Automated Blind SQL Injection Attacking Tools~bsqlbf Brute forcer

What is Blind SQL Injection: Some Websites are vulnerable to SQL Injection but the results of injection are not visible to the attacker...

What is Blind SQL Injection:
Some Websites are vulnerable to SQL Injection but the results of injection are not visible to the attacker.  In this situation, Blind SQL Injection is used. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. This type of attack can become time-intensive because a new statement must be crafted for each bit recovered.
There are plenty of automated Blind Sql Injection tool available. Here i am introducing one of Tool named as bsqlbf(expanded as Blind Sql Injection Brute Forcer).

This tool is written in Perl and allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections
Supported Database:
  • MS-SQL
  • MySQL
  • PostgreSQL
  • Oracle

The tool supports 8 attack modes(-type switch):-
Type 0: Blind SQL Injection based on true and false conditions returned by back-end server

Type 1: Blind SQL Injection based on true and error(e.g syntax error) returned by back-end server.

Type 2: Blind SQL Injection in "order by" and "group by".

Type 3: extracting data with SYS privileges (ORACLE dbms_export_extension exploit)

Type 4: is O.S code execution (ORACLE dbms_export_extension exploit)

Type 5: is reading files (ORACLE dbms_export_extension exploit, based on java)

Type 6: is O.S code execution DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC exploit

Type 7: is O.S code execution SYS.KUPP$PROC.CREATE_MASTER_PROCESS(), DBA Privs

-cmd=revshell Type 7 supports meterpreter payload execution, run generator.exe first

Type 8: is O.S code execution DBMS_JAVA_TEST.FUNCALL, with JAVA IO Permissions

-cmd=revshell Type 8 supports meterpreter payload execution, run generator.exe first

For Type 4(O.S code execution) the following methods are supported:

-stype: How you want to execute command:

SType 0 (default) is based on java..will NOT work against XE.

SType 1 is against oracle 9 with plsql_native_make_utility.

SType 2 is against oracle 10 with dbms_scheduler.

This Article is for Education purpose only.  The above mentioned software is developed for Penetration testers to test their own Web application Vulnerability. 



0day,4,404,1,Account,1,Acunetix,1,Adobe,1,Android,12,anonymity,3,Antivirus,5,Apk,2,App Store,1,audio,1,backdoor,1,Backtrack Tutorials,5,Binders,1,Blogger,9,blogger templates,1,blogging,1,Booters,1,Breach,1,Brute Force Cracking,4,business,1,c99,1,Cain and Abel Tool,3,Candy Crush Soda Saga,1,CEO,1,clone,5,Command Prompt Hacks,2,computer,1,Computer Tricks,5,cookie,1,Cookie Stealing,2,cookies,1,Corrupt,1,Cpanel Cracking,1,Cpanels,1,cracked apk,1,Cracked PC Game Latest,1,cracking,9,Create Virus,2,Cross site Scripting,3,Crypter,1,Cryptography,1,Cyber News,9,Cyber War,1,darknet,1,Data,1,Database Hacking,4,DDOS,1,DDoS Attack Pack,1,deepweb,2,deface,4,Dictionary Attacks,2,DNN,1,DNS Hacking/Hijacking,2,Domain,3,Dorks,2,Dos/DDos,3,Doxing,2,Drupal,1,Election Commission,1,Email Hacking,14,EVM Hacking,1,Exploits,12,Extratorrents,1,Facebook,31,Facebook Hacks,29,Fake Call,2,Features,1,free,1,Free Minutes,3,Free Recharge,6,Free Softwares,20,Freeze,1,FreeZone,9,Games,7,Gmail Hacks,15,Gold,1,Google Chrome Tricks,4,google dorks,2,Google Play Store,1,Google Tricks,8,Grand Theft Auto 5 {G.T.A V },1,hack cctv camera,1,Hacking,37,hacking Tools,21,Hacking Tricks,28,Hash Codes Cracking,5,Hash Types,1,havij,1,hotmail,2,how to,12,HTML Injection,1,images,1,Information Security,1,Information Security Event,1,Information Security Summit,1,internet,2,internet hacks,33,Internet security,1,ip hacking,1,javascript,2,Joomla,2,kali,2,Keyloggers,11,Kickass Torrents,1,Latest,1,LinkedIn,1,linux,1,Lucky Patcher,1,lucky patcher cracked,1,lucky patcher cracked latest,1,MAC,1,Make Money,6,Malware Protection,2,MD5 Cracking,1,messages,1,Messenger,1,Metaspolit,3,MMS,1,Mobile Tricks,22,Modded APK,3,Modded quickly,1,Netbios Hacking,1,network security,10,News,3,Notepad Tricks,2,operating system,2,OphCrack,1,OurMine,1,password Crack,7,PC,1,pentesting,5,pentesting tools,2,Phishing,1,Phising,1,Prank calls,1,RAT,4,RAT's,1,receive,1,redirect,1,remote hacking,3,Rockstar,1,Scanner,2,Security,3,security tips,10,send,1,SEO,3,Sharecash,1,Shell,5,Shell Upload,3,Sms,1,SMS Bomber,1,Social Engineering,2,Spoofing,1,SQL,13,SQL Hacks,10,SQL Injection,2,Stealers,1,Tech News,8,template,5,text,1,tips,1,Torrents,2,tricks,10,twitter,1,video,1,Virusses,1,VLC Media Player Tricks,4,Vulnerability,23,Web Application Vulnerability,17,Webcam (Cam),1,website hack,42,WhatsApp,1,WHMCS Hacking,1,Windows Hacks,16,Wordpress,1,XSS,6,yahoo,3,
The Hackers Store: Automated Blind SQL Injection Attacking Tools~bsqlbf Brute forcer
Automated Blind SQL Injection Attacking Tools~bsqlbf Brute forcer
The Hackers Store
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy