what you don't know can hurt you
Showing 1 - 25 of 30 RSS Feed

Files from Bernardo Damele

Email addressbernardo.damele at gmail.com
First Active2006-12-15
Last Active2019-02-05
SQLMAP - Automatic SQL Injection Tool 1.3.2
Posted Feb 5, 2019
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates. Implemented support for automatic decoding of page content through detected charset. Added new tampering scripts avoiding popular WAF/IPS mechanisms. May other additions and fixes.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | b9e8559cf071037f2344a0160a237897
SQLMAP - Automatic SQL Injection Tool 1.3
Posted Jan 7, 2019
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 1a3875f12c086f1c3924014c72cdc928
SQLMAP - Automatic SQL Injection Tool 1.2.12
Posted Dec 7, 2018
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 431249d7af567a0c9086f93e62aa44fa
SQLMAP - Automatic SQL Injection Tool 1.2.11
Posted Nov 5, 2018
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 5fdd5bb9be166686620512abe0f11658
SQLMAP - Automatic SQL Injection Tool 1.2.10
Posted Oct 3, 2018
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 55e5aa88807d9ea720edd95792a335a6
SQLMAP - Automatic SQL Injection Tool 1.2.9
Posted Sep 5, 2018
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 001dd095cf0009c79d3e957e256abc10
SQLMAP - Automatic SQL Injection Tool 1.2.8
Posted Aug 27, 2018
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | f8172574e6c94b3c3fdce9988fe1d65e
SQLMAP - Automatic SQL Injection Tool 1.2
Posted Jan 8, 2018
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 862558365029f485db2aaad254bfa469
Oracle MySQL UDF Payload Execution
Posted Dec 22, 2017
Authored by Tod Beardsley, Bernardo Damele, h00die | Site metasploit.com

This Metasploit module creates and enables a custom UDF (user defined function) on the target host via the SELECT ... into DUMPFILE method of binary injection. On default Microsoft Windows installations of MySQL versions 5.5.9 and below, directory write permissions not enforced, and the MySQL service runs as LocalSystem. NOTE: This Metasploit module will leave a payload executable on the target system when the attack is finished, as well as the UDF DLL, and will define or redefine sys_eval() and sys_exec() functions.

tags | exploit
systems | windows
MD5 | bcf3d2156b2ec4dfa9eb9e73784fb039
SQLMAP - Automatic SQL Injection Tool 1.1.3-4
Posted Mar 1, 2017
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Major improvements to program stabilization based on user reports. Added new tampering scripts avoiding popular WAF/IPS/IDS mechanisms. Fixed major bug with DNS leaking in Tor mode. Various other support added.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | ffae51561a220c8e8b7e8c677559b6e5
SQLMAP - Automatic SQL Injection Tool 0.9
Posted Apr 11, 2011
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Rewritten SQL injection detection engine. Added full support for both time-based blind SQL injection and error-based SQL injection techniques. Various other support added.
tags | web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 608d5773e0925e96e618171829d679b9
PostgreSQL for Microsoft Windows Payload Execution
Posted Mar 23, 2011
Authored by Bernardo Damele, todb | Site metasploit.com

This Metasploit module creates and enables a custom UDF (user defined function) on the target host via the UPDATE pg_largeobject method of binary injection. On default Microsoft Windows installations of PostgreSQL (=< 8.4), the postgres service account may write to the Windows temp directory, and may source UDF DLL's from there as well. PostgreSQL versions 8.2.x, 8.3.x, and 8.4.x on Microsoft Windows (32-bit) are valid targets for this module. NOTE: This Metasploit module will leave a payload executable on the target system when the attack is finished, as well as the UDF DLL and the OID.

tags | exploit
systems | windows
MD5 | b3c3bb270a6a185f6005a1537920c92a
Oracle MySQL for Microsoft Windows Payload Execution
Posted Mar 9, 2011
Authored by Bernardo Damele, todb | Site metasploit.com

This Metasploit module creates and enables a custom UDF (user defined function) on the target host via the SELECT ... into DUMPFILE method of binary injection. On default Microsoft Windows installations of MySQL (=< 5.5.9), directory write permissions not enforced, and the MySQL service runs as LocalSystem. NOTE: This Metasploit module will leave a payload executable on the target system when the attack is finished, as well as the UDF DLL, and will define or redefine sys_eval() and sys_exec() functions.

tags | exploit
systems | windows
MD5 | cfe7539311caa6b110edfacce660ce1f
SQLMAP - Automatic SQL Injection Tool 0.8
Posted Mar 16, 2010
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Support to enumerate and dump all database tables. Support to parse -C when fetching columns of a table. Support for takeover features on PostgreSQL 8.4. Various other improvements and tweaks.
tags | web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 1005e55af73b4368c4f70de54bea4d24
Keimpx SMB Credential Checker 0.2
Posted Feb 12, 2010
Authored by Bernardo Damele | Site code.google.com

Keimpx is a tool to check the usefulness of credentials across a network over SMB.

tags | tool
systems | unix
MD5 | f7451a4481e82f55d819437de9577f42
SQLMAP - Automatic SQL Injection Tool
Posted Jul 28, 2009
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Adapted Metasploit wrapping functions to work with latest 3.3 development version too. Adjusted code to make sqlmap 0.7 to work again on Mac OSX too. Various other tweaks and improvements.
tags | web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | edb1a625fb18b0b8aae2fc15a66a055e
SQLMAP - Automatic SQL Injection Tool
Posted Apr 22, 2009
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: New features as described at the presentation given at Black Hat Europe.
tags | web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | e29f0ce962ca55cf04fb2f730ab39d56
Advanced SQL Injection To Operating System Full Control
Posted Apr 10, 2009
Authored by Bernardo Damele

Whitepaper called Advanced SQL Injection To Operating System Full Control.

tags | paper, sql injection
MD5 | d72fdf8cf8dd42617d2d8926ddd8a61b
SQLMAP - Automatic SQL Injection Tool
Posted Feb 4, 2009
Authored by Bernardo Damele, Daniele Bellucci | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.

Changes: Major enhancement to make the comparison algorithm work properly. Major speed increase in DBMS basic fingerprint. Added internal support to forge CASE statements. Various other additions and improvements.
tags | web, vulnerability, sql injection, python
systems | unix
MD5 | 39bd2ada1279314c9d908301683b4c9f
PostgreSQL UDF For Command Execution
Posted Jan 25, 2009
Authored by Bernardo Damele | Site bernardodamele.blogspot.com

Patched source code for lib_postgresqludf_sys that allows for command execution on postgres with user defined functions.

tags | library
MD5 | 5c7e9a6e487d5460f0d61f5d3588d195
Command Execution With A MySQL UDF
Posted Jan 21, 2009
Authored by Bernardo Damele | Site bernardodamele.blogspot.com

Patched source code for lib_mysqldudf_sys that allows for command execution on mysql with user defined functions. Adds a sys_eval() UDF to return the standard output of the command executed.

tags | library
MD5 | ec8296fe0fbc38cb457fdbb7e3214d2d
SQLMAP - Automatic SQL Injection Tool
Posted Dec 22, 2008
Authored by Bernardo Damele, Daniele Bellucci | Site sqlmap.sourceforge.net

sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specific DBMS tables/columns, run his own SQL SELECT statement, read specific files on the file system and much more.

Changes: Multiple major bug fixes and a handful of minor fixes.
tags | web, vulnerability, sql injection, python
systems | unix
MD5 | 3528f77794e8d2081900f4c9c124ea1a
PSA08-010.txt
Posted Nov 14, 2008
Authored by Bernardo Damele | Site portcullis-security.com

Portcullis Security Advisory - An information disclosure vulnerability exists in the manner that Microsoft LDAP server responds when binding to the LDAP server. In the case when an invalid password is provided, the server will respond with result code 49 (invalidCredentials) and an error message. A different error message is returned if an invalid username is provided.

tags | advisory, info disclosure
MD5 | 2a35a98673bd56e5bf65fbff37539fdc
SQLMAP - Automatic SQL Injection Tool
Posted Nov 5, 2008
Authored by Bernardo Damele, Daniele Bellucci | Site sqlmap.sourceforge.net

sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specific DBMS tables/columns, run his own SQL SELECT statement, read specific files on the file system and much more.

Changes: Multiple major bug fixes and a handful of minor fixes.
tags | web, vulnerability, sql injection, python
systems | unix
MD5 | 7876a218016633ec964bccc1450f1f3d
SQLMAP - Automatic SQL Injection Tool
Posted Oct 21, 2008
Authored by Bernardo Damele, Daniele Bellucci | Site sqlmap.sourceforge.net

sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specific DBMS tables/columns, run his own SQL SELECT statement, read specific files on the file system and much more.

Changes: Major bug fix to blind SQL injection bisection algorithm to handle an exception. Added a Metasploit Framework 3 auxiliary module to run sqlmap. Other additions and bug fixes.
tags | web, vulnerability, sql injection, python
systems | unix
MD5 | e48ced32ed7aef1926b7b5cb706977a4
Page 1 of 2
Back12Next

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    2 Files
  • 18
    Feb 18th
    27 Files
  • 19
    Feb 19th
    32 Files
  • 20
    Feb 20th
    7 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close