Padbuster https proxy, util regex assertions, sql.php cli mode
This commit is contained in:
parent
afb27bd33d
commit
2048702cf7
@ -664,7 +664,7 @@ sub makeRequest {
|
|||||||
$proxyUrl .= $proxyAuth."@";
|
$proxyUrl .= $proxyAuth."@";
|
||||||
}
|
}
|
||||||
$proxyUrl .= $proxy;
|
$proxyUrl .= $proxy;
|
||||||
$lwp->proxy(['http'], "http://".$proxy);
|
$lwp->proxy(['http', 'https'], "http://".$proxy);
|
||||||
$ENV{HTTPS_PROXY} = "http://".$proxy;
|
$ENV{HTTPS_PROXY} = "http://".$proxy;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
28
sql.php
28
sql.php
@ -8,12 +8,14 @@ if (php_sapi_name() === "cli") {
|
|||||||
$database = $argv[3] ?? null;
|
$database = $argv[3] ?? null;
|
||||||
$host = $argv[4] ?? "localhost";
|
$host = $argv[4] ?? "localhost";
|
||||||
$query = $argv[5] ?? "SELECT @@version";
|
$query = $argv[5] ?? "SELECT @@version";
|
||||||
|
$dump_all = $query === "mysqldump";
|
||||||
} else {
|
} else {
|
||||||
$username = $_REQUEST["username"];
|
$username = $_REQUEST["username"];
|
||||||
$password = $_REQUEST["password"];
|
$password = $_REQUEST["password"];
|
||||||
$database = (isset($_REQUEST["database"]) ? $_REQUEST["database"] : null);
|
$database = (isset($_REQUEST["database"]) ? $_REQUEST["database"] : null);
|
||||||
$host = (isset($_REQUEST["host"]) ? $_REQUEST["host"] : "localhost");
|
$host = (isset($_REQUEST["host"]) ? $_REQUEST["host"] : "localhost");
|
||||||
$query = (isset($_REQUEST["query"]) ? $_REQUEST["query"] : "SELECT @@version");
|
$query = (isset($_REQUEST["query"]) ? $_REQUEST["query"] : "SELECT @@version");
|
||||||
|
$dump_all = isset($_REQUEST["dumpAll"]);
|
||||||
}
|
}
|
||||||
|
|
||||||
$link = mysqli_connect($host, $username, $password, $database);
|
$link = mysqli_connect($host, $username, $password, $database);
|
||||||
@ -21,9 +23,27 @@ if (!$link) {
|
|||||||
die("Error connecting to mysql: " . mysqli_connect_error() . " (" . mysqli_connect_errno() . ")");
|
die("Error connecting to mysql: " . mysqli_connect_error() . " (" . mysqli_connect_errno() . ")");
|
||||||
}
|
}
|
||||||
|
|
||||||
$res = mysqli_query($link, $query);
|
if ($dump_all) {
|
||||||
if (!$res) {
|
$res = mysqli_query($link, "SELECT TABLE_NAME FROM information_schema.TABLES WHERE TABLE_SCHEMA='$database'");
|
||||||
die("Error executing query: " . mysqli_error($link));
|
$tables = array();
|
||||||
|
while ($row = $res->fetch_assoc()) {
|
||||||
|
$tables[] = $row["TABLE_NAME"];
|
||||||
|
}
|
||||||
|
|
||||||
|
foreach ($tables as $tableName) {
|
||||||
|
echo "-- DATA FOR TABLE: tableName\n";
|
||||||
|
$res = mysqli_query($link, "SELECT * FROM $tableName");
|
||||||
|
while ($row = $res->fetch_assoc()) {
|
||||||
|
var_dump($row);
|
||||||
|
}
|
||||||
|
echo "-- --------------------------\n\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
} else {
|
||||||
|
$res = mysqli_query($link, $query);
|
||||||
|
if (!$res) {
|
||||||
|
die("Error executing query: " . mysqli_error($link));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
while ($row = $res->fetch_assoc()) {
|
while ($row = $res->fetch_assoc()) {
|
||||||
|
15
util.py
15
util.py
@ -10,6 +10,7 @@ import string
|
|||||||
import sys
|
import sys
|
||||||
import os
|
import os
|
||||||
import io
|
import io
|
||||||
|
import re
|
||||||
import json
|
import json
|
||||||
|
|
||||||
def is_port_in_use(port):
|
def is_port_in_use(port):
|
||||||
@ -17,7 +18,7 @@ def is_port_in_use(port):
|
|||||||
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
|
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
|
||||||
return s.connect_ex(('127.0.0.1', port)) == 0
|
return s.connect_ex(('127.0.0.1', port)) == 0
|
||||||
|
|
||||||
def get_payload_path(path):
|
def get_payload_path(path=""):
|
||||||
return os.path.realpath(os.path.join(os.path.dirname(__file__), path))
|
return os.path.realpath(os.path.join(os.path.dirname(__file__), path))
|
||||||
|
|
||||||
def get_address(interface={"tun0", "vpn0"}):
|
def get_address(interface={"tun0", "vpn0"}):
|
||||||
@ -138,6 +139,18 @@ def assert_json_path(res, path, value, err=None):
|
|||||||
err = f"[-] '{res.url}' value at path '{path}' does not match. got={json_data} expected={value}" if err is None else err
|
err = f"[-] '{res.url}' value at path '{path}' does not match. got={json_data} expected={value}" if err is None else err
|
||||||
exit_with_error(res, err)
|
exit_with_error(res, err)
|
||||||
|
|
||||||
|
def assert_regex_match(pattern, data, err=None):
|
||||||
|
|
||||||
|
if not isinstance(pattern, re.Pattern):
|
||||||
|
pattern = re.compile(pattern)
|
||||||
|
|
||||||
|
match = pattern.match(data)
|
||||||
|
if match:
|
||||||
|
return match
|
||||||
|
|
||||||
|
err = f"[-] Data does not match pattern '{pattern}': '{data}'" if err is None else err
|
||||||
|
exit_with_error(res, err)
|
||||||
|
|
||||||
def open_server(address, ports=None, retry=True):
|
def open_server(address, ports=None, retry=True):
|
||||||
listen_port = None
|
listen_port = None
|
||||||
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||||
|
Loading…
Reference in New Issue
Block a user