Marathon Tool 盲注工具汉化版
常规讨论
-
介绍
此为Marathon Tool 盲注工具汉化版,源码开源,原作者:Daniel Kachakil 、Chema Alonso、Alejandro Martín。
项目地址:http://marathontool.codeplex.com/
汉化:Willin Wang,仅供交流。
调试环境:
Visual Studio 2012, VB.net (4.5推荐),无需数据库。
目标框架:.net framework 2.0。
项目介绍
Marathon Tool 是一款基于时间的SQL注入工具。支持 Microsoft SQL Server, Microsoft Access, MySQL 或 Oracle Databases.
支持特性:- 数据库摘要获取 SQL Server, Oracle, MySQL
- 数据获取 Microsoft Access 97/2000/2003/2007
- 参数注入 GET / POST
- SSL 支持
- HTTP 代理
- 授权: Anonymous, Basic, Digest and NTLM
- 其他
Project Description
Marathon Tool is a POC for using heavy queries to perform a Time-Based Blind SQL Injection attack. This tool is still work in progress but is right now in a very good alpha version to extract information from web applications using Microsoft SQL Server, Microsoft Access, MySQL or Oracle Databases.
Application Supported features:- Database Schema extraction from SQL Server, Oracle and MySQL
- Data extraction from Microsoft Access 97/2000/2003/2007 databases
- Parameter Injection using HTTP GET or POST
- SSL support
- HTTP proxy connection available
- Authentication methods: Anonymous, Basic, Digest and NTLM
- Variable and value insertion in cookies (Does not support dynamic values)
- Configuration available an flexible for injections
- Configurable Log
汉化版源码:http://code.msdn.microsoft.com/Marathon-Tool-c2e0f4a4
