2018-11-08

Random Session (Sqlmap Tamper)


SQLMAP is Automatic SQL injection and database takeover tool.
this tamper can use to bypass some web application firewall via the random session.

Download script


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#!/usr/bin/env python
 """
Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
author: 3H34N(nezami.me)
"""
import string
import random
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.NORMAL
 def dependencies():
    pass
 def randomsession():
    length = 32
    chars = string.ascii_letters.lower() + string.digits
    password = ''.join(random.choice(chars) for i in range(length))
    return "PHPSESSID="+password
 def tamper(payload, **kwargs):
    """
    Append a random session HTTP header 'PHPSESSID' to bypass
    WAF (usually application based) protection
    """
    headers = kwargs.get("headers", {})
    headers["Cookie"] = randomsession()
    return payload
No comments:

2015-11-30

Persiangig File Finder


This script helps you to brute force files and directories on persiangig storage accounts.
if you would like for more performance you can edit or change dictionaries list by yourself.
Note : Read Usage.
Enjoy!

Click Here To Download



Read more »
No comments:

2015-11-21

International CTF We ranked 11

Hack Dat Kiwi (Kiwi CTF)
Hack Dat Kiwi is a new CTF franchise designed by security researchers and hackers with the aim of creating quality challenges that the participants enjoy solving. We do not put puzzles in our CTFs, and the challenges are designed for those who really know what they are doing, and not tool junkies.
Cash prize for overall winners and category winners.
Crypto/Forensics, RE/Exploit, Web, Forensics, Experimental.
Country-based hacker rankings will be available after the CTF on brag.dat.kiwi! It will stay online and preserve your right to brag.
our team ranked 11



No comments:

2015-08-04

PHP Law Decoding!

Decode PHP code with signature : [protected by law]
I wrote an script for reverse it.


  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
<style type="text/css">
*{
background-color: #F7F3E8;
border: 2px solid #e3e3e3;
border-radius: 8px 8px 8px 8px;
margin-bottom: 5px;
padding: 5px;
}
TD{font-family: Tahoma; font-size: 10pt;}
input,select,textarea{
border:0;
border:1px solid #900;
color:#fff;
background:#000;
margin:0;
padding:2px 4px;
}
input:hover,textarea:hover,select:hover{
background:#200;
border:1px solid #f00;
}


.red{
color:#f00;
}
.white{
color:#fff;
}
a{
text-decoration:none;
}
a:hover{
border-bottom:1px solid #900;
border-top:1px solid #900;
}
#result a{
color:#777;
}
.sign{
color:#222;
}
#box{
margin:10px 0 0 0;
}
</style>

<html>
<body>
<center><br>
<title>PHP Law DECODER BY #BHG[3H34N]</title>
<font size='3' color='#bbbbbb'>PHP Law DECODER BY #BHG[3H34N]</font><br><br>
<font size='3' color='#bbbbbb'>WebSite:<b><a href="http://nezami.info">nezami.info</a></b><br/></font><br/>
<font size='2' color='#bbbbbb'>Email:<font size='2' color='red'>me@nezami.info</font></font></br><br/>
<font size='3' color='#bbbbbb'> Example:<font size='2' color='green'>/* WARNING: This file is protected by copyright law. To reverse engineer or decode this file is strictly prohibited. */ </font></font><br><br>
<font size='3' color='#bbbbbb'>$o=<font size='2' color='green'><U>Copy This Part Of Your Code To Text Box & Press DeCode</U>;eval(base64_decode("Li4ud3d3LmJsYWNrLWhnLm9yZyBDb3B5IFJpZ2h0IEZvcjNIMz ROIC4uLi=="));return;?></font></font><br><br>



<form name="form" method="post">
<textarea name="text" cols=100 rows=20></textarea>
<input type="hidden" name="status" id="status" value="1">
<br/>
<div class="submit"><br>
<input alt="DeCode" title="Send" alt="Decode" type="image"><br>
</div>
</form>




<?php
header('Content-Type: text/html; charset=utf-8');
if (isset($_POST['text']) && isset($_POST['status']))
{
$text = get_magic_quotes_gpc() ? stripslashes($_POST['text']) : $_POST['text'];


$o="$text";
$lll=0;
$lllllllllll='base64_decode';
$ll=0;
$llllllllll='ord';
$llll=0;
$lllll=3;
$l=$lllllllllll($o);
$lllllll=0;
$llllll=($llllllllll($l[1])<<8)+$llllllllll($l[2]);
$lllllllllllll='strlen';
$lllllllll=16;
$llllllll="";
for(;$lllll<$lllllllllllll($l);){
if($lllllllll==0){
$llllll=($llllllllll($l[$lllll++])<<8);
$llllll+=$llllllllll($l[$lllll++]);
$lllllllll=16;
}
if($llllll&0x8000){
$lll=($llllllllll($l[$lllll++])<<4);
$lll+=($llllllllll($l[$lllll])>>4);
if($lll){
$ll=($llllllllll($l[$lllll++])&0x0f)+3;
for($llll=0;$llll<$ll;$llll++)
$llllllll[$lllllll+$llll]=$llllllll[$lllllll-$lll+$llll];
$lllllll+=$ll;
}
else{
$ll=($llllllllll($l[$lllll++])<<8);
$ll+=$llllllllll($l[$lllll++])+16;
for($llll=0;$llll<$ll;$llllllll[$lllllll+$llll++]=$llllllllll($l[$lllll]))
;
$lllll++;
$lllllll+=$ll;
}
}
else
$llllllll[$lllllll++]=$llllllllll($l[$lllll++]);
$llllll<<=1;
$lllllllll--;
}
$llllllllllll='chr';
$lllll=0;
$lllllllll="?".$llllllllllll(62);
$llllllllll="";
for(;$lllll<$lllllll;){$llllllllll.=$llllllllllll($llllllll[$lllll++]^0x07);}
$lllllllll.=$llllllllll.$llllllllllll(60)."?";


echo 'DECODED: <br/><textarea cols=100 rows=20>'."'$lllllllll';".PHP_EOL.'</textarea><br/>';
}
?>

<center>
</body>
<font size='3' color='#bbbbbb'><b><a href="http://nezami.info">#3H34N</a></b></font>
</html>
2 comments:

FCKeditor finder for upload shell

Most of FCKeditor vulnerable to shell upload from example path in the blow:

1
2
http://target.com/FCKeditor/editor/filemanager/upload/test.html
http://target.com/FCKeditor/editor/filemanager/browser/default/connectors/test.html

via this script, you can find common uploader that is using in [FCKeditors]
I tried to collect all of the paths that are important and most use! and I write this script to find them, even restricted access to them.
Read more »
No comments:

PHP function_exists("T7FC56270E7A70FA81A5935B72EACBE29")) decoding!

Via this script you can decode PHP file that begin with this signature:

PHP function_exists("T7FC56270E7A70FA81A5935B72EACBE29") ...
Enjoy! 



  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
<style type="text/css">
*{
background-color: lightblue;

border-radius: 8px 8px 8px 8px;
margin-bottom: 5px;
padding: 5px;
}
TD{font-family: Tahoma; font-size: 10pt;}
input,select,textarea{
border:0;
border:1px solid #900;
color:#fff;
background:#000;
margin:0;
padding:2px 4px;
}
input:hover,textarea:hover,select:hover{
background:#200;
border:1px solid #f00;
}


.red{
color:#f00;
}
.white{
color:#fff;
}
a{
text-decoration:none;
}
a:hover{
border-bottom:1px solid #900;
border-top:1px solid #900;
}
#result a{
color:#777;
}
.sign{
color:#222;
}
#box{
margin:10px 0 0 0;
}
</style>

<html>
<body>
<center><br>
<title>PHP function_exists("T7FC56270E7A70FA81A5935B72EACBE29")) decoder by 3H34N</title>
<font size='3'>PHP function_exists("T7FC56270E7A70FA81A5935B72EACBE29")) decoder by 3H34N</font><br><br>
<font size='3'>WebSite:<b><a href="http://nezami.info">nezami.info</a></b><br/></font><br/>
<form name="form" method="post">
<textarea name="code" cols=100 rows=20></textarea>
<br/>
<div class="submit"><br>
<input alt="Submit" title="Send" type="image"><br>
</div>
</form>
<center>
</body>
</html>
<?php
if( isset($_POST['code']) )
{
$subject = $_POST['code'];
$subject=stripslashes($subject);
$pattern = '/eval\\(T7FC56270E7A70FA81A5935B72EACBE29\\("/';
$limit = -1;
$flags = PREG_SPLIT_NO_EMPTY;
$result = preg_split ($pattern, $subject, $limit, $flags);
$resultall= substr($result[1], 0, -8);

if (!function_exists("fn"))  {
   function fn($arg)   {
 $arg = base64_decode($arg);
 $fn = 0;
 $i = 0;
 $j = 0;
 $k = (ord($arg[1]) << 8) + ord($arg[2]);
 $l = 3;
 $m = 0;
 $n = 16;
 $o = "";
 $p = strlen($arg);
 $file = __FILE__;
 $file = file_get_contents($file);
 for (;$l<$p;){
  if ($n == 0){
    $k = (ord($arg[$l++]) << 8);
    $k += ord($arg[$l++]);
    $n = 16;
  }
  if ($k & 0x8000){
   $fn = (ord($arg[$l++]) << 4);
   $fn += (ord($arg[$l]) >> 4);
    if ($fn){
     $i = (ord($arg[$l++]) & 0x0F) + 3;
     for ($j = 0; $j < $i; $j++)
     $o[$m+$j] = $o[$m-$fn+$j];
     $m += $i;
    }else{
     $i = (ord($arg[$l++]) << 8);
     $i += ord($arg[$l++]) + 16;
     for ($j = 0; $j < $i; $o[$m+$j++] = $arg[$l]);
      $l++; $m += $i;
    }
  }
  else $o[$m++] = $arg[$l++];
   $k <<= 1;
   $n--;
  if ($l == $p){
   $file = implode("", $o);
   $file = "?".">".$file."<"."?";
   return $file;
  }
 }
}
}
print 'clear text code: <br/><textarea cols=100 rows=20>'.substr(fn($resultall),2,-2);'</textarea><br/>';
}
?>


Read more »
No comments:
Subscribe to: Posts (Atom)