May 2007
    Posts
    40

    Default

    Hi can't find user AnActivists please give me a link.

    It is a apache 2.2 PHP 4.4 LInux system

    Do you got somme good tutorials for me I just know the Exploits of Milworm were you enter a URI and you get a list of User + PWs. I want to make things like this by my self...

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by *YAPP* View Post
    Hi can't find user AnActivists please give me a link.
    Here

    Quote Originally Posted by *YAPP* View Post
    It is a apache 2.2 PHP 4.4 LInux system
    You need to know the DBMS type as well. MySQL is most likely for a Linux/Apache/PHP site, but others are possible.

    Quote Originally Posted by *YAPP* View Post
    Do you got somme good tutorials for me I just know the Exploits of Milworm were you enter a URI and you get a list of User + PWs. I want to make things like this by my self...
    I have read a few papers on the subject, however I didn't keep note of the links because they were rather easy to find using Google. (Hint.)
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #5
    Junior Member
    Join Date
    May 2007
    Posts
    40

    Default

    It use mysql. I ask here because I look for RECOMAND tuts xD

    Do you mean this Link?
    http://forums.remote-exploit.org/new...ntation-6.html

    sry I don't get the point... Were do you post the links?

  6. #6
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by *YAPP* View Post
    It use mysql. I ask here because I look for RECOMAND tuts xD
    Id recommend the tutorials that you can find easily in Google. Search for "SQL injection" and start with the ones on the first results page. Also have a look on the OWASP wiki. Once you want to get more specific then start searching using your DBMS and/or OS name. You will then probably also want to learn a bit of your specific DBMSs SQL language.

    Quote Originally Posted by *YAPP* View Post
    That thread, yes, but not that particular page.

    Quote Originally Posted by *YAPP* View Post
    sry I don't get the point... Were do you post the links?
    The links are in the last post I made to that thread. Right here.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  7. #7
    Junior Member
    Join Date
    May 2007
    Posts
    40

    Default

    your links are brocken...

  8. #8
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by *YAPP* View Post
    your links are brocken...
    It's the same link that you posted above only difference is that his link points to post number 121 in the thread or as was stated twice his last post in said thread. And as for the link itself it works for me.
    Try again.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  9. #9
    Junior Member
    Join Date
    May 2007
    Posts
    40

    Default

    MadIrish.net
    pointd to the homepage of MadIrish.net

    http://www.corelan.be:8800/index.php...torial-part-1/

    Error 404 - Not Found

  10. #10
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    http://www.corelan.be:8800/?s=buffer+overflow+tutorial
    http://www.corelan.be:8800/?s=writing+exploits

    Funny thing was/is your right the links do no longer work. However on the same page on the right hand side the above two links are listed .
    Exploit writing tutorial and Writing exploits.
    As for the madirish I will let you look that one up.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •