Home Explore Help
Register Sign In
Roman
/
HackingScripts
1
0
Fork 0
Files Issues 0 Pull Requests 0
Browse Source

Padbuster https proxy, util regex assertions, sql.php cli mode

Roman Hergenreder 6 months ago
parent
afb27bd33d
commit
2048702cf7
3 changed files with 39 additions and 6 deletions
Split View Show Diff Stats
  1. 1 1
      padBuster.pl
  2. 24 4
      sql.php
  3. 14 1
      util.py

+ 1 - 1
padBuster.pl
View File 

@@ -664,7 +664,7 @@ sub makeRequest {
 
 		$proxyUrl .= $proxyAuth."@";
 
  	}
 
  	$proxyUrl .= $proxy;
 
- 	$lwp->proxy(['http'], "http://".$proxy);
 
+ 	$lwp->proxy(['http', 'https'], "http://".$proxy);
 
 	$ENV{HTTPS_PROXY} = "http://".$proxy;
 
   }

+ 24 - 4
sql.php
View File 

@@ -8,12 +8,14 @@ if (php_sapi_name() === "cli") {
 
   $database = $argv[3] ?? null;
 
   $host = $argv[4] ?? "localhost";
 
   $query = $argv[5] ?? "SELECT @@version";
 
+  $dump_all = $query === "mysqldump";
 
 } else {
 
   $username = $_REQUEST["username"]; 
   $password = $_REQUEST["password"];
 
   $database = (isset($_REQUEST["database"]) ? $_REQUEST["database"] : null);
 
   $host     = (isset($_REQUEST["host"]) ? $_REQUEST["host"] : "localhost");
 
-  $query    = (isset($_REQUEST["query"]) ? $_REQUEST["query"] : "SELECT @@version");  
+  $query    = (isset($_REQUEST["query"]) ? $_REQUEST["query"] : "SELECT @@version");
 
+  $dump_all = isset($_REQUEST["dumpAll"]);
 
 }
 
 
 $link = mysqli_connect($host, $username, $password, $database);
 
@@ -21,9 +23,27 @@ if (!$link) {
 
   die("Error connecting to mysql: " . mysqli_connect_error() . " (" . mysqli_connect_errno() . ")");
 
 }
 
 
-$res = mysqli_query($link, $query);
 
-if (!$res) {
 
-  die("Error executing query: " . mysqli_error($link));
 
+if ($dump_all) {
 
+  $res = mysqli_query($link, "SELECT TABLE_NAME FROM information_schema.TABLES WHERE TABLE_SCHEMA='$database'");
 
+  $tables = array();
 
+  while ($row = $res->fetch_assoc()) {
 
+    $tables[] = $row["TABLE_NAME"];
 
+  }  
+
 
+  foreach ($tables as $tableName) {
 
+    echo "-- DATA FOR TABLE: tableName\n";
 
+    $res = mysqli_query($link, "SELECT * FROM $tableName");
 
+    while ($row = $res->fetch_assoc()) {
 
+      var_dump($row);
 
+    }
 
+    echo "-- --------------------------\n\n";
 
+  }
 
+  
+} else {
 
+  $res = mysqli_query($link, $query);
 
+  if (!$res) {
 
+    die("Error executing query: " . mysqli_error($link));
 
+  }
 
 }
 
 
 while ($row = $res->fetch_assoc()) {

+ 14 - 1
util.py
View File 

@@ -10,6 +10,7 @@ import string
 
 import sys
 
 import os
 
 import io
 
+import re
 
 import json
 
 
 def is_port_in_use(port):
 
@@ -17,7 +18,7 @@ def is_port_in_use(port):
 
     with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
 
         return s.connect_ex(('127.0.0.1', port)) == 0
 
 
-def get_payload_path(path):
 
+def get_payload_path(path=""):
 
     return os.path.realpath(os.path.join(os.path.dirname(__file__), path))
 
 
 def get_address(interface={"tun0", "vpn0"}):
 
@@ -138,6 +139,18 @@ def assert_json_path(res, path, value, err=None):
 
     err = f"[-] '{res.url}' value at path '{path}' does not match. got={json_data} expected={value}" if err is None else err
 
     exit_with_error(res, err)
 
 
+def assert_regex_match(pattern, data, err=None):
 
+
 
+    if not isinstance(pattern, re.Pattern):
 
+        pattern = re.compile(pattern)
 
+        
+    match = pattern.match(data)
 
+    if match:
 
+        return match
 
+
 
+    err = f"[-] Data does not match pattern '{pattern}': '{data}'" if err is None else err
 
+    exit_with_error(res, err)
 
+
 
 def open_server(address, ports=None, retry=True):
 
     listen_port = None
 
     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)