def generate(self): self.__initAttacks() deps = None for _, x in enumerate(self.attacks): if x.doReturn: print('') if x.require: x.loadRequire( self.source, self.backend, self.dbms, [y for y in self.attacks if y.name in x.require]) deps = ", ".join( [y.name for y in self.attacks if y.name in x.require]) for x in self.attacks: if x.doReturn: Logger.logSuccess(u"[+] Launching module {0}".format(x.name)) Logger.logSuccess(u" and its deps: {0}".format( deps if deps is not None else 'None')) if self.color: x.setColor() if self.verbose: x.setVerbose() web.payloads = x.Job(self.source, self.backend, self.dbms) return os.path.join(self.output, self.theme)
def generate(self): self.__initAttacks() deps = None for _, x in enumerate(self.attacks): if x.doReturn: print('') if x.require: x.loadRequire(self.source, self.backend, self.dbms, [ y for y in self.attacks if y.name in x.require]) deps = ", ".join( [y.name for y in self.attacks if y.name in x.require]) for x in self.attacks: if x.doReturn: Logger.logSuccess(u"[+] Launching module {0}".format(x.name)) Logger.logSuccess(u" and its deps: {0}".format( deps if deps is not None else 'None')) if self.color: x.setColor() if self.verbose: x.setVerbose() web.payloads = x.Job( self.source, self.backend, self.dbms) return os.path.join(self.output, self.theme)
def start(self): path = self.generate() web.path = path if web.payloads is not None: if self.dbms: if self.dbms == 'Mongo': cmd = "run -id -p {0}:80 -v {1}:{2}:rw -v {3}:/etc/php5/fpm/php.ini:ro -v {4}:/usr/lib/php5/modules/mongodb.so:ro --link {5}:{6} --name VW --workdir {2} {7} ".format( self.expose, web.path, self.mount_point, os.path.join(web.path, 'php.ini'), os.path.join(web.path, 'mongodb.so'), web.container_name, self.dbms.lower(), self.image) else: cmd = "run -id -p {0}:80 -v {1}:{2} -v {3}:/etc/php5/fpm/php.ini --link {4}:{5} --name VW --workdir {2} {6} ".format( self.expose, web.path, self.mount_point, os.path.join(web.path, 'php.ini'), web.container_name, self.dbms.lower(), self.image) if self.command: cmd = cmd + self.command web.dAgent.send(cmd) else: cmd = "run -id -p {0}:80 -v {1}:{2}:rw -v {3}:/etc/php5/fpm/php.ini:ro --name VW --workdir {2} {4} ".format( self.expose, web.path, self.mount_point, os.path.join(web.path, 'php.ini'), self.image) if self.command: cmd = cmd + self.command web.dAgent.send(cmd) web.ctr = web.dAgent.recv() if "cmd" in web.payloads: Logger.logInfo( "[INFO] " + "CMD: {0}".format(web.payloads['cmd'])) web.dAgent.send( "exec {0} -- {1}".format(web.ctr, web.payloads['cmd'])) if "warning" in web.payloads: for warning in web.payloads['warning']: Logger.logWarning("[WARNING] " + warning) if "error" in web.payloads: for error in web.payloads['error']: Logger.logError("[ERROR] " + error) url = ['http', '127.0.0.1:{0}'.format( self.expose), '/', '', '', ''] params = {} if web.payloads['key'] is not None: for index, _ in enumerate(web.payloads['key']): if re.search("page", web.payloads['key'][index], flags=re.IGNORECASE): web.payloads['value'][index] = "index" params.update({'{0}'.format(web.payloads['key'][index]): '{0}'.format( web.payloads['value'][index])}) query = params url[4] = urlencode(query) t = Terminal() with t.location(0, t.height - 1): Logger.logSuccess( t.center(t.blink("Browse: {0}".format(urlparse.urlunparse(url))))) web.dAgent.send("logs {0} -f".format(web.ctr))
def start(self): path = self.generate() web.path = path if web.payloads is not None: web.ctr = web.dAgent.startContainer(image='{0}'.format(self.image), ports=[80], volumes=['{0}'.format(self.mount_point), '/etc/php5/fpm/php.ini'], host_config=web.dAgent.createHostConfig( port_bindings={ 80: self.expose }, binds=self.bindsOperation(), links={'{0}'.format(web.container_name): '{0}'.format( self.dbms.lower())} if self.dbms is not None else None ), name='VW') if "cmd" in web.payloads: Logger.logInfo( "[INFO] " + "CMD: cd {0} && {1}".format(self.mount_point, web.payloads['cmd'])) web.dAgent.execute(web.ctr, web.payloads[ 'cmd'], self.mount_point) if "warning" in web.payloads: for warning in web.payloads['warning']: Logger.logWarning("[WARNING] " + warning) if "error" in web.payloads: for error in web.payloads['error']: Logger.logError("[ERROR] " + error) url = ['http', '{0}:{1}'.format( web.dAgent.host, self.expose), '/', '', '', ''] params = {} if web.payloads['key'] is not None: for index, _ in enumerate(web.payloads['key']): if re.search("page", web.payloads['key'][index], flags=re.IGNORECASE): web.payloads['value'][index] = "index" params.update({'{0}'.format(web.payloads['key'][index]): '{0}'.format( web.payloads['value'][index])}) query = params url[4] = urlencode(query) t = Terminal() with t.location(0, t.height - 1): Logger.logSuccess( t.center(t.blink("Browse: {0}".format(urlparse.urlunparse(url))))) web.dAgent.logs(web.ctr)
def enter_shell(gen_instance): sA = shellAgent() gen_instance.parse("set backend = php") gen_instance.parse("set dbms = None") gen_instance.parse("set theme = startbootstrap-agency-1.0.6") gen_instance.parse("set expose = 80") gen_instance.parse("set modules = +unfilter") Logger.logInfo("VWGen ready (press Ctrl+D to end input)") while True: result = gen_instance.parse(sA.prompt()) if result == "CTRL+D": Logger.logInfo("[INFO] CTRL+D captured. Exit.") raise RuntimeError elif result is not None: Logger.logSuccess(result) else: Logger.logError("Unreconized keyword!")
def start(self): path = self.generate() web.path = path if web.payloads is not None: if self.dbms: if self.dbms == 'Mongo': cmd = "run -id -p {0}:80 -v {1}:{2}:rw -v {3}:/etc/php5/fpm/php.ini:ro -v {4}:/usr/lib/php5/modules/mongodb.so:ro --link {5}:{6} --name VW --workdir {2} {7} ".format( self.expose, web.path, self.mount_point, os.path.join(web.path, 'php.ini'), os.path.join(web.path, 'mongodb.so'), web.container_name, self.dbms.lower(), self.image) else: cmd = "run -id -p {0}:80 -v {1}:{2} -v {3}:/etc/php5/fpm/php.ini --link {4}:{5} --name VW --workdir {2} {6} ".format( self.expose, web.path, self.mount_point, os.path.join(web.path, 'php.ini'), web.container_name, self.dbms.lower(), self.image) if self.command: cmd = cmd + self.command web.dAgent.send(cmd) else: cmd = "run -id -p {0}:80 -v {1}:{2}:rw -v {3}:/etc/php5/fpm/php.ini:ro --name VW --workdir {2} {4} ".format( self.expose, web.path, self.mount_point, os.path.join(web.path, 'php.ini'), self.image) if self.command: cmd = cmd + self.command web.dAgent.send(cmd) web.ctr = web.dAgent.recv() if "cmd" in web.payloads: Logger.logInfo("[INFO] " + "CMD: {0}".format(web.payloads['cmd'])) web.dAgent.send("exec {0} -- {1}".format( web.ctr, web.payloads['cmd'])) if "warning" in web.payloads: for warning in web.payloads['warning']: Logger.logWarning("[WARNING] " + warning) if "error" in web.payloads: for error in web.payloads['error']: Logger.logError("[ERROR] " + error) url = [ 'http', '127.0.0.1:{0}'.format(self.expose), '/', '', '', '' ] params = {} if web.payloads['key'] is not None: for index, _ in enumerate(web.payloads['key']): if re.search("page", web.payloads['key'][index], flags=re.IGNORECASE): web.payloads['value'][index] = "index" params.update({ '{0}'.format(web.payloads['key'][index]): '{0}'.format(web.payloads['value'][index]) }) query = params url[4] = urlencode(query) t = Terminal() with t.location(0, t.height - 1): Logger.logSuccess( t.center( t.blink("Browse: {0}".format( urlparse.urlunparse(url))))) web.dAgent.send("logs {0} -f".format(web.ctr))
def parse(self, arg): from core.attack import attack arg = arg.strip() try: if arg.startswith("help"): arg = arg[4:].strip() for case in switch(arg): if case('set'): Logger.logSuccess("[*] set A = B") break if case('unset'): Logger.logSuccess("[*] unset A") break if case('show'): Logger.logSuccess("[*] show [modules, themes, infos]") break if case(): Logger.logSuccess("[*] help [set, unset, show]") return True elif arg.startswith("set"): arg = arg[3:].strip() list = re.split("[\s=]+", arg) return getattr(self, ''.join(['set', list[0].capitalize()]))(list[1]) elif arg.startswith("unset"): arg = arg[5:].strip() print arg setattr(self, arg, None) return True elif arg.startswith("show"): arg = arg[4:].strip() for case in switch(arg): if case('modules'): Logger.logSuccess(u"{0}".format(u", ".join( attack.modules))) break if case('themes'): Logger.logSuccess(u"{0}".format(u", ".join( attack.themes))) break if case('infos'): Logger.logSuccess("Backend: {0}".format(self.backend)) Logger.logSuccess("Dbms: {0}".format(self.dbms)) Logger.logSuccess("Theme: {0}".format(self.theme)) Logger.logSuccess("Expose Port: {0}".format( self.expose)) Logger.logSuccess("Color: {0}".format( str(bool(self.color)))) Logger.logSuccess("Verbose: {0}".format( str(bool(self.verbose)))) Logger.logSuccess("Modules: {0}".format(self.modules)) break if case(): Logger.logSuccess("[*] show [modules, themes, infos]") return True elif arg.startswith("start"): gen.setThemeEnv() try: self.start() except (KeyboardInterrupt, SystemExit, RuntimeError): Logger.logInfo("[INFO] See you next time.") except APIError as e: Logger.logError("\n" + "[ERROR] " + str(e.explanation)) Logger.logInfo( "\n[INFO] Taking you to safely leave the program.") finally: self.fp.rmtree(self.fp.path) web.dAgent.send("rm -f {0}".format(web.db_ctr)) web.dAgent.send("rm -f {0}".format(web.ctr)) gen.reset() return True elif arg.startswith("CTRL+D"): return "CTRL+D" except AttributeError as e: Logger.logError(e) return True
def parse(self, arg): from core.attack import attack arg = arg.strip() try: if arg.startswith("help"): arg = arg[4:].strip() for case in switch(arg): if case('set'): Logger.logSuccess("[*] set A = B") break if case('unset'): Logger.logSuccess("[*] unset A") break if case('show'): Logger.logSuccess("[*] show [modules, themes, infos]") break if case(): Logger.logSuccess("[*] help [set, unset, show]") return True elif arg.startswith("set"): arg = arg[3:].strip() list = re.split("[\s=]+", arg) return getattr(self, ''.join(['set', list[0].capitalize()]))(list[1]) elif arg.startswith("unset"): arg = arg[5:].strip() print arg setattr(self, arg, None) return True elif arg.startswith("show"): arg = arg[4:].strip() for case in switch(arg): if case('modules'): Logger.logSuccess(u"{0}".format( u", ".join(attack.modules))) break if case('themes'): Logger.logSuccess(u"{0}".format( u", ".join(attack.themes))) break if case('infos'): Logger.logSuccess("Backend: {0}".format(self.backend)) Logger.logSuccess("Dbms: {0}".format(self.dbms)) Logger.logSuccess("Theme: {0}".format(self.theme)) Logger.logSuccess( "Expose Port: {0}".format(self.expose)) Logger.logSuccess( "Color: {0}".format(str(bool(self.color)))) Logger.logSuccess("Verbose: {0}".format( str(bool(self.verbose)))) Logger.logSuccess("Modules: {0}".format(self.modules)) break if case(): Logger.logSuccess("[*] show [modules, themes, infos]") return True elif arg.startswith("start"): gen.setThemeEnv() try: self.start() except (KeyboardInterrupt, SystemExit, RuntimeError): Logger.logInfo("[INFO] See you next time.") except APIError as e: Logger.logError("\n" + "[ERROR] " + str(e.explanation)) Logger.logInfo( "\n[INFO] Taking you to safely leave the program.") finally: self.fp.rmtree(self.fp.path) web.dAgent.send("rm -f {0}".format(web.db_ctr)) web.dAgent.send("rm -f {0}".format(web.ctr)) gen.reset() return True elif arg.startswith("CTRL+D"): return "CTRL+D" except AttributeError as e: Logger.logError(e) return True