Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Xpl0it3r 1.4.8A + SQL Brute Forcer!

  1. Home
  2. Forum
  3. Hacking in general
  4. Xpl0it3r 1.4.8A + SQL Brute Forcer!

ghost's Avatar

ghost

0 0

Welcome to the tutorial

(A) Main Configuration

-This panel is for the basics of the attack

Exploit: This field is what will be added to the end of the URL. Lets say I put

the value at "l3vel".

http://target.com/vuln.php?var= becomes http://target.com/vuln.php?var=l3vel

Scan Code(Code Snippet)

Basically if the URL source code doesnt contain this snippet it is ignored. So I

would goto your shell and click "View Page Source" and get a piece of html from

there. For LFI's or other exploits you can also put error messages or anything

that means it is exploitable.

Google D0rk: The string that will be searched in google Results Per Page: Sets how many results on google to show per page

(B) Regular Expressions

Target Parse RegEx: Basically I use regular expressions on each of the results to remove the crap

after the = sign. You can use this to get any part of the URL you want. I used a

weak one you can make your own using RegEx Buddy (warez-bb ftw?) Any URLS that

don't match the regex in anyway are removed from the target list.

With mine (not perfect only works on some URLS)

http://somesite.com/somepage.php?somevar=omg&somthingelse=watever

Becomes: http://somesite.com/somepage.php?somevar=

(C)Attack Manager(Where The Magic Happens)

-This allows you to begin the attack after all the fields in (A) and (B) are

filled in.

Browse: Simply navigates the webbrowser (G) to the search page with the dork you

typed in

Harvest Links: A rather important part. It will grab all the links from the page

(minus google links) and add them to the results tab(F). You should do this for

many different pages if you are targeting a single website or just a lot of pages

on the the search engine.

Make Target List: Using the regular expression it will parse through the results

tab and add good clean and ready to use ones to the target list.

Exploit Scan(RFI Search): Gets every url and adds whatever you put as Exploit(A)

to the end and tests the page if it contains the text from Scan Code(A).

Sections (D) and (E) are not done yet. Just remember targets always have to be

cleaned urls for example:

http://somesite.com/hax.php?somthing= or http://somesite.com/hax.php?somthing=1&another=

jsut make sure its ready so the it can get w/e u put as a Exploit(A) added to the

end and load up.

(F)

Very simple section where all URLS are stored. You can right click on the

listboxes and get options.

Google Results: Results from google

Target URLS: Cleaned urls to be tested

Found Exploits: Links to found exploits

(G) The webbrowser

Enjoy,

{Petros} www.l3vel-69.net

(C)2007 Petros

For Source Code PM Petros

Download link: http://www.sendspace.com/file/235jfz

Regards, L3vEL-69