| Main Archive Page > Month Archives > metasploit-framework archives |
Re: [framework] equivalance of darkOraSQli.py
From: Jacky Jack <jacksonsmth698_at_nospam>Date: Fri Mar 26 2010 - 02:29:56 GMT
To: Richard Miles <richard.k.miles@googlemail.com>
Pangolin free version doesn't support Oracle.
What I wish is to gain shell back from Oracle Web SQL Injection.
Is this module available in Metasploit ?
On Fri, Mar 26, 2010 at 10:06 AM, Richard Miles
<richard.k.miles@googlemail.com> wrote:
>
> Maybe Pangolin?
> http://www.nosec.org/tag.php?tag=Pangolin
>
> On Thu, Mar 25, 2010 at 8:34 PM, Jacky Jack <jacksonsmth698@gmail.com>
> wrote:
>>
>> Thanks, by the way, sqlmap sucks to me.
>> For some URL (get request) , it states that the params are not
>> injectable where they are in fact injectable.
>>
>>
>>
>> On Fri, Mar 26, 2010 at 12:57 AM, Ulisses Castro <uss.thebug@gmail.com>
>> wrote:
>> > Hi Jacky,
>> > Metasploit has sqlmap module inside, also you can use stand alone sqlmap
>> > too.
>> > My two cents...
>> >
>> > On Wed, Mar 24, 2010 at 10:05 PM, Jacky Jack <jacksonsmth698@gmail.com>
>> > wrote:
>> >>
>> >> Hi all
>> >>
>> >> As darkc0de is down, I can't download darkOraSQli which use Oracle SQL
>> >> Injection that exploits dbms_export_extension.
>> >> Does Metasploit have such kind of plugins for attacking Oracle via web
>> >> ?
>> >>
>> >> Thank you.
>> >> _______________________________________________
>> >> https://mail.metasploit.com/mailman/listinfo/framework
>> >
>> >
>> >
>> > --
>> > Ulisses Castro, CEH, LPIC-2
>> > Security Researcher
>> > Blog: http://ulissescastro.wordpress.com
>> > Twitter: http://www.twitter.com/usscastro
>> > Conviso IT Security - http://www.conviso.com.br
>> >
>> _______________________________________________
>> https://mail.metasploit.com/mailman/listinfo/framework
>
>
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework