def scan_start(taskid): """ Launch a scan """ global tasks global procs global pipes if taskid not in tasks: abort(500, "Invalid task ID") # Initialize sqlmap engine's options with user's provided options # within the JSON request for key, value in request.json.items(): tasks[taskid][key] = value # Overwrite output directory (oDir) value to a temporary directory tasks[taskid].oDir = tempfile.mkdtemp(prefix="sqlmap-") # Launch sqlmap engine in a separate thread logger.debug("starting a scan for task ID %s" % taskid) pipes[taskid] = os.pipe() # Provide sqlmap engine with the writable pipe for logging tasks[taskid]["fdLog"] = pipes[taskid][1] # Launch sqlmap engine procs[taskid] = execute("python sqlmap.py --pickled-options %s" % base64pickle(tasks[taskid]), shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=False) return jsonize({"success": True})
def _runMsfCli(self, exitfunc): self._forgeMsfCliCmd(exitfunc) infoMsg = "running Metasploit Framework command line " infoMsg += "interface locally, please wait.." logger.info(infoMsg) logger.debug("executing local command: %s" % self._cliCmd) self._msfCliProc = execute(self._cliCmd, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=False)
def _runMsfCliSmbrelay(self): self._forgeMsfCliCmdForSmbrelay() infoMsg = "running Metasploit Framework command line " infoMsg += "interface locally, please wait.." logger.info(infoMsg) logger.debug("executing local command: %s" % self._cliCmd) self._msfCliProc = execute(self._cliCmd, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE)
def createMsfShellcode(self, exitfunc, format, extra, encode): infoMsg = "creating Metasploit Framework multi-stage shellcode " logger.info(infoMsg) self._randStr = randomStr(lowercase=True) self._shellcodeFilePath = os.path.join(conf.outputPath, "tmpm%s" % self._randStr) Metasploit._initVars(self) self._prepareIngredients(encode=encode) self._forgeMsfPayloadCmd(exitfunc, format, self._shellcodeFilePath, extra) logger.debug("executing local command: %s" % self._payloadCmd) process = execute(self._payloadCmd, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=False) dataToStdout("\r[%s] [INFO] creation in progress " % time.strftime("%X")) pollProcess(process) payloadStderr = process.communicate()[1] match = re.search( b"(Total size:|Length:|succeeded with size|Final size of exe file:) ([\\d]+)", payloadStderr) if match: payloadSize = int(match.group(2)) if extra == "BufferRegister=EAX": payloadSize = payloadSize // 2 debugMsg = "the shellcode size is %d bytes" % payloadSize logger.debug(debugMsg) else: errMsg = "failed to create the shellcode ('%s')" % getText( payloadStderr).replace("\n", " ").replace("\r", "") raise SqlmapFilePathException(errMsg) self._shellcodeFP = open(self._shellcodeFilePath, "rb") self.shellcodeString = getText(self._shellcodeFP.read()) self._shellcodeFP.close() os.unlink(self._shellcodeFilePath)
def createMsfShellcode(self, exitfunc, format, extra, encode): infoMsg = "creating Metasploit Framework multi-stage shellcode " logger.info(infoMsg) self._randStr = randomStr(lowercase=True) self._shellcodeFilePath = os.path.join(conf.outputPath, "tmpm%s" % self._randStr) Metasploit._initVars(self) self._prepareIngredients(encode=encode) self._forgeMsfPayloadCmd(exitfunc, format, self._shellcodeFilePath, extra) logger.debug("executing local command: %s" % self._payloadCmd) process = execute(self._payloadCmd, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=False) dataToStdout("\r[%s] [INFO] creation in progress " % time.strftime("%X")) pollProcess(process) payloadStderr = process.communicate()[1] match = re.search("(Total size:|Length:|succeeded with size) ([\d]+)", payloadStderr) if match: payloadSize = int(match.group(2)) if extra == "BufferRegister=EAX": payloadSize = payloadSize / 2 debugMsg = "the shellcode size is %d bytes" % payloadSize logger.debug(debugMsg) else: errMsg = "failed to create the shellcode (%s)" % payloadStderr.replace("\n", " ").replace("\r", "") raise SqlmapFilePathException(errMsg) self._shellcodeFP = open(self._shellcodeFilePath, "rb") self.shellcodeString = self._shellcodeFP.read() self._shellcodeFP.close() os.unlink(self._shellcodeFilePath)
def scan_start(taskid): """ Launch a scan """ global tasks global procs if taskid not in tasks: abort(500, "Invalid task ID") # Initialize sqlmap engine's options with user's provided options, if any for key, value in request.json.items(): tasks[taskid][key] = value # Overwrite output directory value to a temporary directory tasks[taskid].oDir = tempfile.mkdtemp(prefix="sqlmapoutput-") # Launch sqlmap engine in a separate thread logger.debug("starting a scan for task ID %s" % taskid) # Launch sqlmap engine procs[taskid].child = execute("python sqlmap.py --pickled-options %s" % base64pickle(tasks[taskid]), shell=True, stdin=PIPE) return jsonize({"success": True})