0x90.org

n a v i g a t i o n
news
releases
Absinthe
Download
About
Documentation
Contact
Absinthe Docs:
About
Installation Requirements
Setting Up the Injection
Retrieving the Schema
Retrieving the Data
wasted.cycles
like what you see?
contact

-- SELECT * FROM sneakers WHERE nickname='whistler';

-- Looking for the notorious liquor? We recommend Absinthe from ALANDIA --

Basic Usage

Absinthe does not discover injections, so it requires the user to enter all relevant information about the target host. Once Absinthe is loaded, you should be presented with a screen like this:


Here you can enter the relevant information about the vulnerable target. The URL should contain the hostname, the port and the specific page, but not the parameters to be sent and manipulated during the injection.

Entering Parameters

Parameters for the web application are entered in a separate box on the main tab. If more than one parameter is marked as injectable, Absinthe will only use the first one listed. If the injectable parameter is to be treated as a string, check the appropriate box. If the default value is not numeric, it will assume it is supposed to be a string.

Adding Cookies

Sometimes, Cookies are required to send injection parameters to the web application. These can be added in the same area as the parameters. Once the information is in the boxes, simply click the Add Cookie button.

Injection Options

For various injections and page layouts, there are certain options that affect the page recognition. This is especially true for simple demo applications. To modify these options, select Tools->Injection Options from the menu bar. You will be presented with a pop-up menu similar to this:
Injection Options Dialog


Here are what each of the options mean:

Compared Tolerance: This is the allowed tolerance for pages to be considered similar while profiling. If you know for a fact there is no content changing dynamically, this should be set to 0%.

Filter Delimiter: This is what separates elements of the HTML result page into the signature. This defaults to a carriage return. If the result has no carriage returns, or very few, it might be a good idea to change this value to something that occurs more often, such as "<br>" or "</td>".

Attack Throttle: This is a delay to be added after each of the injections. If you're trying to avoid crushing a web server, you might want to set this. If the server and code is robust, you can leave it at 0.

Attack Speedup: This is used to indicate you want the injections to run faster, and concurrently. Even though it is a slider, the only values are 0 and 1. 0 is off, 1 is on. Realistically, this should be a checkbox, but wxs wanted a slider somewhere. (Note, speedup isn't implemented everywhere. Some places run faster, some run the same speed)

Saving Target Information

At any point, you can save the information about this injection by selecting File->Save from the top menu. This will save all information entered about the host to an XML file for later use.

Initializing the Injection

Once all of the information has been entered, click the Initialize Injection button on the bottom of the screen. This will gather the base cases required to automated the process of data retrieval. After the base cases have been successfully gathered, you can save these so you won't have to initialize again during another session.