SQL obfuscation

Re: SQL obfuscation

Gareth Heyes — Mon, 16 Aug 2010 16:02:11 -0500

omg newbie error dup thread doh

Re: SQL obfuscation

Anonymous User — Mon, 16 Aug 2010 13:37:12 -0500

Guess what that one yields on SQLite?

;;SELECt-"'~!1"'!,/*!\999*/1!\1

And this one on MySQL?

SELECT-!!-1||! !N'1'|2

Re: SQL obfuscation

Anonymous User — Mon, 16 Aug 2010 13:26:08 -0500

I would love to post some _ucs2 stuff but we all now the allowed char range here kinda forbids that :P

What about this thread?

Re: SQL obfuscation

Gareth Heyes — Mon, 16 Aug 2010 10:35:32 -0500

Yeah pretty lame but I realized we hadn't done anything here

.....
Mysql:-
SET @c = CONCAT(b'01010011',b'01100101',b'01001100',b'01100101',b'01100011',b'01110100',' ',b'00110001');
PREPARE s FROM @c;EXECUTE s;

Variation:-
SET @c = CONCAT(_latin1 b'01010011',_latin1 b'01100101',_latin1 b'01001100',_latin1 b'01100101',_latin1 b'01100011',_latin1 b'01110100',' ',_latin1 b'00110001');
PREPARE s FROM @c;EXECUTE s;

SET @c = CONCAT(REPLACE(MAKE_SET(5,'SEL','xxxxx','ECT'), ',', ''),' 1');
PREPARE s FROM @c;EXECUTE s;

Re: SQL obfuscation

Skyphire — Mon, 16 Aug 2010 10:32:16 -0500

Nice idea, I suspect a huge thread :) the sans example has been around for years btw. Simple cast, but requires a stored procedure or declared SQL function. Which is somewhat lame but useful for an attacker, but it can be done without it. Many ways I guess.

SQL obfuscation

Gareth Heyes — Mon, 16 Aug 2010 09:57:59 -0500

Thought I might as well start a SQL obfuscation topic since I saw this in my feeds:-
http://isc.sans.edu/diary.html?storyid=9397