Commit Graph

621 Commits

Author SHA1 Message Date
Miroslav Stampar
73dba249e8 one more just in case update 2012-05-28 19:34:47 +00:00
Miroslav Stampar
190ae4ca13 no need for conf.timeSec value as inference is always evaluated to False in DNS (large random values used for > ...) 2012-05-28 15:10:17 +00:00
Miroslav Stampar
a70a647aeb few fixes regarding --dns-domain usage (time-based technique should not be used as a failback because of few things, --time-sec should be put to 0 just in case,...) 2012-05-28 14:51:23 +00:00
Miroslav Stampar
b1d82422a0 changing conf.dnsDomain to conf.dName just because of long text problems in help listing 2012-05-28 14:15:04 +00:00
Miroslav Stampar
4e6fcce9ca minor update 2012-05-26 07:04:32 +00:00
Miroslav Stampar
ce077137c9 minor language update 2012-05-26 07:01:37 +00:00
Miroslav Stampar
d335ec0c34 turning back on time auto-adjustment mechanism (if turned off) after a threshold run of valid chars 2012-05-26 07:00:26 +00:00
Miroslav Stampar
b0a8238774 minor fixes 2012-05-09 14:58:16 +00:00
Miroslav Stampar
9fa3619262 minor fix 2012-05-09 14:00:07 +00:00
Miroslav Stampar
56a3431be6 minor update for empty tables (skipping other techniques) 2012-05-09 10:34:21 +00:00
Miroslav Stampar
e419177871 minor update 2012-05-08 17:28:19 +00:00
Miroslav Stampar
eccd4da00f minor fix 2012-05-08 15:03:33 +00:00
Miroslav Stampar
938d9ff23e doing all the work for the users so they wouldn't strain their little hands 2012-05-08 15:00:23 +00:00
Miroslav Stampar
524dd75ff2 that query variable hasn't been used anywhere (obsolete for some time) 2012-05-08 14:34:40 +00:00
Miroslav Stampar
3532d23933 automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established) 2012-04-23 13:41:36 +00:00
Miroslav Stampar
71b0acc16f minor fix (checking for full inband should be done with ORIGINAL - more concise) 2012-04-15 16:43:18 +00:00
Miroslav Stampar
5772c52f46 minor refactoring/fix (randQuery is just a part (e.g. abc) of phrase (def🔤ghi) - phrase should be searched for, not just randQuery); both phrases should be inside the content for it to be full-inband injectable (...UNION ALL SELECT phrase UNION ALL SELECT phrase2....) 2012-04-15 16:33:47 +00:00
Miroslav Stampar
ae8c70e895 another cosmetics 2012-04-13 15:11:44 +00:00
Miroslav Stampar
d765cdc3a3 minor cosmetics 2012-04-13 15:10:40 +00:00
Miroslav Stampar
831f79b851 minor generalization 2012-04-12 09:30:19 +00:00
Miroslav Stampar
8c6eb4faa9 adding support for PgSQL DNS data exfiltration 2012-04-07 14:06:11 +00:00
Miroslav Stampar
a5b69eaea4 removing unused imports 2012-04-04 13:18:14 +00:00
Bernardo Damele
52796bb4da revert 2012-04-04 13:02:50 +00:00
Miroslav Stampar
a4b95ab7dd works against MySQL/Windows 2012-04-04 12:49:45 +00:00
Bernardo Damele
a1d97e9d7b Add a space after a comment 2012-04-04 12:48:21 +00:00
Bernardo Damele
025c531d22 leftover 2012-04-04 12:44:25 +00:00
Bernardo Damele
c0946ce2c9 Minor refactoring 2012-04-04 12:42:58 +00:00
Bernardo Damele
d106fb5184 layout adjustments 2012-04-04 12:27:24 +00:00
Miroslav Stampar
556b349be3 minor fix for retrieving non-printable chars in inference and non-multi threading mode 2012-04-03 14:04:07 +00:00
Miroslav Stampar
33bb9c5f19 much cleaner approach in that "flat" representation of retrieved items in union technique 2012-04-03 13:56:11 +00:00
Miroslav Stampar
7fb190f3b1 minor fix 2012-04-03 12:35:19 +00:00
Miroslav Stampar
886aa22efc minor update 2012-04-03 12:19:37 +00:00
Miroslav Stampar
78f51fd2e5 minor fix 2012-04-03 10:18:03 +00:00
Miroslav Stampar
e05109812f minor improvements regarding data retrieval through DNS channel 2012-04-03 09:18:30 +00:00
Miroslav Stampar
5f94987b0f fix for DNS method for MSSQL 2012-04-02 17:28:18 +00:00
Miroslav Stampar
2c28423cb8 minor update 2012-04-02 14:57:15 +00:00
Miroslav Stampar
8a9d09f79b minor fixes 2012-04-02 14:11:23 +00:00
Miroslav Stampar
1cd3c3f7af further update of DNS data retrieval mechanism through SQLi 2012-04-02 14:05:30 +00:00
Miroslav Stampar
7fd64df167 minor code cleaning 2012-03-28 13:31:07 +00:00
Miroslav Stampar
1b072f6415 laying foundation for DNS based data retrieval 2012-03-27 18:59:12 +00:00
Miroslav Stampar
8e7d360ea2 cleaner refactoring regarding last commit 2012-03-19 12:03:25 +00:00
Miroslav Stampar
401763b6f8 minor fix (it has to be level 1 array like it was with the previous re.findall mechanism) 2012-03-19 12:00:22 +00:00
Miroslav Stampar
d66056fe39 one more related commit 2012-03-16 13:16:53 +00:00
Miroslav Stampar
ac02a2d92c minor fix 2012-03-16 13:14:14 +00:00
Miroslav Stampar
b130a9e14e minor fix (writing to HashDB on any interrupt) 2012-03-16 10:15:43 +00:00
Miroslav Stampar
e38b59a2ae minor update 2012-03-14 13:16:49 +00:00
Miroslav Stampar
cee9ff7885 proper parsing of content in partial union technique 2012-03-14 11:23:30 +00:00
Miroslav Stampar
5a83f1c5f7 minor update 2012-03-08 15:43:22 +00:00
Miroslav Stampar
9ca8bc4d51 minor bug fix 2012-03-08 09:52:33 +00:00
Miroslav Stampar
ac5a752b12 Oracle's XMLType doesn't like '#' char too 2012-03-01 11:59:37 +00:00
Miroslav Stampar
f4e410db16 minor fix 2012-03-01 10:17:39 +00:00
Miroslav Stampar
37db27b720 turning back on automatic adjusting of delays in time based queries 2012-02-29 15:51:23 +00:00
Miroslav Stampar
1bdc07c279 minor update 2012-02-29 15:02:24 +00:00
Miroslav Stampar
c36cbbb3ae minor fix 2012-02-24 14:54:10 +00:00
Miroslav Stampar
f94b91ad87 added helper function for HashDB data storing/retrieval 2012-02-24 13:07:20 +00:00
Miroslav Stampar
b481c0352f minor update 2012-02-24 11:25:56 +00:00
Miroslav Stampar
5afbd52b61 more update related to last commits 2012-02-24 10:57:23 +00:00
Miroslav Stampar
570d3a19c2 more general fix 2012-02-24 10:53:28 +00:00
Miroslav Stampar
e8352e504f fixing problems with chars deletition by logging messages in inference mode 2012-02-24 10:48:19 +00:00
Miroslav Stampar
086c3a3662 minor fix 2012-02-23 13:31:50 +00:00
Miroslav Stampar
b3bd4144f5 removing of unused imports together with some general code refactoring 2012-02-22 10:40:11 +00:00
Miroslav Stampar
386e98a0e3 using UNION SELECT for where=..NEGATIVE 2012-02-22 09:41:58 +00:00
Miroslav Stampar
c9d570c83b minor update 2012-02-21 13:49:30 +00:00
Miroslav Stampar
bcf3255fe1 implementation of switch --hex for 4 major DBMSes 2012-02-21 11:44:48 +00:00
Miroslav Stampar
aee269cc14 gazillion changes, nothing will work, muhahaha 2012-02-17 14:22:48 +00:00
Miroslav Stampar
e1f86c97c4 minor refactoring 2012-02-16 09:46:41 +00:00
Miroslav Stampar
8a2bd3897d minor output fix 2012-02-12 19:11:54 +00:00
Miroslav Stampar
c1368053e5 minor fix 2012-02-12 18:46:25 +00:00
Miroslav Stampar
b140ef4a14 minor update (preparing for switching to HashDB from old sessionFile) 2012-02-10 10:24:48 +00:00
Miroslav Stampar
e50d64546f minor fix 2012-02-07 14:57:48 +00:00
Miroslav Stampar
2b05ded9c3 just a makeup 2012-02-07 12:05:23 +00:00
Miroslav Stampar
8c45ff0d57 bug fix 2012-02-03 10:38:04 +00:00
Miroslav Stampar
8405ef59ac some estetic updates 2012-02-01 14:49:42 +00:00
Miroslav Stampar
df43157284 minor patch 2012-02-01 12:28:06 +00:00
Miroslav Stampar
2ee198a381 minor "patch" 2012-02-01 11:00:01 +00:00
Miroslav Stampar
4d9dcbf5db minor fix 2012-02-01 10:14:23 +00:00
Miroslav Stampar
46f42f2fe4 minor fix 2012-01-30 13:10:35 +00:00
Miroslav Stampar
95f89ab63a updating copyright date 2012-01-11 14:59:46 +00:00
Miroslav Stampar
18930539cd more concise language 2012-01-07 17:45:45 +00:00
Miroslav Stampar
1f085a0241 now [SLEEPTIME] is changeable properly in vivo 2012-01-05 14:45:05 +00:00
Miroslav Stampar
9d50c806e1 bug fix 2012-01-05 10:55:58 +00:00
Miroslav Stampar
29f502fe29 some refactoring 2011-12-28 16:27:17 +00:00
Miroslav Stampar
22c3fe49bb some refactoring 2011-12-28 13:50:03 +00:00
Miroslav Stampar
abb401879c minor update 2011-12-22 20:42:57 +00:00
Miroslav Stampar
8585107e3d minor update 2011-12-22 12:21:30 +00:00
Miroslav Stampar
f622995a29 compatibility with partial union and error technique resumed data 2011-12-22 12:20:21 +00:00
Miroslav Stampar
9f68e54fff minor cleanup 2011-12-22 10:59:28 +00:00
Miroslav Stampar
4a1a0773b7 speedup of UNION dumping 2011-12-22 10:44:14 +00:00
Miroslav Stampar
b77e2042f2 some optimization 2011-12-21 23:23:00 +00:00
Miroslav Stampar
526aacb640 code cleanup 2011-12-21 22:59:23 +00:00
Miroslav Stampar
81bd9a201b minor refactoring 2011-12-21 11:50:49 +00:00
Miroslav Stampar
316e27a809 minor update 2011-12-15 10:19:31 +00:00
Miroslav Stampar
d6f936b98d minor update 2011-11-23 15:51:48 +00:00
Miroslav Stampar
40f21c3917 minor update 2011-11-23 15:38:31 +00:00
Miroslav Stampar
f39170a2c4 minor update 2011-11-22 15:06:51 +00:00
Miroslav Stampar
e94efff187 some more optimization 2011-11-22 09:00:00 +00:00
Miroslav Stampar
2ed3efba12 speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase) 2011-11-22 08:39:13 +00:00
Miroslav Stampar
1b45c5b56a bug fix 2011-10-28 15:24:35 +00:00
Miroslav Stampar
e290f2b80b minor update 2011-10-28 11:11:55 +00:00
Miroslav Stampar
23bf52e496 minor refactoring 2011-10-24 09:55:50 +00:00