hi.pe.kr 날으는물고기·´″°³о♡ ::

2012/03/31 23:56

Domain SQL Injector - Find SQL Injection on all sites hosted on server

2012/03/31 23:56 in 모의해킹 (WAPT)

Hey Guys,

Sharing a private python script - "Domain SQL Injector - Error Based SQLi Tool"

The script has following features:
1. Crawling : it can crawl all or requested number of pages on a website
2. Reverse IP Look Up : it can find all sites hosted on a shared hosting server
3. Single-Mode Attack : Crawl and find SQLi on single website and report
4. Mass-Mode Attack : Find all sites hosted on domain, crawl one-by-one, find SQLi on each one-by-one and report
5. Targets could be skipped while crawling if found too big or irrelevant. Though the script can not be paused but could be skipped to target next site.

The script was developed as part of a Penetration Test assessment where Mass-Mode attack was required per clients request.

The Banner

Code:

# ./Domain-SQLi-finder.py

Script Help

Code:

./Domain-SQLi-finder.py -h

Single-Mode Attack - Targeting Single Website

Code:

./Domain-SQLi-finder.py --verbose 1 --url demo.testfire.net --crawl 50 --pages 5 --output testfire-SQLi.txt

It crawls all or requested number of pages, finds injectable links, finds injecatable parameters and tests SQLi payloads against each injectable parameter

Mass-Mode Attack - Targeting whole domain

Code:

# ./Domain-SQLi-finder.py --verbose 1 --durl demo.testfire.net --crawl 50 --pages 5 --sites 4 --vulsites 2 --output testfire-SQLi.txt

It starts with reserver IP lookup, if requested, and finds all domains hosted on shared hosting server

Above you can see 3 domains were found hosted on single server

Further, script would target each domain one-by-one, crawling, and testing SQLi against them

Crawling....

Usage:

--verbose : Value 0 would display minimum messages required. Value 1 would display complete progress. By default, vebosity is OFF
--output : Output file name to hold final result. If not specified, default file with name DSQLiResults.txt will be created under same directory

Single-Mode Attack:
--url : takes URL as input
--crawl : Number of pages on website to crawl (default is set to 500). Chilkat library is used for crawling
--pages : Number of vulnerable pages (injectable parameters) to find on site (default is 0 i.e. try and find all possible vulnerable pages)

Mass-Mode Attack:
--durl : URL of domain
--sites : Number of sites to scan on domain. Default is 0 i.e scan all.
--vulsites : Number of vulnerable sites to find before scanning would stop automatically. Default is 0 i.e. try to find all vulnerable sites
--dcrawl : Number of pages on website to crawl (default is set to 500)
--dpages : Number of vulnerable pages to find on site. Default is 0 i.e. try and find all possible vulnerable pages.

--reverse : This option has dual role

- If specified on command prompt with output file name, script would consider that user has done Reverse-IP lookup already i.e. a file is existing under same directory which has result of reverse-IP lookup and script just needs to read the file. This has another benefit - script doesn't have to do reverse IP lookup whenever fired. Just generate it once and if quitting script in between while targeting domain, the next time user just needs to provide it amended reverseIP Lookup file i.e. remove the already scanned target urls from list.
- If this option is not specified on command prompt, the script would perform reverse-IP lookup itself

Script generates few more files during scanning which could be considered as log files, e.g. crawler output file, unique links parsed output file, reverse-IP lookup output file.

Cheers!

PS: Part of credit goes to fb1 for not coding the concept upto my requirements else I would not have coded it myself

Domain-SQLi-finder.py.txt

DomainReverseIPLookUp.py.txt

출처 : garage4hackers.com

크리에이티브 커먼즈 라이선스

이 저작물은 크리에이티브 커먼즈 코리아 저작자표시-비영리-동일조건변경허락 2.0 대한민국 라이선스에 따라 이용하실 수 있습니다.

Posted by 날으는물고기

Crawling, Domain SQL Injector, Error Based, hi.pe.kr, Mass-Mode Attack, Reverse IP Look Up, script, Single-Mode Attack, SQL Injector, SQLi Tool, 모의해킹, 물고기

Trackback 0 Comment 0

2012/03/30 22:41

WebSploit Toolkit Version v1.5

2012/03/30 22:41 in 모의해킹 (WAPT)

WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability

Description :

[+]Autopwn - Used From Metasploit For Scan and Exploit Target Service
[+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin
[+]format infector - inject reverse & bind payload into file format
[+]phpmyadmin - Search Target phpmyadmin login page
[+]lfi - Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF
[+]apache users - search server username directory (if use from apache webserver)
[+]Dir Bruter - brute target directory with wordlist
[+]admin finder - search admin & login page of target
[+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
[+]MITM - Man In The Middle Attack
[+]Java Applet Attack - Java Signed Applet Attack
[+]MFOD Attack Vector - Middle Finger Of Doom Attack Vector
[+]USB Infection Attack - Create Executable Backdoor For Infect USB For Windows

About Author :

Founder : 0x0ptim0us (Fardin Allahverdinajhand)
Location :  Azarbaycan

출처 : http://sourceforge.net/projects/websploit/

크리에이티브 커먼즈 라이선스

이 저작물은 크리에이티브 커먼즈 코리아 저작자표시-비영리-동일조건변경허락 2.0 대한민국 라이선스에 따라 이용하실 수 있습니다.

Posted by 날으는물고기

attack, Autopwn, hi.pe.kr, MITM, PHPMyAdmin, toolkit, WebSploit, wmap, 모의해킹, 물고기

Trackback 0 Comment 0

2012/03/29 20:49

봄꽃 따라 떠나는 나들이

2012/03/29 20:49 in 기타임시 (TEMP)

봄꽃 따라 떠나는 나들이

봄꽃 따라 떠나는 나들이
꿩먹고 알먹고 도랑치고 가재잡고 봄꽃보고 바람쐬고!
봄은 역시 꽃이다. 이름도 얄미운 ‘꽃샘추위’의 질투만 이겨내면 진짜 봄이 시작된다. 한반도 대표 ‘봄의 전령(傳令)’을 따라가 보자. 찬바람 품은 동백(冬栢)은 물론 섬진강변을 새하얗게 물들이는 매화며 벚꽃이 아련한 봄날의 시작이자 정점을 알린다. 산수유꽃의 선명한 노란색이 반가운 지금, 드디어 봄이 왔다. 봄꽃 구경은 물론 봄꽃 피어내는 주변 구경까지 더해보자. 살랑, 봄바람이 반갑다고 속삭인다. 정리 : 이소원 취재기자