Fatcat Automatic Web SQL Injector by Sandeep Kamble
FatCat V2– Automatic Web [S]QL-InjectorSandeep Kamble AKA [S] Parason INC Blog : http://sandeepkamble.com Twitter: @SandeepL337
#/usr/bin/whoami•Narcissistic Vulnerability Pimp (aka SecurityResearcher for fun)•Listed in Google , Facebook , Twitter , Drop box ,Cloud flare , 500px , Lynda.com , Central DesktopSecurity Pages.•Ahhh ? What are those Vulnerabilities•Member of Garage4hackers.com & you can findPOC @G4h.
Index •Introducing FatCat Beta 2 •SQL Injection in Brief • FatCat Injgredients 1) DB Information & server Information gathering. 2) Normal SQL injection. 3) Error Based SQL injection. 4) WAF (Web Application Firewall)Bypass functions. •C-Style Mysql comment WAF Bypass •Buffer overflow WAF Bypass •CRLF WAF Bypass •Bypass with Information_schema.statics •Bypass with Information_schema.key_column_usage 5) Countermeasures 6) Demo
Provide Good Advise for GoodPeople Warning! : FatCat is being used for security research. All PHP files will be infected and all yours data will be collected. If you want to be safe, dont use this Tool. If you do that, dont send sensitive information. If after all you continue, do it on your own risk
Ladies gentleman introducingFatCat V2 1) It’s New , it’s cool to use , inject web! 2) Normal SQL injection 3) Error Based SQL injection 4) WAF (Web application firewall ) Bypass function. 5) Helpful to Pentester – You can create POC from anywhere . 6) It supports Mysql 5.0 7) Developed in PHP 8) FatCat made 3400+ Downloads on Code.google.com
SQL injection in Brief It’s me .. Hi, :/ “SQL Injection happens when user manipulate input & form a SQL Query. “ Sending payload !@#$%^&*()
FatCat Ingredients 1) DB Information & server Information gathering. 2) Normal SQL injection. 3) Error Based SQL injection. 4) WAF (Web Application Firewall)Bypass functions.
FatCat Ingredients1) DB Information & server Information gathering. By using MYSQL Statement , Db & Server information can be gathered 1. Finding Total Column Count 9. Max allowed Packet size • Order by n+1; • @@max_allowed_packet 2. Finding MySQL Version function • VERSION () Function 3. Finding current User • User() Function 4. Finding Data Directory • @@datadir Function 5. Finding Base Directory • @@basedir Function 6. Finding Host Name • @@hostname Function 7. Finding Operating System • @@version_compile_os Function 8. Finding Current Database name • Database() Function
FatCat Ingredients1) Normal SQL injection •It is also Know as Union SQL injection •Union help us to combine two result set of the select statement •Eg: Id=-2+Union+select+13371,13372,13373,13374-- -
FatCat Ingredients2) Error based SQL injection •It is also Know as Double Query SQL injection •Some times union based SQLi get fails that time you can use Error based SQLi • A query which confuse the DB engine and produce helpful mysql errors •Eg: select gmailid,(select password from id where id=9) As Google_India from id; Aww .. ! Double Query duplicate entry ~‘Clubhack_screte~1 for key 1 Sending payload !@#$W00T%^&*() FatCat web interface
FatCat Ingredients 1. Protection Against OWASP Top Ten! 2. Types of Vulnerabilities it can prevent. 3. Brute Force protection.In simple language , It’s Monitor HTTP conversation
FatCat Ingredients3) WAF (Web application Firewall) Bypass •We use Following Methods to bypass WAF •C-Style Mysql comment WAF Bypass •Buffer overflow WAF Bypass •CRLF WAF Bypass •Bypass with Information_schema.statics •Bypass with Information_schema.key_column_usage •Linux Based WAFS •AppArmor •ModSecurity - Also works under Mac OS X, Solaris and other versions of Unix. •Systrace •Zorp
FatCat Ingredients3) WAF (Web application Firewall) Bypass 1. Mysql Comment WAF bypass •Syntax /*! Mysql Statements */ •Example