LegioNRST Posted July 2, 2012 Report Share Posted July 2, 2012 (edited) Deface page creator:Use: deface.py yourpage.html[code]import sysimport timeif len(sys.argv) < 2: print 'Usage deface.py index.html , this will create an index.html file with deface .' sys.exit()file = sys.argv[1] myfile = open(file,'w')print ' Colors: 'print '-----------------------------------------------------------------------------'print ' | black | white | 'print '================================================================'while True: var = raw_input ('1.Type the color for background here => ') if var in ['black','white']: break else: print 'Wrong color..!'print >> myfile, '<body bgcolor=','"',(var),'"','>'print '================================================================'print ' Colors ' print ' | black | white | green | red | purple | blue | gray | 'print '================================================================'while True: var1 = raw_input ('2.Type the text color here => ') if var1 in ['black','white','green','orange','red','purple','blue','gray']: break else: print 'Wrong color..!'print >> myfile, '<p align="center"><b><font color=','"',(var1),'"','size="3">'if var == 'black': print '================================================================' print ' Choose an image : ' print '| hacked1 | fingerprint | spy | hacked2 | silence | gameover |' print '| leg | hand | hitman | smoke | hacked3 | ' print ' | other | ' print '================================================================' while True: var4 = raw_input ('3.Put the image name here => ') if var4 in ['hacked1','fingerprint','spy','hacked2','silence','gameover','leg','hand','hitman','smoke','hacked3','other']: break else: print 'Wrong image name..! ' print '================================================================' if var4 == 'fingerprint': print >> myfile,' <center><img src="http://www.mandel.ro/logos/animFingerprintBlack.gif"></center>' if var4 == 'hacked1': print >> myfile,' <center><img src="http://site.mynet.com/the_chip/hacked2323.jpg"></center>' if var4 == 'spy': print >> myfile,' <center><img src="http://www.bluesilk.hu/images/stories/spy.gif"></center>' if var4 == 'hacked2': print >> myfile,' <center><img src="http://expclan.comli.com/index_files/43084476ii9.png"></center>' if var4 == 'silence': print >> myfile,' <center><img src="http://demafmipauns.files.wordpress.com/2010/05/sayu0i.jpg"></center>' if var4 == 'gameover': print >> myfile, '<center><img src="http://img10.imageshack.us/img10/4974/yumaqalt.jpg"></center>' if var4 == 'leg': print >> myfile, '<center><img src="http://img268.imageshack.us/img268/6802/thehackerericborgozone1.jpg"></center>' if var4 == 'hand': print >> myfile, '<center><img src="http://i728.photobucket.com/albums/ww286/vyc0d/owned.jpg"></center>' if var4 == 'hitman': print >> myfile, '<center><img src="http://t0.gstatic.com/images?q=tbn:lYCsFDr4o7mh1M:http://www.renoascensori.it/hacked.jpg&t=1"></center>' if var4 == 'smoke': print >> myfile, '<center><img src="http://t1.gstatic.com/images?q=tbn:YgDh8qCPAtwgoM:http://i46.tinypic.com/2gtxdo1.jpg&t=1"></center>' if var4 == 'hacked3': print >> myfile, '<center><img src="http://img.webme.com/pic/c/cobbra-g3ncii/hacked.jpg"></center>' if var4 == 'other': while True: var4 = raw_input ('Please enter the URL of your picture here: ' ) if var4.endswith(('.jpg','.png','.gif','.JPG','.PNG','.GIF')) : break else: print 'Wrong image name..! ' print >> myfile,'<center><img src="',(var4),'"></center>'if var == 'white': print '================================================================' print ' Choose an image : ' print ' | eye | door | fingerprint | wanted | sleep | other | ' print '================================================================' while True: var4 = raw_input ('3.Put the image name here => ') if var4 in ['door','fingerprint','wanted','sleep','eye','other']: break else: print 'Wrong image...'print '================================================================'if var4 == 'door': print >> myfile,'<center><img src="http://www.cdscreative.com/images/door.jpg"></center>'if var4 == 'fingerprint': print >> myfile,' <center><img src="http://www.idfpr.com/DPR/images/fingerprint.gif"></center>'if var4 == 'wanted': print >> myfile,' <center><img src="http://www.allstarcardsinc.com/_derived/buy_list.htm_txt_wanted1.gif"></center>'if var4 == 'sleep' : print >> myfile,' <center><img src="http://www.do2learn.com/picturecards/images/imageschedule/sleep_l.gif"></center>'if var4 == 'eye' : print >> myfile,' <center><img src="http://www.christina-reysen.com/images/eye_open.gif"></center>'if var4 == 'other': while True: var4 = raw_input ('Please enter the URL of your picture here: ' ) if var4.endswith(('.jpg','.png','.gif','.JPG','.PNG','.GIF')) : break else: print 'Must enter an URL that contains an image file..! ' print >> myfile,'<center><img src="',(var4),'"></center>'print '================================================================'while True: var2 = raw_input ('4.put your signature here => ') if len(var2) < 30 : break else: print 'Signature too large..!'print >> myfile, '<script>'print >> myfile, 'if (document.layers)'print >> myfile, 'var ns4def=""'print >> myfile, '</script>'print >> myfile, '<p align="center"><b><font size="4">'print >> myfile, '<h2 id="flyin"style="position:relative;left:-400;font-style:italic"'print >> myfile, 'style=&{ns4def};>'print >> myfile, '<font face="Arial">','Owned by',(var2),'</font></h2>'print >> myfile, '</font></b></p>'print >> myfile, '<script language="JavaScript1.2">'print >> myfile, 'if (document.getElementById||document.all)'print >> myfile, 'var crossheader=document.getElementById? document.getElementById("flyin").style : document.all.flyin.style'print >> myfile, 'function animatein(){'print >> myfile, 'if (parseInt(crossheader.left)<0)'print >> myfile, 'crossheader.left=parseInt(crossheader.left)+20'print >> myfile, 'else{'print >> myfile, 'crossheader.left=0'print >> myfile, 'crossheader.fontStyle="normal"'print >> myfile, 'clearInterval(start)'print >> myfile, '}'print >> myfile, '}'print >> myfile, 'if (document.getElementById||document.all)'print >> myfile, 'start=setInterval("animatein()",50)'print >> myfile, '</script>'print >> myfile, '<p>'print >> myfile, '<font face="Tahoma"><a target="_blank"'print '================================================================'print ' Choose: 'print ' | yes | no | ' print '================================================================'while True: var7 = raw_input ('Do you want to add some other text message?: ') if var7.lower() == 'no' : print '================================================================' print ' Wait...' time.sleep(1) myfile.close() print 'Your HTML file is ready ,I will exit now... ' time.sleep(2) sys.exit() elif var7.lower() == 'yes' : break else: print ("Please enter 'yes' or 'no' ...!") print '================================================================'print ' Choose one of the color from the list ' print ' | black | white | green | red | purple | blue | gray | 'print '================================================================'while True: var8 = raw_input ('Type the text color that you want here => ') if var8 in ['black','white','green','orange','red','purple','blue','gray ']:break else: print 'Wrong color..!'print >> myfile, '<p align="center"><b><font color=','"',(var8),'"','size="3">'print '================================================================'while True: var9 = raw_input ('Put your comments here => ') if len(var9) < 150 : break else: print 'Comments are too large..!'print >> myfile, var9print >> myfile, '</font></b></p>'print '================================================================'print 'Processing your HTML file please wait...'time.sleep(2)print '...'time.sleep(2)myfile.close()print ' Work done ,your HTML file was defaced , i will exit... 'time.sleep(1)sys.exit()#END [/code]http://hotfile.com/dl/61475254/9850a03/def.tar.gz.htmlSQLInject finder:#!/usr/bin/env python-------------------------------------------------------------------------------## sqlinject-finder.py# Description: Simple python script that parses through a pcap and looks at the # GET and POST request data for suspicious and possible SQL injects.#####################################################################################import dpkt, re, urllib, sys, getopttab = False#removes inline comments that can sometimes be used for obfuscating the sqldef removeComments(val): while True: index = val.find("/*") index2 = val.find("*/") if index != -1 and index2 != -1: #looks like there is some type of SQL obfuscation, let's remove the comments remove = val[index:index2+2] val = val.replace(remove, "") else: break return val#checks for common sql injection tactics using all the variables from post or get datadef analyzeRequest(vals, sIP, page, frameno): var = vals[0] #the variable, i.e. in id=1, the var is id val = vals[1] #the value, i.e. in id=1, the val is 1 val = val.decode('ascii') #not sure if this is really doing anything, but we need to deal with non ascii characters for analysis val = urllib.unquote(val) #removes url encodings like %20 for space, etc val = val.replace("+", " ") #sometimes in urls, instead of a space you can have a + . So, we want to remove those for analysis #print val display = [False, sIP, page, var, val] ##### Look for obfuscation techniques ###### index = val.find("/*") if index != -1: display[0] = True display.append("Might be attempting to obfuscate a SQL statement with a comment") val = removeComments(val) ##### Look for commenting out the end of a MSSQL statement ###### index = val.rfind("--") if index != -1: display[0] = True display.append("Might be attempting to end a SQL statement by commenting out the remaining statement") ##### Look for commenting out the end of a MySQL statement ##### index = val.rfind("#") if index != -1: display[0] = True display.append("Might be attempting to end a SQL statement by commenting out the remaining statement") ##### Look for common SQL syntax in the values of a param ##### sqlvals = ("cast(", "declare ", "select ", "union ", "varchar", "set(", "create ", " or ", " NULL,", " concat(") for sql in sqlvals: index = val.lower().find(sql) if index != -1: display[0] = True display.append("Possible use of SQL syntax in variable") break if display[0] == True: if tab: line = str(display[1]) + "\t" + str(display[2]) + "\t" + str(display[3]) + "=" + str(display[4]) + "\t" + str(frameno) for i in range(len(display)-5): line = line + "\t" + str(display[i+5]) print line else: print "Source : " + str(display[1]) print "Page : " + str(display[2]) print "Value : " + str(display[3]) + "=" + str(display[4]) print "Frame : " + str(frameno) for i in range(len(display)-5): print "Reason : " + str(display[i+5]) print ""def octetIP(sIP): ip = "" for s in sIP: ip = ip + str(ord(s)) + "." return ip[:-1]#reads the pcap file and parses out get and post requests for analysisdef parsepcap(filename): try: f = open(filename, 'rb') except: print "Error reading file. Please make sure the file exists" sys.exit() try: pcap = dpkt.pcap.Reader(f) except: print "Error reading file. Please make sure the file is a valid pcap file." sys.exit() sIP="" page="" frameno = 1 for ts, buf in pcap: eth = dpkt.ethernet.Ethernet(buf) ip = eth.data #make sure we are dealing with ip (2048) and tcp (proto=6) if eth.type ==2048 and ip.p == 6: tcp = ip.data #assuming http is running on port 80 if tcp.dport == 80 and len(tcp.data) > 0: index = 1 getvals = "" try: http = dpkt.http.Request(tcp.data) url = http.uri #deal with post data if http.method == "POST": getvals=http.body index = url.find("?") if index != -1: page = url[:index] else: page = url #deal with GET data elif http.method == "GET": index = url.rfind("?") if index != -1: getvals = url[index+1:] page = url[:index] except: data = tcp.data index = str(data).find("POST") if index == 0: url = str(data).split(" ") page = url[1] #POST is usually always the second value in the POST index = str(data).count("\n") #need to look into this method a little more, basically, we want to get POST data out of other streams if index == 0: index = str(data).find("=") if index != -1: getvals = str(data) #split up each variable and its cooresponding value if getvals != "": getvals = getvals.split("&") for val in getvals: i = val.find("=") val = (val[:i], val[i+1:]) sIP = octetIP(ip.src) analyzeRequest(val, sIP, page, frameno) frameno += 1 f.close()#usage stuffdef usage(): print "" print "This tool parses through a pcap file and looks for potential SQL injection attempts." print "" print "usage: sqlinject-finder.py -f filename [-t]" print "Options and arguments (and corresponding environment variables):" print "-f, --filename : valid pcap file" print "-t, --tab : prints output in tab delimited format" print "-h, --help : shows this screen" print "" print "Example: #python sqlinject-finder.py -f capture.pcap" print " #python sqlinject-finder.py -f capture.pcap -t > capture.tsv" print ""def main(): try: opts, args = getopt.getopt(sys.argv[1:], "f:th", ["filename=", "tab", "help"]) except getopt.GetoptError, err: print str(err) usage() sys.exit(2) filename = "" for o, a in opts: if o in ("-f", "--filename"): filename = a elif o in ("-t", "--tab"): global tab tab = True elif o in ("-h", "--help"): usage() sys.exit() else: usage() sys.exit() if (filename == ""): print "please specify a filename" sys.exit() if tab: print "Source\tPage\tValue\tFrame\tReason(s)" parsepcap(filename) if __name__ == "__main__": main() Edited July 2, 2012 by LegioNRST Quote Link to comment Share on other sites More sharing options...
DarkyAngel Posted July 2, 2012 Report Share Posted July 2, 2012 Sursele? // again , skiddie tools Quote Link to comment Share on other sites More sharing options...
LegioNRST Posted July 2, 2012 Author Report Share Posted July 2, 2012 crezi ca nu as fii pus sursa daca o aveam? am avut scriptul intr-un document vechi. Quote Link to comment Share on other sites More sharing options...
DarkyAngel Posted July 2, 2012 Report Share Posted July 2, 2012 trebuia s? fi specificat asta. ( ?i cu un search pe google le-ai fi g?sit:sqlinject-finder - Script parses through a pcap and looks for common SQL inject characteristics - Google Project HostingDeFACed page - Pastebin.com ) 1 Quote Link to comment Share on other sites More sharing options...
WarrioR. Posted July 17, 2012 Report Share Posted July 17, 2012 Nice share budd I realy like it Quote Link to comment Share on other sites More sharing options...