Dailydave mailing list archives
hotel room things
From: Dave Aitel <dave () immunityinc com>
Date: Sun, 13 May 2007 18:23:28 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So I have a few things, other than AllergyWeb, that I want to write. Top on my list is a "SQL Injection Explorer" which allows you to use the error messages to download bits of a database as if it was a directory tree. This is useful when you end up doing SQL Injection against a DB server that has the following characteristics: o it's far away from any ability to access the internet or call back to you o it's not running as an admin user, and it doesn't have a weak admin password for you to brute force o you don't have an easy way to get results other than the error messages from your sql injection o you don't want to use 0day to root the DB server One option is to have a script that automatically downloads the whole database, but this has two problems: o Terrabytes of data coming back over the error messages sucks especially since 99% of it is stuff you don't care about o Databases change a lot over time, which is one of the things you want to explore with a nice graphical tools. Second on my list is an export from CANVAS -> Visio-like network diagrams. People can use CANVAS to quite easily find out networking information, like traceroutes, firewall rulesets, open ports, etc. and I'd like to have this sort of information in my reports. Ideally you could export directly into OpenOffice, but if not, a nice orthogonal graph would be pretty. Anyways, these are the things you think about while in hotel rooms in random cities. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGR4/etehAhL0gheoRAi5gAJ9LhFFtOEjZdaDiEi0HPJUxvfVTMQCbBetm QOn5DG+jbuiPfGQTtaOfI10= =A5A1 -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- hotel room things Dave Aitel (May 13)
- Re: hotel room things rd (May 14)
- Re: hotel room things Rhys Kidd (May 14)
- Re: hotel room things rd (May 14)