974_SQL Pack
提交时间:2006-04-22提交用户:ShaDoM
工具分类:攻击程序
运行平台:Windows
工具大小:250795 Bytes
文件MD5 :ec799a105de547eafc5b844b6bbc7d6a
工具来源:[url]http://h4cky0u.org[/url]
包括了几个综合的工具,sql口令破解工具forcesql,mysql注射上传工具sqlbfttool,sql字典生成程序,sql综合注射程序sqlinjector.exe,sqlping 附带源码
C:\Documents and Settings\Administrator>D:\sqlinject\sqltool\sqlinjector\sqlinje
ctor\sqlinjector.exe -help
*** Datachipper ***
Not quite data mining - but data chipping, this
tool exploits SQL injection vulnerabilities to
gain access to data.
C:\>datachipper [options]
[Options]
-t target
-a action
-f file
-p port
-k known
-gc good_code
-gt good_text
-ec error_code
-et error_text
-h help
-qf query_file
-s server
-to ime_out
-d details
TARGET is the target web server.
ACTION is the action to take:
-a database -> workout the database server software
-a where -> drill for data by injecting into where clause
FILE is the name of the file that contains the web request.
PORT is the TCP the web server is listening on.
KNOWN is a value that is known to return data.
GOOD_CODE is the web server response code when everything is OK - usually 200.
GOOD_TEXT is text you'd expect to see in a good response.
ERROR_CODE is the web server response code when an error occurs - usually 500.
ERROR_TEXT is the text you'd expect to see in an error response.
QUERY_FILE is the file that contains the single row, single column query -
e.g. select @@version
If no query_file is specified the default query is used.
The default query extracts the database server software version for the
given server.
SERVER can be one of
mssql
oracle
informix
mysql
sysbase
db2
access.
TIME_OUT is the TCP timeout (milliseconds) on the connection.
Examples:
datachipper -t 192.168.0.1 -a database -f query.txt -p 80 -gc 200 -ec 500 -k NGS
SOFTWARE -gt SQUIRREL
页:
[1]