1405640Vin Mar 15, 2013 10:14 pm6310redaccessVizitatorVizitator

Jump to content

Bine ați venit pe comunitatea WorldGame


Bine ați venit pe comunitatea WorldGame, la fel ca majoritatea comunităților online trebuie să vă înregistrați pentru a vizualiza sau posta în comunitatea noastră, dar nu vă faceti griji, acesta este un proces simplu care necesită informații minime despre tine. După aveți urmăroarele beneficii
Poți deschide topicuri si să raspunzi la altele
Sunteți membru al unei comunități Licențiate
Îți faci noi prieteni, pe forum si pe serverele ei.
Vă asteptam
Echipa WorldGame
 
Guest Message by StaarK*


Script Python


Pagina 1 din 1

    #1
    wayne!

    wayne!
    • Membru
    • Member Title : WGR Member
    • Mesaje : 76
    • Join : 21/03/2012
    Cod:
    Use: deface.py yourpage.html

    [code]
    import sys
    import time
    if len(sys.argv) < 2:
        print 'Usage deface.py index.html , this will create an index.html file with deface  .'
        sys.exit()


    file = sys.argv[1] 
    myfile = open(file,'w')

    print '                                        Colors:                                                          '
    print '-----------------------------------------------------------------------------'
    print '                              | black | white |                                                        '
    print '================================================================'
    while True:
        var = raw_input ('1.Type the  color for background  here => ')
            if var in ['black','white']: break
            else:
                print 'Wrong color..!'
    print >> myfile, '<body bgcolor=','"',(var),'"','>'
    print '================================================================'
    print '                            Colors  '                 
    print '    | black | white | green | red | purple | blue | gray |  '
    print '================================================================'

    while True:
            var1 = raw_input ('2.Type the text color here => ')
            if var1 in ['black','white','green','orange','red','purple','blue','gray']: break
            else:
                print 'Wrong color..!'
    print >> myfile, '<p align="center"><b><font color=','"',(var1),'"','size="3">'

    if var == 'black':
     print '================================================================'
     print '                      Choose an image :                        '
     print '| hacked1 | fingerprint | spy    | hacked2 | silence | gameover |'
     print '| leg    | hand        | hitman | smoke  | hacked3  |        '
     print '                        | other  |                            ' 
     print '================================================================'

     while True:
            var4 = raw_input ('3.Put the image name  here => ')
            if var4 in ['hacked1','fingerprint','spy','hacked2','silence','gameover','leg','hand','hitman','smoke','hacked3','other']: break
            else:
                print 'Wrong image name..! '
     print '================================================================'
     if var4 == 'fingerprint':
      print >> myfile,' <center><img src="http://www.mandel.ro/logos/animFingerprintBlack.gif"></center>'
     if var4 == 'hacked1':
      print >> myfile,' <center><img src="http://site.mynet.com/the_chip/hacked2323.jpg"></center>'
     if var4 == 'spy':
      print >> myfile,' <center><img src="http://www.bluesilk.hu/images/stories/spy.gif"></center>'
     if var4 == 'hacked2':
      print >> myfile,' <center><img src="http://expclan.comli.com/index_files/43084476ii9.png"></center>'
     if var4 == 'silence':
      print >> myfile,' <center><img src="http://demafmipauns.files.wordpress.com/2010/05/sayu0i.jpg"></center>'
     if var4 == 'gameover':
      print >> myfile, '<center><img src="http://img10.imageshack.us/img10/4974/yumaqalt.jpg"></center>'
     if var4 == 'leg':
      print >> myfile, '<center><img src="http://img268.imageshack.us/img268/6802/thehackerericborgozone1.jpg"></center>'
     if var4 == 'hand':
      print >> myfile, '<center><img src="http://i728.photobucket.com/albums/ww286/vyc0d/owned.jpg"></center>'
     if var4 == 'hitman':
      print >> myfile, '<center><img src="http://t0.gstatic.com/images?q=tbn:lYCsFDr4o7mh1M:http://www.renoascensori.it/hacked.jpg&t=1"></center>'
     if var4 == 'smoke':
      print >> myfile, '<center><img src="http://t1.gstatic.com/images?q=tbn:YgDh8qCPAtwgoM:http://i46.tinypic.com/2gtxdo1.jpg&t=1"></center>'
     if var4 == 'hacked3':
      print >> myfile, '<center><img src="http://img.webme.com/pic/c/cobbra-g3ncii/hacked.jpg"></center>'
     if var4 == 'other':
      while True:
        var4 = raw_input ('Please enter the URL of your picture here: ' )
        if var4.endswith(('.jpg','.png','.gif','.JPG','.PNG','.GIF')) : break
        else:
                print 'Wrong image name..! '
        print >> myfile,'<center><img src="',(var4),'"></center>'

    if var == 'white':
     print '================================================================'
     print '                      Choose an image :                        '
     print '  | eye  | door  | fingerprint  | wanted | sleep | other | ' 
     print '================================================================'
     while True:
            var4 = raw_input ('3.Put the image name  here => ')
            if var4 in ['door','fingerprint','wanted','sleep','eye','other']: break
            else:
                print 'Wrong image...'
    print '================================================================'
    if var4 == 'door':
      print >> myfile,'<center><img src="http://www.cdscreative.com/images/door.jpg"></center>'
    if var4 == 'fingerprint':
      print >> myfile,' <center><img src="http://www.idfpr.com/DPR/images/fingerprint.gif"></center>'
    if var4 == 'wanted':
      print >> myfile,' <center><img src="http://www.allstarcardsinc.com/_derived/buy_list.htm_txt_wanted1.gif"></center>'
    if var4 == 'sleep' :
      print >> myfile,' <center><img src="http://www.do2learn.com/picturecards/images/imageschedule/sleep_l.gif"></center>'
    if var4 == 'eye' :
      print >> myfile,' <center><img src="http://www.christina-reysen.com/images/eye_open.gif"></center>'
    if var4 == 'other':
      while True:
        var4 = raw_input ('Please enter the URL of your picture here: ' )
        if var4.endswith(('.jpg','.png','.gif','.JPG','.PNG','.GIF')) : break
        else:
            print 'Must enter an URL that contains an image file..! '
        print >> myfile,'<center><img src="',(var4),'"></center>'


    print '================================================================'
    while True:
     var2 = raw_input ('4.put your signature here => ')
     if len(var2) < 30 : break
     else:
        print 'Signature too large..!'
    print >> myfile, '<script>'
    print >> myfile, 'if (document.layers)'
    print >> myfile, 'var ns4def=""'
    print >> myfile, '</script>'
    print >> myfile, '<p align="center"><b><font size="4">'
    print >> myfile, '<h2 id="flyin"style="position:relative;left:-400;font-style:italic"'
    print >> myfile, 'style=&{ns4def};>'
    print >> myfile, '<font face="Arial">','Owned by',(var2),'</font></h2>'
    print >> myfile, '</font></b></p>'
    print >> myfile, '<script language="JavaScript1.2">'
    print >> myfile, 'if (document.getElementById||document.all)'
    print >> myfile, 'var crossheader=document.getElementById? document.getElementById("flyin").style : document.all.flyin.style'
    print >> myfile, 'function animatein(){'
    print >> myfile, 'if (parseInt(crossheader.left)<0)'
    print >> myfile, 'crossheader.left=parseInt(crossheader.left)+20'
    print >> myfile, 'else{'
    print >> myfile, 'crossheader.left=0'
    print >> myfile, 'crossheader.fontStyle="normal"'
    print >> myfile, 'clearInterval(start)'
    print >> myfile, '}'
    print >> myfile, '}'
    print >> myfile, 'if (document.getElementById||document.all)'
    print >> myfile, 'start=setInterval("animatein()",50)'
    print >> myfile, '</script>'
    print >> myfile, '<p>'
    print >> myfile, '<font face="Tahoma"><a target="_blank"'
    print '================================================================'
    print '                        Choose:                '
    print '                      | yes | no |            '
    print '================================================================'
    while True:
     var7 = raw_input ('Do you want to add  some other text message?: ')
     if var7.lower() == 'no' :
      print '================================================================'
      print ' Wait...'
      time.sleep(1)
      myfile.close()
      print 'Your HTML file is ready ,I will exit now... '
      time.sleep(2)
      sys.exit()
     elif var7.lower() == 'yes' : break
     else:
          print ("Please enter  'yes' or 'no' ...!")
    print '================================================================'
    print '        Choose one of the color from the list                  '
    print '    | black | white | green | red | purple | blue | gray |  '
    print '================================================================'
    while True:
            var8 = raw_input ('Type the text color that you want  here => ')
            if var8 in ['black','white','green','orange','red','purple','blue','gray ']:break
            else:
                print 'Wrong color..!'
    print >> myfile, '<p align="center"><b><font color=','"',(var8),'"','size="3">'
    print '================================================================'
    while True:
     var9 = raw_input ('Put your comments  here => ')
     if len(var9) < 150 : break
     else:
        print 'Comments are  too large..!'
    print >> myfile, var9
    print >> myfile, '</font></b></p>'
    print '================================================================'
    print 'Processing your HTML file please wait...'
    time.sleep(2)
    print '...'
    time.sleep(2)
    myfile.close()
    print ' Work done ,your HTML file was defaced , i will exit... '
    time.sleep(1)
    sys.exit()

    #END  [/code]

    [url]http://hotfile.com/dl/61475254/9850a03/def.tar.gz.html[/url] 

    SQLInject finder:

    Cod:
            #!/usr/bin/env python

            -------------------------------------------------------------------------------
            #
            # sqlinject-finder.py
            # Description: Simple python script that parses through a pcap and looks at the
            #              GET and POST request data for suspicious and possible SQL injects.
            #
            ####################################################################################

            import dpkt, re, urllib, sys, getopt

            tab = False

            #removes inline comments that can sometimes be used for obfuscating the sql
            def removeComments(val):
               while True:
                     index = val.find("/*")
                     index2 = val.find("*/")
                     if index != -1 and index2 != -1:
                        #looks like there is some type of SQL obfuscation, let's remove the comments
                        remove = val[index:index2+2]
                        val = val.replace(remove, "")
                     else:
                        break
               
               return val

            #checks for common sql injection tactics using all the variables from post or get data
            def analyzeRequest(vals, sIP, page, frameno):
               var = vals[0] #the variable, i.e. in id=1, the var is id
               val = vals[1] #the value, i.e. in id=1, the val is 1
               val = val.decode('ascii') #not sure if this is really doing anything, but we need to deal with non ascii characters for analysis
               val = urllib.unquote(val) #removes url encodings like %20 for space, etc
               val = val.replace("+", " ") #sometimes in urls, instead of a space you can have a + . So, we want to remove those for analysis
               #print val
               display = [False, sIP, page, var, val]
               ##### Look for obfuscation techniques ######
               index = val.find("/*")
               if index != -1:
                  display[0] = True
                  display.append("Might be attempting to obfuscate a SQL statement with a comment")
                  val = removeComments(val)

               ##### Look for commenting out the end of a MSSQL statement ######
               index = val.rfind("--")
               if index != -1:
                  display[0] = True
                  display.append("Might be attempting to end a SQL statement by commenting out the remaining statement")
               
               ##### Look for commenting out the end of a MySQL statement #####
               index = val.rfind("#")
               if index != -1:
                  display[0] = True
                  display.append("Might be attempting to end a SQL statement by commenting out the remaining statement")
               
               ##### Look for common SQL syntax in the values of a param #####
               sqlvals = ("cast(", "declare ", "select ", "union ", "varchar", "set(", "create ", " or ", " NULL,", " concat(")
               for sql in sqlvals:
                  index = val.lower().find(sql)
                  if index != -1:
                     display[0] = True
                     display.append("Possible use of SQL syntax in variable")
                     break

               if display[0] == True:
                  if tab:
                     line = str(display[1]) + "\t" + str(display[2]) + "\t" + str(display[3]) + "=" + str(display[4]) + "\t" + str(frameno)
                     for i in range(len(display)-5):
                        line = line + "\t" + str(display[i+5])
                     print line
                  else:
                     print "Source : " + str(display[1])
                     print "Page  : " + str(display[2])
                     print "Value  : " + str(display[3]) + "=" + str(display[4])
                     print "Frame  : " + str(frameno)
                     for i in range(len(display)-5):
                        print "Reason : " + str(display[i+5])
                     print ""

            def octetIP(sIP):
               ip = ""
               for s in sIP:
                  ip = ip + str(ord(s)) + "."
                  
               return ip[:-1]
                  
                  
            #reads the pcap file and parses out get and post requests for analysis
            def parsepcap(filename):
               try:
                  f = open(filename, 'rb')
               except:
                  print "Error reading file. Please make sure the file exists"
                  sys.exit()
                  
               try:
                  pcap = dpkt.pcap.Reader(f)
               except:
                  print "Error reading file. Please make sure the file is a valid pcap file."
                  sys.exit()
               sIP=""
               page=""
               frameno = 1
               for ts, buf in pcap:
                  eth = dpkt.ethernet.Ethernet(buf)
                  ip = eth.data
                  #make sure we are dealing with ip (2048) and tcp (proto=6)
                  if eth.type ==2048 and ip.p == 6:
                     tcp = ip.data
                     #assuming http is running on port 80
                     if tcp.dport == 80 and len(tcp.data) > 0:
                        index = 1
                        getvals = ""
                        try:
                           http = dpkt.http.Request(tcp.data)
                           url = http.uri
                           #deal with post data
                           if http.method == "POST":
                              getvals=http.body
                              index = url.find("?")
                              if index != -1:
                                 page = url[:index]
                              else:
                                 page = url
                           #deal with GET data
                           elif http.method == "GET":
                              index = url.rfind("?")
                              if index != -1:
                                 getvals = url[index+1:]
                                 page = url[:index]

                        except:
                           data = tcp.data
                           index = str(data).find("POST")
                           if index == 0:
                              url = str(data).split(" ")
                              page = url[1] #POST is usually always the second value in the POST
                           index = str(data).count("\n") #need to look into this method a little more, basically, we want to get POST data out of other streams
                           if index == 0:
                              index = str(data).find("=")
                              if index != -1:
                                 getvals = str(data)
                              
                        #split up each variable and its cooresponding value
                        if getvals != "":
                           getvals = getvals.split("&")
                           for val in getvals:
                              i = val.find("=")
                              val = (val[:i], val[i+1:])
                              sIP = octetIP(ip.src)
                              analyzeRequest(val, sIP, page, frameno)
                  frameno += 1
               f.close()

            #usage stuff
            def usage():
               print ""
               print "This tool parses through a pcap file and looks for potential SQL injection attempts."
               print ""
               print "usage: sqlinject-finder.py -f filename [-t]"
               print "Options and arguments (and corresponding environment variables):"
               print "-f, --filename : valid pcap file"
               print "-t, --tab      : prints output in tab delimited format"
               print "-h, --help    : shows this screen"
               print ""
               print "Example: #python sqlinject-finder.py -f capture.pcap"
               print "        #python sqlinject-finder.py -f capture.pcap -t > capture.tsv"
               print ""

            def main():
               try:   
                  opts, args = getopt.getopt(sys.argv[1:], "f:th", ["filename=", "tab", "help"])
               except getopt.GetoptError, err:
                  print str(err)
                  usage()
                  sys.exit(2)

               filename = ""
               for o, a in opts:
                  if o in ("-f", "--filename"):
                     filename = a
                  elif o in ("-t", "--tab"):
                        global tab
                        tab = True   
                  elif o in ("-h", "--help"):
                     usage()
                     sys.exit()
                  else:
                     usage()
                     sys.exit()
               if (filename == ""):
                  print "please specify a filename"
                  sys.exit()
               if tab:
                  print "Source\tPage\tValue\tFrame\tReason(s)"
               parsepcap(filename)   
               
            if __name__ == "__main__":
               main()

            Last edited by LegioNRST; 02-07-2012 at 05:31 PM.

            Share
        Reply With Quote Reply With Quote
        Re: Script Python
        02-07-2012, 05:38 PM #2
        DarkyAngel
        DarkyAngel is offline
        PHP Addicted Bautor de whiskey Array DarkyAngel's Avatar

        Join Date
            Aug 2011
        Location
            /home/
        Posts
            320   
        Rep Power
            2

        Default

            Sursele?

            // again , skiddie tools

            Share

            HTML Code:

            __| |__ _ _ _| |___  _ __ _ _ _  __ _ ___| |  / __ \
            / _` / _` | '_| / / || / _` | ' \/ _` / -_) | / / _` |
            \__,_\__,_|_| |_\_\\_, \__,_|_||_\__, \___|_| \ \__,_|
                              |__/          |___/        \____/
                    _              _                             
            _ _ __| |_ __ ___ _ _| |_ ___ _ _      __ ___ _ __ 
            | '_(_-<  _/ _/ -_) ' \  _/ -_) '_|  _  / _/ _ \ '  \
            |_| /__/\__\__\___|_||_\__\___|_|  (_) \__\___/_|_|_|

        Reply With Quote Reply With Quote
        Re: Script Python
        02-07-2012, 05:40 PM #3
        LegioNRST
        LegioNRST is offline
        Registered user Bautor de palinca Array LegioNRST's Avatar

        Join Date
            Jun 2012
        Location
            Italy
        Posts
            110   
        Rep Power
            1

        Default

            crezi ca nu as fii pus sursa daca o aveam? am avut scriptul intr-un document vechi.

            Share
        Reply With Quote Reply With Quote
        Re: Script Python
        02-07-2012, 05:44 PM #4
        DarkyAngel
        DarkyAngel is offline
        PHP Addicted Bautor de whiskey Array DarkyAngel's Avatar

        Join Date
            Aug 2011
        Location
            /home/
        Posts
            320   
        Rep Power
            2

        Default

            trebuia să fi specificat asta. ( şi cu un search pe google le-ai fi găsit:
            Doar utilizatorii inregistrati pot vedea linkurile. [ Click aici pentru a te inregistra ]
            Doar utilizatorii inregistrati pot vedea linkurile. [ Click aici pentru a te inregistra ] )

            Share

            HTML Code:

            __| |__ _ _ _| |___  _ __ _ _ _  __ _ ___| |  / __ \
            / _` / _` | '_| / / || / _` | ' \/ _` / -_) | / / _` |
            \__,_\__,_|_| |_\_\\_, \__,_|_||_\__, \___|_| \ \__,_|
                              |__/          |___/        \____/
                    _              _                             
            _ _ __| |_ __ ___ _ _| |_ ___ _ _      __ ___ _ __ 
            | '_(_-<  _/ _/ -_) ' \  _/ -_) '_|  _  / _/ _ \ '  \
            |_| /__/\__\__\___|_||_\__\___|_|  (_) \__\___/_|_|_|

        Reply With Quote Reply With Quote
        Re: Script Python
        17-07-2012, 09:39 AM #5
        WarrioR.
        WarrioR. is offline
        Registered user Registered Users Array

        Join Date
            Jul 2012
        Location
            Vegas
        Posts
            2   
        Rep Power
            0

        Send a message via MSN to WarrioR. Send a message via Yahoo to WarrioR.
        Default

            Nice share budd I realy like it

            Share
        Reply With Quote Reply With Quote

    #2
    kEnT10

    kEnT10
    • Membru
    • Member Title : WGR Member
    • Mesaje : 456
    • Join : 17/11/2011
    • Localizare : SIBIU
    Pentru ce e ?

    #3
    b0su!

    b0su!
    • Membru
    • Member Title : WGR Member
    • Mesaje : 30
    • Join : 20/07/2012
    • Localizare : Habar n`am !
    Si asta e ?

    #4
    kzh^oN

    kzh^oN
    • Membru
    • Member Title : WGR Member
    • Mesaje : 23
    • Join : 13/08/2012
    • Localizare : Braila
    ce e asta frate ? )

    #5
    aLmousT # dZx [x]

    aLmousT # dZx [x]
    • Membru
    • Member Title : WGR Member
    • Mesaje : 57
    • Join : 09/09/2012
    da ce e asta??

    #6
    Continut sponsorizat

    Continut sponsorizat