Home Explore Help
Register Sign In
Roman
/
HackingScripts
1
0
Fork 0
Files Issues 0 Pull Requests 0
Browse Source

xp cmd shell

Roman Hergenreder 6 months ago
parent
29a3fd08d6
commit
577fa39263
2 changed files with 22 additions and 7 deletions
Split View Show Diff Stats
  1. 12 5
      fileserver.py
  2. 10 2
      xp_cmdshell.py

+ 12 - 5
fileserver.py
View File 

@@ -50,6 +50,15 @@ class FileServerRequestHandler(BaseHTTPRequestHandler):
 
         res = requests.request(method, target_rewrite, headers=self.headers, data=data)
 
         return res.status_code, res.content, res.headers
 
 
+    def read_body(self):
 
+        if not hasattr(self, "body"):
 
+            content_length = self.headers.get('Content-Length')
 
+            if content_length and int(content_length) > 0:
 
+                self.body = self.rfile.read(int(content_length))
 
+            else:
 
+                self.body = None
 
+
 
+        return self.body
 
 
     def find_route(self, path):
 
 
@@ -111,14 +120,12 @@ class FileServerRequestHandler(BaseHTTPRequestHandler):
 
             self.end_headers()
 
 
             if data and self.command.upper() not in ["HEAD","OPTIONS"]:
 
+                if isinstance(data, str):
 
+                    data = data.encode()
 
                 self.wfile.write(data)
 
 
             if (path in self.server.dumpRequests or "/" in self.server.dumpRequests) and path != "/dummy":
 
-                content_length = self.headers.get('Content-Length')
 
-                body = None
 
-
 
-                if content_length and int(content_length) > 0:
 
-                    body = self.rfile.read(int(content_length))
 
+                body = self.read_body()
 
 
                 print("===== Connection from:",self.client_address[0])
 
                 print("%s %s %s" % (self.command, self.path, self.request_version))

+ 10 - 2
xp_cmdshell.py
View File 

@@ -1,9 +1,11 @@
 
-# /usr/bin/env python3
 
+#!/usr/bin/env python3
 
+
 
 # interactive xp_cmdshell
 
 # with impacket and cmd
 
 # used https://github.com/SecureAuthCorp/impacket/blob/master/examples/mssqlclient.py for reference
 
 import base64
 
 import cmd
 
+import argparse
 
 
 from impacket import tds
 
 
@@ -163,8 +165,14 @@ if __name__ == '__main__':
 
     # if len(sys.argv) > 1 and sys.argv[1] == '-powershell':
 
     #     pwsh = True
 
 
+    parser = argparse.ArgumentParser(description="Connect to mssql server using username, password, and hostname.")
 
+    parser.add_argument('-u', '--username', required=True, help="Username for the server")
 
+    parser.add_argument('-p', '--password', required=True, help="Password for the server")
 
+    parser.add_argument('-H', '--hostname', required=True, help="Hostname or IP address of the server")
 
+    args = parser.parse_args()
 
+
 
     # if connection successful
 
-    xp_shell = connect_mssql("teignton.htb", username="webappusr", password="d65f4sd5f1s!df1fsd65f1sd")
 
+    xp_shell = connect_mssql(args.hostname, username=args.username, password=args.password)
 
     if isinstance(xp_shell, XpShell):
 
         xp_shell.do_enable_xp_cmdshell()
 
         xp_shell.pwsh = True