Miroslav Stampar
|
01be9381d5
|
minor update
|
2012-06-25 16:24:33 +00:00 |
|
Miroslav Stampar
|
ec44e88db8
|
lots of refactoring regarding removal of already obsolete session file mechanism
|
2012-06-21 10:09:10 +00:00 |
|
Miroslav Stampar
|
06be7bbb18
|
few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)
|
2012-06-15 20:41:53 +00:00 |
|
Miroslav Stampar
|
3a90105fbb
|
minor refactoring
|
2012-06-14 13:38:53 +00:00 |
|
Miroslav Stampar
|
4ac3794e80
|
minor update
|
2012-06-12 14:22:14 +00:00 |
|
Miroslav Stampar
|
738073105e
|
minor updates
|
2012-06-04 19:52:51 +00:00 |
|
Miroslav Stampar
|
7b282b1d6c
|
adding support for newer SSL protocols
|
2012-06-04 19:46:28 +00:00 |
|
Miroslav Stampar
|
76a4aa19ac
|
some more fine tunning
|
2012-05-28 19:50:12 +00:00 |
|
Miroslav Stampar
|
efb406fbfc
|
minor revert
|
2012-05-28 19:13:50 +00:00 |
|
Miroslav Stampar
|
f7cba8d2cb
|
minor update
|
2012-05-28 18:05:15 +00:00 |
|
Miroslav Stampar
|
a72cb29c1f
|
taking care of few issues regarding reverse address lookup of localhost/127.0.0.1 at remote DNS server
|
2012-05-28 16:57:10 +00:00 |
|
Miroslav Stampar
|
89e90c3d84
|
revert of last commit
|
2012-05-28 15:01:56 +00:00 |
|
Miroslav Stampar
|
96c84e6e5b
|
minor update
|
2012-05-28 15:00:06 +00:00 |
|
Miroslav Stampar
|
a70a647aeb
|
few fixes regarding --dns-domain usage (time-based technique should not be used as a failback because of few things, --time-sec should be put to 0 just in case,...)
|
2012-05-28 14:51:23 +00:00 |
|
Miroslav Stampar
|
b1d82422a0
|
changing conf.dnsDomain to conf.dName just because of long text problems in help listing
|
2012-05-28 14:15:04 +00:00 |
|
Miroslav Stampar
|
226547b7dc
|
minor fix for --skip-urlencode and custom post
|
2012-05-28 09:04:25 +00:00 |
|
Miroslav Stampar
|
e967bbd70f
|
minor patch
|
2012-05-27 21:44:42 +00:00 |
|
Miroslav Stampar
|
fed0212631
|
now working with recursive queries too
|
2012-05-27 10:03:02 +00:00 |
|
Miroslav Stampar
|
09f2144485
|
full page read is not needed in DNS exfiltration mode
|
2012-05-26 21:28:43 +00:00 |
|
Miroslav Stampar
|
c394610740
|
adding switch --skip-urlencode to skip URL encoding of POST data
|
2012-05-24 23:30:33 +00:00 |
|
Miroslav Stampar
|
2538e2d5b4
|
fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring
|
2012-05-22 09:33:22 +00:00 |
|
Miroslav Stampar
|
333f8057a5
|
minor fix (when redirected path has non-ASCII char and conf.url is unicode) and bits along with pieces
|
2012-05-14 14:06:43 +00:00 |
|
Miroslav Stampar
|
12d32f58f2
|
fix for that SOAP reported bug
|
2012-05-10 13:39:54 +00:00 |
|
Miroslav Stampar
|
fdf61015ad
|
minor patch
|
2012-05-09 08:41:05 +00:00 |
|
Miroslav Stampar
|
6af110d631
|
avoiding --no-cast/--hex warning message before a DBMS is fingerprinted
|
2012-05-08 14:06:41 +00:00 |
|
Miroslav Stampar
|
775134639d
|
minor update
|
2012-04-20 20:33:15 +00:00 |
|
Miroslav Stampar
|
6ebb621228
|
adding support for (custom) POST injection (marking injection point with '*' in conf.data)
|
2012-04-17 14:23:00 +00:00 |
|
Miroslav Stampar
|
052d9455fe
|
warning user in cases of "User xyz already has more than 'max_user_connections' active connections"
|
2012-04-12 09:44:54 +00:00 |
|
Miroslav Stampar
|
119eec3598
|
improving "boolean detection" by automatic recognition of convenient --string candidate
|
2012-04-10 21:48:34 +00:00 |
|
Miroslav Stampar
|
8c6eb4faa9
|
adding support for PgSQL DNS data exfiltration
|
2012-04-07 14:06:11 +00:00 |
|
Miroslav Stampar
|
b2afa87e48
|
reading page responses in chunks, trimming unnecessary content (especially for large table dumps in full inband cases)
|
2012-04-06 08:42:36 +00:00 |
|
Miroslav Stampar
|
2223c884e5
|
minor refactoring
|
2012-04-05 12:55:26 +00:00 |
|
Miroslav Stampar
|
e0994947e2
|
minor update
|
2012-04-04 23:37:50 +00:00 |
|
Miroslav Stampar
|
b1dd03731a
|
minor cosmetics
|
2012-04-04 23:34:08 +00:00 |
|
Miroslav Stampar
|
c89a4162e2
|
bug fix for --dns-domain with --technique=TS
|
2012-04-04 18:01:39 +00:00 |
|
Miroslav Stampar
|
098c7c06dd
|
added few comments
|
2012-04-04 13:24:58 +00:00 |
|
Miroslav Stampar
|
a4b95ab7dd
|
works against MySQL/Windows
|
2012-04-04 12:49:45 +00:00 |
|
Bernardo Damele
|
c0946ce2c9
|
Minor refactoring
|
2012-04-04 12:42:58 +00:00 |
|
Bernardo Damele
|
75d1dab895
|
more cosmetics
|
2012-04-04 12:33:16 +00:00 |
|
Bernardo Damele
|
d106fb5184
|
layout adjustments
|
2012-04-04 12:27:24 +00:00 |
|
Miroslav Stampar
|
503988887c
|
minor update
|
2012-04-03 10:43:46 +00:00 |
|
Miroslav Stampar
|
2504f4edb8
|
minor fixes
|
2012-04-03 10:10:33 +00:00 |
|
Miroslav Stampar
|
e05109812f
|
minor improvements regarding data retrieval through DNS channel
|
2012-04-03 09:18:30 +00:00 |
|
Miroslav Stampar
|
1cd3c3f7af
|
further update of DNS data retrieval mechanism through SQLi
|
2012-04-02 14:05:30 +00:00 |
|
Miroslav Stampar
|
abffc39929
|
minor update regarding DNS data retrieval task
|
2012-04-02 12:22:40 +00:00 |
|
Miroslav Stampar
|
429b8396e9
|
minor update for DNSServer support
|
2012-03-30 13:20:29 +00:00 |
|
Miroslav Stampar
|
6acf6b193a
|
minor update regarding boolean logic comparison mechanism
|
2012-03-30 09:42:58 +00:00 |
|
Miroslav Stampar
|
5469186540
|
minor comment update
|
2012-03-29 14:35:47 +00:00 |
|
Miroslav Stampar
|
637a8d8273
|
improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism
|
2012-03-29 14:33:27 +00:00 |
|
Miroslav Stampar
|
ce4c697bbd
|
disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code
|
2012-03-29 13:39:12 +00:00 |
|