def _verify_vuln(self, vuln_obj):
"""
This command verifies a vuln. This is really hard work!
:param vuln_obj: The vulnerability to exploit.
:return : True if vuln can be exploited.
"""
# Get the shells
extension = vuln_obj.get_url().get_extension()
# I get a list of tuples with code and extension to use
null_command = ''
shell_code_list = shell_handler.get_shell_code(extension, null_command)
for code, real_extension, shellcode_generator in shell_code_list:
# Prepare for exploitation...
mutant = vuln_obj.get_mutant()
mutant = mutant.copy()
mutant.set_token_value(code)
try:
http_res = self._uri_opener.send_mutant(mutant)
except BaseFrameworkException, w3:
msg = 'An error occurred while trying to exploit the eval()'\
' vulnerability. Original exception: "%s".'
om.out.debug(msg % w3)
else:
if shell_handler.SHELL_IDENTIFIER in http_res.get_body():
msg = 'Successfully exploited eval() vulnerability using'\
' the following code snippet: "%s...".' % code[:35]
om.out.debug(msg)
self._shellcode_generator = shellcode_generator
return True
def _verify_vuln(self, vuln_obj):
"""
This command verifies a vuln. This is really hard work!
:param vuln_obj: The vulnerability to exploit.
:return : True if vuln can be exploited.
"""
# Get the shells
extension = vuln_obj.get_url().get_extension()
# I get a list of tuples with code and extension to use
null_command = ''
shell_code_list = shell_handler.get_shell_code(extension, null_command)
for code, real_extension, shellcode_generator in shell_code_list:
# Prepare for exploitation...
mutant = vuln_obj.get_mutant()
mutant = mutant.copy()
mutant.set_token_value(code)
try:
http_res = self._uri_opener.send_mutant(mutant)
except BaseFrameworkException, w3:
msg = 'An error occurred while trying to exploit the eval()' \
' vulnerability. Original exception: "%s".'
om.out.debug(msg % w3)
else:
if shell_handler.SHELL_IDENTIFIER in http_res.get_body():
msg = 'Successfully exploited eval() vulnerability using' \
' the following code snippet: "%s...".' % code[:35]
om.out.debug(msg)
self._shellcode_generator = shellcode_generator
return True
def test_get_shell_code_invalid_extension(self):
shells = get_shell_code('123456', self.TEST_CMD)
self.assertEqual(len(shells), 2)
php_shell_code, lang, shellcode_generator = shells[0]
self.assertEqual(lang, 'php')
self.assertIn('echo ', php_shell_code)
def test_get_shell_code_extension_force(self):
shells = get_shell_code('php', self.TEST_CMD, True)
self.assertEqual(len(shells), 1)
php_shell_code, lang, shellcode_generator = shells[0]
self.assertEqual(lang, 'php')
self.assertIn('echo ', php_shell_code)
def test_get_shell_code_invalid_extension(self):
shells = get_shell_code('123456', self.TEST_CMD)
self.assertEqual(len(shells), 2)
php_shell_code, lang, shellcode_generator = shells[0]
self.assertEqual(lang, 'php')
self.assertIn('echo ', php_shell_code)
def test_get_shell_code_extension_force(self):
shells = get_shell_code('php', self.TEST_CMD, True)
self.assertEqual(len(shells), 1)
php_shell_code, lang, shellcode_generator = shells[0]
self.assertEqual(lang, 'php')
self.assertIn('echo ', php_shell_code)
def test_kb_list_shells_eval_2181(self):
"""
:see: https://github.com/andresriancho/w3af/issues/2181
"""
w3af_core = w3afCore()
shellcodes = get_shell_code('php', 'ls')
shellcode_generator = shellcodes[0][2]
shell = EvalShell(MockVuln(), w3af_core.uri_opener,
w3af_core.worker_pool, shellcode_generator)
kb.append('a', 'b', shell)
shells = kb.get_all_shells(w3af_core=w3af_core)
self.assertEqual(len(shells), 1)
unpickled_shell = shells[0]
self.assertEqual(shell, unpickled_shell)
self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener)
self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool)
self.assertEqual(unpickled_shell.shellcode_generator.args,
shell.shellcode_generator.args)
w3af_core.quit()
def test_kb_list_shells_eval_2181(self):
"""
:see: https://github.com/andresriancho/w3af/issues/2181
"""
w3af_core = w3afCore()
shellcodes = get_shell_code('php', 'ls')
shellcode_generator = shellcodes[0][2]
shell = EvalShell(MockVuln(), w3af_core.uri_opener,
w3af_core.worker_pool, shellcode_generator)
kb.append('a', 'b', shell)
shells = kb.get_all_shells(w3af_core=w3af_core)
self.assertEqual(len(shells), 1)
unpickled_shell = shells[0]
self.assertEqual(shell, unpickled_shell)
self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener)
self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool)
self.assertEqual(unpickled_shell.shellcode_generator.args,
shell.shellcode_generator.args)
w3af_core.quit()
