[sqlmap-users] Bypassing IDS/IPS
Brought to you by:
inquisb
From: Arturs P. <lva...@in...> - 2012-08-30 15:06:13
|
Hi!<br />Basically this question is about what Havij does and how to do the same w/ SQLMap (or better). I made injections and was able to dump database with Havij in this site - http://nhl.id.lv/?cat=stats&position=Goalie&sort=saves through parameter 'sort'. It used MySQL timebased injection (time is usually 4.x seconds or 3.x - I was not able to set SQLMap to miliseconds or seconds with commas or points) and retrieved all the needed data using slow guessing letters method. But it did the job although it was very slow. With SQLMap it detects MySQL timebased blind, but is not able to retrieve any data. Payload says that there is a possibility of IDS/IPS defence. What should I do to get the database name? Any tampering scripts or combinations of them? Is it possible to get the names of DBs and tables faster than Havij slo-mo guessing?<br />There's another site with which I have a similar problem. That's http://hack-games.com . I set crawling to 2 and use parameters 'doaction' or 'pmid' . SQLMap finds blind boolean injection, but once again hits the IDS/IPS defence. Havij on the same page only without crawling (I specified the page SQLMap found while crawling, but don't remember it :D) found the DB, but it wasn't able to get normal characters instead of square boxes. That is probably just an encoding issue.<br />Could anyone help me to sort out this situation?<br /><br />P.S.<br />Havij also does database name character count retrieval, before guessing the numbers. I'm not sure if SQLMap has such function.<br />P.P.S. <br />I won't use your help to do something illegal with SQLMap, I'm just having fun from hacking. No harm done to any of higher mentioned or any other webpages. <div id="sig_lower"> </div> |