none
Marathon Tool 盲注工具汉化版 RRS feed

  • 常规讨论

  • 介绍

    此为Marathon Tool 盲注工具汉化版,源码开源,原作者:Daniel Kachakil 、Chema Alonso、Alejandro Martín。

    项目地址:http://marathontool.codeplex.com/

    汉化:Willin Wang,仅供交流。

    调试环境:

    Visual Studio 2012, VB.net (4.5推荐),无需数据库。

    目标框架:.net framework 2.0。

     

    项目介绍

    Marathon Tool 是一款基于时间的SQL注入工具。支持 Microsoft SQL Server, Microsoft Access, MySQL 或 Oracle Databases.


    支持特性:

    • 数据库摘要获取 SQL Server, Oracle, MySQL
    • 数据获取 Microsoft Access 97/2000/2003/2007 
    • 参数注入 GET /  POST
    • SSL 支持
    • HTTP 代理
    • 授权: Anonymous, Basic, Digest and NTLM
    • 其他

     

     

    Project Description

    Marathon Tool is a POC for using heavy queries to perform a Time-Based Blind SQL Injection attack. This tool is still work in progress but is right now in a very good alpha version to extract information from web applications using Microsoft SQL Server, Microsoft Access, MySQL or Oracle Databases.


    Application Supported features:

    • Database Schema extraction from SQL Server, Oracle and MySQL
    • Data extraction from Microsoft Access 97/2000/2003/2007 databases
    • Parameter Injection using HTTP GET or POST
    • SSL support
    • HTTP proxy connection available
    • Authentication methods: Anonymous, Basic, Digest and NTLM
    • Variable and value insertion in cookies (Does not support dynamic values)
    • Configuration available an flexible for injections
    • Configurable Log

    汉化版源码:http://code.msdn.microsoft.com/Marathon-Tool-c2e0f4a4


    Willin.org

    2012年11月29日 9:54