Thanks for sharing! On Tue, Sep 7, 2010 at 10:30 AM, Baggett, Mark <[email protected]>wrote:
> Not at all, but let me clean them up a bit first. I have a few small > errors to fix then I'll post them to the pdc blog. > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Robin Wood > Sent: Sunday, September 05, 2010 11:49 AM > To: PaulDotCom Security Weekly Mailing List > Subject: Re: [Pauldotcom] Misc Web Pen testing scripts > > Would you mind if I added these to the PenTester Scripting website > http://www.pentesterscripting.com/ ? > > Robin > > On 3 September 2010 17:31, Baggett, Mark <[email protected]> wrote: > > I'm trying to learn python. Userpass.py was my first python script. > > (http://pauldotcom.com/2010/08/draft---creating-per-user-cust.html) > > Eventually, I am going to write something that doesn't completely suck. > > There scripts are still a work in progress. Send me comments and > > suggestion off list. I hope they are useful. If you find errors > > before I post these to the blog I'd appreciate a heads up. > > > > Thanks > > Mark Baggett > > > > 1)get2post.py > > Use to demonstrate POST based XSS attacks to a customer. Put get2post > > on a single host then you can create URL's with the POST values for > > the customer. Same functionality as > > http://www.whiteacid.org/misc/xss_post_forwarder.php but on your own > > server so you are not disclosing a customers XSS issues to a third > > party. > > > > 2)p0wnpr0xy.py > > Grabs URL's & cookies as you browse and launches the tool of choice. > > Here is a demo video http://www.vimeo.com/14667308 > > > > 3)sqlinjector.py > > This is a MySQL blind SQL injector that uses a much different SQL > > injection technique. Instead of repeatedly cutting the alphabet in > > half or brute forcing the letters it uses a per letter frequency table > > to predict the next letter. For example, if you have a Q there is a > > HIGH probability that the next letter is a U. The technique is > > discussed and outlined here: > > http://www.exploit-db.com/papers/13696/ 47 fewer guesses than > > bsqlbf.pl! 79 vs 126 > > > > I implemented this technique in python. You give the script a > > vulnerable URL, and you put your SQL query in the URL with carets as > > markers at the point on injection. This syntax enables flexible url > > endings. > > > > mark.baggett$ $ python sqlinjector.py > > "http://testphp.vulnweb.com/listproducts.php?cat=1^database()^#" > > a > > ac > > acu > > acua > > acuar > > acuart > > end of word found > > Found target acuart in 79 guesses. > > mtcexcp007:misc mark.baggett$ > > > > mark.baggett$ perl bsqlbf.pl -blind cat -sql "database()" -url > > http://testphp.vulnweb.com/listproducts.php?cat=1 > > > > // Blind SQL injection brute force. > > // [email protected] / http://www.514.es > > > > <truncated> > > trying: acuart#### results: > > database() = acuart > > total hits: 126 > > > > > > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
