📄 mainunit.pas
字号:
N5: TMenuItem;
sql_EdUrl: TComboBox;
Sql_DataLink: TEdit;
BlastDataPath: TEdit;
SpeedButton2: TSpeedButton;
Label64: TLabel;
Label65: TLabel;
SpeedButton3: TSpeedButton;
Sql_GuessTable: TSpeedButton;
SpeedButton5: TSpeedButton;
LinkLsb: TRzListBox;
SqlLinkMenu: TPopupMenu;
SqlOpenLinkMenu: TMenuItem;
SqlCopyLink: TMenuItem;
SqlSaveAll: TMenuItem;
ScanLoginCb: TComboBox;
ScanLoginMenu: TPopupMenu;
ScanLoginItem: TMenuItem;
CopyLoginLink: TMenuItem;
RzGroupBox18: TRzGroupBox;
sqlScanLoginLsb: TListBox;
SqlScanLoginLsv: TListView;
RadChk1: TRadioButton;
RadChk2: TRadioButton;
TrackBar2: TTrackBar;
Label66: TLabel;
Label67: TLabel;
N99: TMenuItem;
N6: TMenuItem;
Timer2: TTimer;
GroupBox5: TGroupBox;
SpinEdit1: TSpinEdit;
Label68: TLabel;
Label69: TLabel;
Label70: TLabel;
Label71: TLabel;
ADOLinkCount: TADOQuery;
Label72: TLabel;
Label73: TLabel;
Label74: TLabel;
DataMenu: TPopupMenu;
DelTableMenu: TMenuItem;
N7: TMenuItem;
ExecSql: TPanel;
ExceSqlText: TMemo;
BtnExecSql: TSpeedButton;
btnHideExecSql: TSpeedButton;
RzToolButton1: TRzToolButton;
btnOpenDataFile: TRzToolButton;
btnSaveData: TRzToolButton;
RzSpacer1: TRzSpacer;
btnQueryFirst: TRzToolButton;
btnQueryPrior: TRzToolButton;
btnQueryNext: TRzToolButton;
btnQueryLast: TRzToolButton;
Label1: TLabel;
CbField: TComboBox;
Label2: TLabel;
EdKeyStr: TEdit;
Label3: TLabel;
btnQueryData: TSpeedButton;
Label75: TLabel;
ScanInjectTimer: TTimer;
ListBox1: TRzListBox;
WebInjectLsb: TRzListBox;
WebSqlInjectMenu: TPopupMenu;
WebSjMenu1: TMenuItem;
MenuItem2: TMenuItem;
WebSjMenu2: TMenuItem;
EditCookie: TEdit;
OtherSiteTimer: TTimer;
OtherSiteMemo: TMemo;
OtherSiteWeb: TWebBrowser;
Panel1: TPanel;
ChkLoadUrl: TCheckBox;
RzGroupBox19: TRzGroupBox;
FieldNameLst: TCheckListBox;
GuessLsv: TListView;
TimerLogin: TTimer;
StringGrid1: TStringGrid;
Memo2: TMemo;
SQLContentMemo: TMemo;
CheckBox1: TCheckBox;
RzGroupBox14: TRzGroupBox;
RadAccess: TRadioButton;
RadMSSql: TRadioButton;
sqled1: TEdit;
sqlb1: TLabel;
sqlb2: TLabel;
sqlb3: TLabel;
sqlb4: TLabel;
sqled3: TEdit;
sqled2: TEdit;
sqled4: TEdit;
RzGroupBox12: TRzGroupBox;
Label20: TLabel;
BtnScanID: TSpeedButton;
EdMin: TEdit;
EdMax: TEdit;
SqlResultMemo: TMemo;
btnKuaData: TSpeedButton;
btnSQLTools: TSpeedButton;
SQLDataPanel: TPanel;
SpeedButton6: TSpeedButton;
SpeedButton7: TSpeedButton;
SQLDataLsv: TListView;
BtnGuessTable: TSpeedButton;
SQLDataLsb: TListBox;
PageControl1: TPageControl;
TabSheet4: TTabSheet;
btnTreeFile: TSpeedButton;
Label76: TLabel;
Label77: TLabel;
SpeedButton8: TSpeedButton;
LsbTreeFile: TListBox;
EdSQLURL: TEdit;
EdSQLPath: TEdit;
TabSheet5: TTabSheet;
LBDOSURL: TLabel;
BTNEXECDOS: TSpeedButton;
LBDOSDIR: TLabel;
BTNDOS: TSpeedButton;
EDDOSURL: TEdit;
EDDIR: TEdit;
RADDOS: TRadioButton;
RADDOSSQL: TRadioButton;
MEMODOSRUTURN: TMemo;
MemoDOS: TMemo;
TabSheet6: TTabSheet;
Label84: TLabel;
Label85: TLabel;
btnSQLUPFILE: TSpeedButton;
SpeedButton14: TSpeedButton;
Label86: TLabel;
EdSQLUPFILEURL: TEdit;
EdSQLUPFILEPATH: TEdit;
LsbUpFile: TListBox;
EdSQLFILESAVE: TEdit;
RadNewFile: TRadioButton;
RadAddFile: TRadioButton;
SQLUPTYPE: TComboBox;
RzToolButton2: TRzToolButton;
procedure FormCreate(Sender: TObject);
procedure EdSiteKeyPress(Sender: TObject; var Key: Char);
procedure SpBtnGetIPClick(Sender: TObject);
procedure btnRefreshClick(Sender: TObject);
procedure WebBrowser1DocumentComplete(Sender: TObject;
const pDisp: IDispatch; var URL: OleVariant);
procedure BtnBrowserFileClick(Sender: TObject);
procedure RdDefaultClick(Sender: TObject);
procedure btnUpFileClick(Sender: TObject);
procedure ClientSocket1Connect(Sender: TObject;
Socket: TCustomWinSocket);
procedure ClientSocket1Read(Sender: TObject; Socket: TCustomWinSocket);
procedure ClientSocket1Error(Sender: TObject; Socket: TCustomWinSocket;
ErrorEvent: TErrorEvent; var ErrorCode: Integer);
procedure Rd_DvbbsClick(Sender: TObject);
procedure AspFilePathButtonClick(Sender: TObject);
procedure SiteListClick(Sender: TObject);
procedure SiteListDblClick(Sender: TObject);
procedure WebBrowser1ProgressChange(Sender: TObject; Progress,
ProgressMax: Integer);
procedure N3Click(Sender: TObject);
procedure BtnInsertClick(Sender: TObject);
procedure btnLoadScanSiteClick(Sender: TObject);
procedure WebBrowser1StatusTextChange(Sender: TObject;
const Text: WideString);
procedure StatusBar1Resize(Sender: TObject);
procedure EdURLKeyPress(Sender: TObject; var Key: Char);
procedure EdIPKeyPress(Sender: TObject; var Key: Char);
procedure btnLoadSqlSiteClick(Sender: TObject);
procedure OepnDataMenuItemClick(Sender: TObject);
procedure TableTreeDblClick(Sender: TObject);
procedure OpenMenuItemClick(Sender: TObject);
procedure btnStartScanClick(Sender: TObject);
procedure btnSuspendScanClick(Sender: TObject);
procedure btnNewScanClick(Sender: TObject);
procedure btnQueryClick(Sender: TObject);
procedure Timer1Timer(Sender: TObject);
procedure ClearSiteMenuClick(Sender: TObject);
procedure SqlSiteListMouseDown(Sender: TObject; Button: TMouseButton;
Shift: TShiftState; X, Y: Integer);
procedure RabUpFileClick(Sender: TObject);
procedure BtnAllSelectClick(Sender: TObject);
procedure DelUrlMenuClick(Sender: TObject);
procedure DBGrid1DblClick(Sender: TObject);
procedure N51Click(Sender: TObject);
procedure BtnAddTableClick(Sender: TObject);
procedure FieldNameLstClick(Sender: TObject);
procedure TableNameLstClick(Sender: TObject);
procedure Sql_NewScanClick(Sender: TObject);
procedure Sql_GuessFieldClick(Sender: TObject);
procedure Sql_GuessConClick(Sender: TObject);
procedure btnAddTableNameClick(Sender: TObject);
procedure BtnScanOtherSiteClick(Sender: TObject);
procedure BtnDirSetupClick(Sender: TObject);
procedure LvOtherSiteClick(Sender: TObject);
procedure N58Click(Sender: TObject);
procedure N59Click(Sender: TObject);
procedure MenuItem9Click(Sender: TObject);
procedure MenuItem3Click(Sender: TObject);
procedure btnSaveResultClick(Sender: TObject);
procedure btnQueryDataClick(Sender: TObject);
procedure Data_DelRecClick(Sender: TObject);
procedure EdKeyStrKeyPress(Sender: TObject; var Key: Char);
procedure btnQueryFirstClick(Sender: TObject);
procedure FirstMenuItemClick(Sender: TObject);
procedure Sql_GuessTableClick(Sender: TObject);
procedure LbHack58LinksClick(Sender: TObject);
procedure Button4Click(Sender: TObject);
procedure Label33MouseMove(Sender: TObject; Shift: TShiftState; X,
Y: Integer);
procedure TabSheet22MouseMove(Sender: TObject; Shift: TShiftState; X,
Y: Integer);
procedure AspFilePathKeyPress(Sender: TObject; var Key: Char);
procedure FieldsTreeDblClick(Sender: TObject);
procedure Data_PanelResize(Sender: TObject);
procedure CompressDataMenuClick(Sender: TObject);
procedure N39Click(Sender: TObject);
procedure TrackBar1Change(Sender: TObject);
procedure SkinEditButtonClick(Sender: TObject);
procedure Button8Click(Sender: TObject);
procedure Button11Click(Sender: TObject);
procedure Button1Click(Sender: TObject);
procedure Button5Click(Sender: TObject);
procedure Button9Click(Sender: TObject);
procedure BtnWelcomeClick(Sender: TObject);
procedure sql_OpenUrlClick(Sender: TObject);
procedure BtnScanDirFileClick(Sender: TObject);
procedure btnReadinjectClick(Sender: TObject);
procedure sql_SuspendClick(Sender: TObject);
procedure FormResize(Sender: TObject);
procedure TabSheet3Resize(Sender: TObject);
procedure TabSheet10Resize(Sender: TObject);
procedure sqlListViewMouseMove(Sender: TObject; Shift: TShiftState; X,
Y: Integer);
procedure SpeedButton5Click(Sender: TObject);
procedure LinkLsbClick(Sender: TObject);
procedure SqlOpenLinkMenuClick(Sender: TObject);
procedure ScanLogin_PanelResize(Sender: TObject);
procedure ScanLoginItemClick(Sender: TObject);
procedure SqlScanLoginClick(Sender: TObject);
procedure TrackBar2Change(Sender: TObject);
procedure SpeedButton2Click(Sender: TObject);
procedure SpeedButton3Click(Sender: TObject);
procedure SpeedButton2MouseMove(Sender: TObject; Shift: TShiftState; X,
Y: Integer);
procedure RzGroupBox15MouseMove(Sender: TObject; Shift: TShiftState; X,
Y: Integer);
procedure ScanInject_PanelMouseMove(Sender: TObject;
Shift: TShiftState; X, Y: Integer);
procedure ScanListBoxMouseMove(Sender: TObject; Shift: TShiftState; X,
Y: Integer);
procedure ListView1MouseMove(Sender: TObject; Shift: TShiftState; X,
Y: Integer);
procedure LvOtherSiteMouseMove(Sender: TObject; Shift: TShiftState; X,
Y: Integer);
procedure Timer2Timer(Sender: TObject);
procedure SpinEdit1KeyPress(Sender: TObject; var Key: Char);
procedure SpinEdit1Change(Sender: TObject);
procedure SqlSiteListClick(Sender: TObject);
procedure sql_StopClick(Sender: TObject);
procedure FormKeyDown(Sender: TObject; var Key: Word;
Shift: TShiftState);
procedure DelTableMenuClick(Sender: TObject);
procedure N25Click(Sender: TObject);
procedure N26Click(Sender: TObject);
procedure N7Click(Sender: TObject);
procedure N99Click(Sender: TObject);
procedure btnHideExecSqlClick(Sender: TObject);
procedure BtnExecSqlClick(Sender: TObject);
procedure NewDataMenuClick(Sender: TObject);
procedure TabSheet18Resize(Sender: TObject);
procedure N29Click(Sender: TObject);
procedure ScanInjectTimerTimer(Sender: TObject);
procedure WebInjectLsbMouseMove(Sender: TObject; Shift: TShiftState; X,
Y: Integer);
procedure WebSjMenu1Click(Sender: TObject);
procedure WebBrowser1DownloadBegin(Sender: TObject);
procedure N31Click(Sender: TObject);
procedure BtnScanIDClick(Sender: TObject);
procedure OtherSiteTimerTimer(Sender: TObject);
procedure TimerLoginTimer(Sender: TObject);
procedure StringGrid1DrawCell(Sender: TObject; ACol, ARow: Integer;
Rect: TRect; State: TGridDrawState);
procedure StringGrid1SelectCell(Sender: TObject; ACol, ARow: Integer;
var CanSelect: Boolean);
procedure btnKuaDataClick(Sender: TObject);
procedure BtnGuessTableClick(Sender: TObject);
procedure SpeedButton6Click(Sender: TObject);
private
procedure ScanUpFile_Exit(Sender: TObject);
procedure ShowGetURL(sender: TObject);
procedure GuessContProc(ListInt: integer);
procedure ScanContent_Exit(sender: TObject); { 猜解字段内容完毕后执行该过程}
procedure ScanDirFile_Exit(sender: TObject); {扫描网站目录完毕后执行该过程}
procedure Scan_Links_Exit(sender: TObject); {扫描连接地址的线程变量 -- 线程结束后执行}
procedure Scan_Login_Exit(sender: TObject); {扫描后台路径的线程变量 -- 线程结束后执行}
procedure Web_Scan_inject_Exit(sender: TObject); {浏览器检测注入点部分 -- 线程结束后执行}
procedure SQL_MyMSSQLScanContent_Exit(sender: TObject);
procedure SQL_MyMSSQLScanContent_Exit_db_Name(sender: TObject);
procedure SQL_MyMSSQLScanContent_Exit_ScanTable(sender: TObject);
public
and1Num: integer;
ShowTableBool: Boolean;
Data_FilePath: string; {储蓄数据库的路径}
OpenDataBool: Boolean;
Login_Bool: Boolean;
end;
const
DBPath = 'Provider=Microsoft.Jet.OLEDB.4.0;Data Source=';
DBPWD = ';Persist Security Info=False;Jet OLEDB:Database Password=';
FmSub = '旁注WEB综合检测程序 Ver3.0正式版 [黑客动画吧出品 - 明小子]';
var
MainForm: TMainForm;
Doc: IHTMLDocument2;
PostShell: string;
PageNum: Byte = 1;
LoopFlagBool: Boolean = True;
ScanUpFile_Exit_Num: integer = 0;
ScanUpFile: array of MyScanupf; {检测上传页面的线程数组}
ScanUpFile_FlagNum: integer = 0;
Scan_Inject: array of Thject; {扫描注入点线程变量}
Flagject: integer = 0;
Flagject2: integer = 0;
ScanTableBool: Boolean = True;
ScanFieldBool: Boolean = True;
Scan_Content: array of MyScanContent; {扫描字段内容的线程变量}
Scan_Content_Exit_Num: integer = 0;
Scan_Content_Rec: integer = 0;
LisCount: integer;
Scan_DirFile: array of MyScanDirFile; {扫描整站目录的线程数组}
Scan_DirFile_Num: integer = 0;
Scan_DirFile_Bool: Boolean = True;
Scan_Links: ScanUrlLinks; {扫描连接地址的线程变量}
Scan_Links_Num: integer = 0; {记录扫描连接地址的线程结束的数量}
Data_TableName: string; {储蓄所选表的表名}
LoadAdminPage_Bool: Boolean = True;
Scan_Login_Num: integer = 0;
Scan_inject_Count: integer; {保存扫描注入点线程的数量}
keytp: string; {接收键盘输入的Ming字符}
ShowPicBool: Boolean = True; {是否继续显示俺的图片}
Web_Scan_Inject: array of WebThject; {定义浏览网页是自动检测注入点的线程数组}
Web_Scan_Inject_bool: boolean = True;
Web_Scan_Inject_bool2: boolean = True;
Web_Scan_inject_Num: integer = 0;
Scan_ID_Exit_Bool: Boolean = True; {判断是否需要中途停止猜解可用ID}
GuessTable_Bool: Boolean = True; {判断是否需要中途停止表名猜解}
GuessField_Bool: Boolean = True; {判断是否需要中途停止列名猜解}
SQL_ScanContent_ThreadCount: integer; {SQL检测数据表的线程的数量}
SQL_ScanContent_ThreadCreateCount: integer = 1;
SQL_MyMSSQLScanContent: array of MyMSSQLScanContent; {扫描MSSQL当前库\当前用户的内容的线程数组}
SQL_MyMSSQLScanContent_Exit_Num: integer = 0;
SQL_MyMSSQLScanContent_Exit_ScanTable_Num: integer = 0; {记录有多少个扫描MSSQL数据表的线程结束了}
SQL_MyMSSQLScanContent_Exit_ScanTable_CreateNum: integer = 1; {记录扫描MSSQL数据表重复创建线程的次数}
SQL_MyMSSQLScanContent_Bool: boolean = False; {判断是否可以直接在IE上爆出数据}
implementation
uses
Login, AccPass, GetHtmlCode, ShowDataFrm, GetHttpSize, ScanDir, ScanLogin,
MD5, CompressData, SetPassWord, MD5Form, CrkAccPassForm, InputPassForm,
BlastDataForm, MyPic, AddField, DelField, NewData;
{$R *.dfm}
{版块:SQL注入 - 设置区: 程序启动时,依次从数据库中读出表名,列名,后台记录的自定义过程}
procedure ReadData(TmpADOQuery: TADOQuery; ChkBox: TCheckListBox;
TabName, FieName: string; Gbox: TGroupBox);
var
i: integer;
begin
try
TmpADOQuery.Close;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -