def _performInjections(self, target):
# Check every parameter
for k, v in target.params.iteritems():
pl = Payload(taint=True)
url, data = target.getPayloadedUrl(k, pl.payload)
# In case of proxy
if self.engine.getOption('http-proxy') is not None:
proxy = ProxyHandler({'http': self.engine.getOption('http-proxy')})
opener = build_opener(proxy)
install_opener(opener)
# Some headers
if self.engine.getOption('ua') is not None:
if self.engine.getOption('ua') is "RANDOM":
headers = {'User-Agent': random.choice(USER_AGENTS)}
else:
headers = {'User-Agent': self.engine.getOption('ua')}
else:
headers = {}
if self.engine.getOption("cookie") is not None:
headers["Cookie"] = self.engine.getOption("cookie")
# Build the request
req = Request(url, data, headers)
try:
to = 10 if self.engine.getOption('http-proxy') is None else 20
response = urlopen(req, timeout=to)
except HTTPError, e:
self._addError(e.code, target.getAbsoluteUrl())
return
except URLError, e:
self._addError(e.reason, target.getAbsoluteUrl())
return
def do_GET(self):
force_download = False
if self.path.split("/")[1] == "api":
server_api = ServerApi(self.config, self)
self.output = server_api.process()
self.return_json()
return
path = self.path.split("/")[-1]
payload_path = self.path.split("/")
if payload_path[1] == self.config.get("http-download-path"):
Log.log_event(
"Download Stager",
"PowerShell stager was fetched from %s (%s)" %
(self.client_address[0], self.address_string()))
payload = Payload(self.config)
if len(payload_path) > 3:
payload.set_type(payload_path[2])
if len(payload_path) > 4:
payload.set_delay(payload_path[3])
self.output = payload.get_output()
elif path in Utils.get_download_folder_content():
force_download = True
self.output = Utils.load_file("download/%s" % path)
Log.log_event(
"Download File", "%s was downloaded from %s (%s)" %
(path, self.client_address[0], self.address_string()))
else:
self.output = Utils.load_file(
"html/%s" % self.config.get("http-default-404"))
Log.log_error("Invalid request got a GET request", self.path)
self.return_data(force_download)
def do_GET(self):
force_download = False
if self.path.split('/')[1] == 'api':
server_api = ServerApi(self.config, self)
self.output = server_api.process()
self.return_json()
return
path = self.path.split('/')[-1]
payload_path = self.path.split('/')
filename = Utils.gen_str(12)
if payload_path[1] == self.config.get('http-download-path'):
filename = Utils.gen_str(12)
force_download = True
Log.log_event(
'Download Stager', 'Stager was fetched from %s (%s)' %
(self.client_address[0], self.address_string()))
payload = Payload(self.config)
if len(payload_path) > 3:
payload.set_type(payload_path[2])
if len(payload_path) > 4:
payload.set_delay(payload_path[3])
self.output = payload.get_output()
elif path in Utils.get_download_folder_content():
force_download = True
self.output = Utils.load_file('download/%s' % path)
Log.log_event(
'Download File', '%s was downloaded from %s (%s)' %
(path, self.client_address[0], self.address_string()))
else:
self.output = Utils.load_file(
'html/%s' % self.config.get('http-default-404'))
Log.log_error('Invalid request got a GET request', self.path)
self.return_data(force_download, filename)
request_delay = args.request_delay
authentication = args.authentication
size_discriminator = args.size_discriminator
payload_filename = args.payload
print("Using payload: %s" % payload_filename)
print("Spawning %s threads " % threads)
print("Generating payloads...")
#
# Payload queue configuration
#
payload = Payload(target, payload_filename)
payload.set_extensions(extension)
payload.set_remove_slash(remove_slash)
payload.set_uppercase(uppercase)
payload.set_banned_response_codes(banned_response_codes)
payload.set_unbanned_response_codes(unbanned_response_codes)
payload.set_content(content)
total_requests = payload.get_total_requests()
print("Total requests %s (aprox: %s / thread)" % (total_requests, total_requests / threads))
payload_queue = payload.get_queue()
#
# Manager queue configuration
#
database_name = urlparse.urlparse(target).hostname
robots_content = process_robots(target)
if not robots_content:
print("[!] robots.txt not found")
sys.exit()
print("Reaped %s entries" % (len(robots_content)))
print("Using robots.txt as payload")
payload_filename = robots_content
else:
payload_filename = args.payload
if not payload_filename:
print("[!] You have to specify a payload")
parser.print_help()
sys.exit()
print("{:30} {:>}".format("Using payload:", payload_filename))
payload = Payload(target, payload_filename, resumer)
print("{:30} {:>}".format("Threads:", threads))
# Uppercase
if args.uppercase:
payload.set_uppercase()
print("All resource requests will be done in uppercase")
# Capitalization
if args.capitalize:
print("Words will be Capitalized")
payload.set_capitalize()
# Strip extension
if args.strip_extension:
print("Stripping extensions")
if not robots_content:
print("robots.txt not found")
sys.exit()
print("Reaped %s entries" % (len(robots_content)))
print("Using robots.txt as payload")
payload_filename = robots_content
else:
payload_filename = args.payload
if not payload_filename:
print("You have to specify a payload file!")
parser.print_help()
sys.exit()
print("Using payload: %s" % payload_filename)
print("Generating payloads...")
payload = Payload(target, payload_filename, resumer)
print("Spawning %s threads " % threads)
#
# Payload queue configuration
#
payload.set_extensions(extension)
payload.set_remove_slash(remove_slash)
payload.set_uppercase(uppercase)
payload.set_banned_response_codes(banned_response_codes)
payload.set_unbanned_response_codes(unbanned_response_codes)
payload.set_content(content)
payload.set_recursive(recursive)
#
# Manager queue configuration
robots_content = process_robots(target)
if not robots_content:
print("[!] robots.txt not found")
sys.exit()
print("Reaped %s entries" % (len(robots_content)))
print("Using robots.txt as payload")
payload_filename = robots_content
else:
payload_filename = args.payload
if not payload_filename:
print("[!] You have to specify a payload")
parser.print_help()
sys.exit()
print("{:30} {:>}".format("Using payload:", payload_filename))
payload = Payload(target, payload_filename, resumer)
print("{:30} {:>}".format("Threads:", threads))
# Uppercase
if args.uppercase:
payload.set_uppercase()
print("All resource requests will be done in uppercase")
# Capitalization
if args.capitalize:
print("Words will be Capitalized")
payload.set_capitalize()
# Strip extension
if args.strip_extension:
print("Stripping extensions")
def do_GET(self):
force_download = False
if self.path.split("/")[1] == "api":
server_api = ServerApi(self.config, self)
self.output = server_api.process()
self.return_json()
return
path = self.path.split("/")[-1]
payload_path = self.path.split("/")
filename = Utils.gen_str(12)
if payload_path[1] == self.config.get("http-download-path"):
force_download = True
extension = "ps1"
payload = Payload(self.config)
payload.set_callback("__default__")
profile = self.config.get("profile")
if profile.get("domain-fronting") == "on":
payload.set_fronting(profile.get("domain-fronting-host"))
if len(payload_path) > 3:
payload.set_type(payload_path[2])
extension = payload_path[2]
if extension == "exe-old": extension = "exe"
if len(payload_path) > 4:
payload.set_delay(payload_path[3])
payload.set_callback(payload_path[4])
filename = "%s.%s" % (Utils.gen_str(12), extension)
Log.log_event(
"Download Stager",
"Stager was fetched from %s (%s). Stager type is %s" %
(self.client_address[0], self.address_string(), extension))
self.output = payload.get_output()
elif path in Utils.get_download_folder_content():
force_download = True
self.output = Utils.load_file("download/%s" % path)
Log.log_event(
"Download File", "%s was downloaded from %s (%s)" %
(path, self.client_address[0], self.address_string()))
else:
self.output = Utils.load_file(
"html/%s" % self.config.get("http-default-404"))
Log.log_error("Invalid request got a GET request", self.path)
self.return_data(force_download, filename)