mirror of
https://github.com/fuzzdb-project/fuzzdb.git
synced 2024-11-25 12:30:17 +00:00
.. | ||
db2-enumeration.txt | ||
ms-sql-enumeration.txt | ||
mysql-injection-login-bypass.txt | ||
mysql-read-local-files.txt | ||
postgres-enumeration.txt | ||
README.md |
various useful post-exploitation commands
ms-sql-enumeration.fuzz.txt
- ms-sqli info disclosure payload fuzzfile
- replace regex with your fuzzer for best results
- run wireshark or tcpdump, look for incoming smb or icmp packets from victim
- might need to terminate payloads with ;--
mysql-injection-login-bypass.fuzz.txt
- regex replace as many as you can with your fuzzer for best results:
- also try to brute force a list of possible usernames, including possile admin acct names
mysql-read-local-files.fuzz.txt
- mysql local file disclosure through sqli
- fuzz interesting absolute filepath/filename into