def exec_payload(self, payload_name, args=()):
'''
Execute ANOTHER payload, by providing the other payload name.
:param payload_name: The name of the payload I want to run.
:return: The payload result.
'''
try:
return payload_handler.exec_payload(self.shell, payload_name,
args, use_api=True)
except:
#
# Run the payload name with any shell that has the capabilities
# we need, not the one we're already using (that failed because
# it doesn't have the capabilities).
#
try:
return payload_handler.exec_payload(None, payload_name, args,
use_api=True)
except:
msg = 'The payload you are trying to run ("%s") can not be' \
' run because it is trying to call another payload ("%s")'\
' which is failing because there are no shells that'\
' support the required system calls.'
return msg % (self, payload_name)
def exec_payload(self, payload_name, args=()):
'''
Execute ANOTHER payload, by providing the other payload name.
:param payload_name: The name of the payload I want to run.
:return: The payload result.
'''
try:
return payload_handler.exec_payload(self.shell,
payload_name,
args,
use_api=True)
except:
#
# Run the payload name with any shell that has the capabilities
# we need, not the one we're already using (that failed because
# it doesn't have the capabilities).
#
try:
return payload_handler.exec_payload(None,
payload_name,
args,
use_api=True)
except:
msg = 'The payload you are trying to run ("%s") can not be' \
' run because it is trying to call another payload ("%s")'\
' which is failing because there are no shells that'\
' support the required system calls.'
return msg % (self, payload_name)
def test_portscan(self):
result = exec_payload(self.shell, 'portscan',
args=('localhost', '22'),
use_api=True)
self.assertEquals(self.RESULT_22, result)
result = exec_payload(self.shell, 'portscan',
args=('localhost', '23'),
use_api=True)
self.assertEquals(self.RESULT_23, result)
def test_portscan(self):
result = exec_payload(self.shell,
'portscan',
args=('localhost', '22'),
use_api=True)
self.assertEquals(self.RESULT_22, result)
result = exec_payload(self.shell,
'portscan',
args=('localhost', '23'),
use_api=True)
self.assertEquals(self.RESULT_23, result)
def _payload(self, parameters):
'''
Handle the payload command:
- payload desc list_processes -> return payload description
- payload list_processes -> run payload
:param payload_name: The name of the payload I want to run.
:param parameters: The parameters as sent by the user.
'''
#
# Handle payload desc xyz
#
if len(parameters) == 2:
if parameters[0] == 'desc':
payload_name = parameters[1]
if payload_name not in payload_handler.get_payload_list():
return 'Unknown payload name: "%s"' % payload_name
return payload_handler.get_payload_desc(payload_name)
#
# Handle payload xyz
#
payload_name = parameters[0]
parameters = parameters[1:]
if payload_name not in payload_handler.get_payload_list():
return 'Unknown payload name: "%s"' % payload_name
if payload_name in payload_handler.runnable_payloads(self):
om.out.debug(
'Payload %s can be run. Starting execution.' % payload_name)
# Note: The payloads are actually writing to om.out.console
# so there is no need to get the result. If someone wants to
# get the results in a programatic way they should execute the
# payload with use_api=True.
try:
payload_handler.exec_payload(self, payload_name, parameters)
result = None
except TypeError:
# We get here when the user calls the payload with an incorrect
# number of parameters:
payload = payload_handler.get_payload_instance(
payload_name, self)
result = payload.get_desc()
except ValueError, ve:
# We get here when one of the parameters provided by the user is
# not of the correct type, or something like that.
result = str(ve)
def _payload(self, parameters):
'''
Handle the payload command:
- payload desc list_processes -> return payload description
- payload list_processes -> run payload
:param payload_name: The name of the payload I want to run.
:param parameters: The parameters as sent by the user.
'''
#
# Handle payload desc xyz
#
if len(parameters) == 2:
if parameters[0] == 'desc':
payload_name = parameters[1]
if payload_name not in payload_handler.get_payload_list():
return 'Unknown payload name: "%s"' % payload_name
return payload_handler.get_payload_desc(payload_name)
#
# Handle payload xyz
#
payload_name = parameters[0]
parameters = parameters[1:]
if payload_name not in payload_handler.get_payload_list():
return 'Unknown payload name: "%s"' % payload_name
if payload_name in payload_handler.runnable_payloads(self):
om.out.debug(
'Payload %s can be run. Starting execution.' % payload_name)
# Note: The payloads are actually writing to om.out.console
# so there is no need to get the result. If someone wants to
# get the results in a programatic way they should execute the
# payload with use_api=True.
try:
payload_handler.exec_payload(self, payload_name, parameters)
result = None
except TypeError:
# We get here when the user calls the payload with an incorrect
# number of parameters:
payload = payload_handler.get_payload_instance(
payload_name, self)
result = payload.get_desc()
except ValueError, ve:
# We get here when one of the parameters provided by the user is
# not of the correct type, or something like that.
result = str(ve)
def test_pixy(self):
temp_dir = tempfile.mkdtemp()
result = exec_payload(self.shell,
'pixy',
args=(temp_dir, temp_dir),
use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_exec_payload_read(self):
shell = FakeReadShell()
result = exec_payload(shell, 'os_fingerprint', use_api=True)
self.assertEquals({'os': 'Linux'}, result)
result = exec_payload(shell, 'cpu_info', use_api=True)
# On my box the result is:
#
# {'cpu_info': 'AMD Phenom(tm) II X4 945 Processor', 'cpu_cores': '4'}
#
# But because others will also run this, I don't want to make it so
# strict
self.assertTrue('cpu_info' in result)
self.assertTrue('cpu_cores' in result)
self.assertGreater(int(result['cpu_cores']), 0)
self.assertLess(int(result['cpu_cores']), 12)
def test_exec_payload_read(self):
shell = FakeReadShell(None)
result = exec_payload(shell, 'os_fingerprint', use_api=True)
self.assertEquals({'os': 'Linux'}, result)
result = exec_payload(shell, 'cpu_info', use_api=True)
# On my box the result is:
#
# {'cpu_info': 'AMD Phenom(tm) II X4 945 Processor', 'cpu_cores': '4'}
#
# But because others will also run this, I don't want to make it so
# strict
self.assertTrue('cpu_info' in result)
self.assertTrue('cpu_cores' in result)
self.assertGreater( int(result['cpu_cores']) , 0 )
self.assertLess( int(result['cpu_cores']) , 12 )
def test_uptime(self):
result = exec_payload(self.shell, 'uptime', use_api=True)
for key in self.EXPECTED_RESULT:
for time_unit in self.EXPECTED_RESULT[key]:
self.assertTrue(
self.EXPECTED_RESULT[key][time_unit].isdigit())
def test_apache_mod_security(self):
result = exec_payload(self.shell, 'apache_mod_security', use_api=True)
self.assertEquals(self.EXPECTED_RESULT['version'], result['version'])
self.assertIn('/etc/apache2/mods-available/mod-security.conf', result['file'])
file_content = result['file']['/etc/apache2/mods-available/mod-security.conf']
self.assertIn('<IfModule security2_module>', file_content)
def test_tcp(self):
result = exec_payload(self.shell, 'tcp', use_api=True)
local_addresses = []
for key, conn_data in result.iteritems():
local_addresses.append(conn_data['local_address'])
self.assertTrue(set(local_addresses).issuperset(self.EXPECTED_RESULT))
def test_list_processes(self):
result = exec_payload(self.shell, "list_processes", args=(2000,), use_api=True)
cmds = []
for _, pid_data in result.iteritems():
cmds.append(pid_data["cmd"])
for expected in self.EXPECTED_RESULT:
self.assertIn(expected, cmds)
def test_list_processes(self):
result = exec_payload(
self.shell, 'list_processes', args=(2000,), use_api=True)
cmds = []
for _, pid_data in result.iteritems():
cmds.append(pid_data['cmd'])
for expected in self.EXPECTED_RESULT:
self.assertIn(expected, cmds)
def test_apache_mod_security(self):
result = exec_payload(self.shell, 'apache_mod_security', use_api=True)
self.assertEquals(self.EXPECTED_RESULT['version'], result['version'])
self.assertIn('/etc/apache2/mods-available/mod-security.conf',
result['file'])
file_content = result['file'][
'/etc/apache2/mods-available/mod-security.conf']
self.assertIn('<IfModule security2_module>', file_content)
def test_route(self):
result = exec_payload(self.shell, 'route', use_api=True)
routes = result['route']
for route_info in routes:
dest = route_info['Destination']
gw = route_info['Gateway']
iface = route_info['Iface']
mask = route_info['Mask']
self.assertEqual(dest.count('.'), 3)
self.assertEqual(gw.count('.'), 3)
self.assertTrue(iface.startswith('eth'))
self.assertEqual(mask.count('.'), 3)
def _payload(self, payload_name, parameters):
'''
Run a payload by name.
@param payload_name: The name of the payload I want to run.
@param parameters: The parameters as sent by the user.
'''
if payload_name in payload_handler.runnable_payloads(self):
om.out.debug( 'The payload can be run. Starting execution.' )
# Note: The payloads are actually writing to om.out.console
# so there is no need to get the result. If someone wants to
# get the results in a programatic way they should execute the
# payload with use_api=True.
payload_handler.exec_payload( self, payload_name, parameters)
result = None
else:
result = 'The payload could not be run.'
return result
def test_route(self):
result = exec_payload(self.shell, 'route', use_api=True)
routes = result['route']
for route_info in routes:
dest = route_info['Destination']
gw = route_info['Gateway']
iface = route_info['Iface']
mask = route_info['Mask']
self.assertEqual(dest.count('.'), 3)
self.assertEqual(gw.count('.'), 3)
self.assertTrue(iface.startswith('eth'))
self.assertEqual(mask.count('.'), 3)
def exec_payload(self, payload_name, parameters=[]):
'''
Execute ANOTHER payload, by providing the other payload name.
@parameter payload_name: The name of the payload I want to run.
@return: The payload result.
'''
try:
return payload_handler.exec_payload(self.shell, payload_name, parameters, use_api=True)
except:
#
# Run the payload name with any shell that has the capabilities we need,
# not the one we're already using (that failed because it doesn't have
# the capabilities).
#
try:
return payload_handler.exec_payload(None, payload_name, parameters, use_api=True)
except:
msg = 'The payload you are trying to run ("%s") can not be run with the current' % self
msg += ' is trying to call another payload ("%s") which is failing because' % payload_name
msg += ' there are no shells that support the necessary system calls.'
return msg
def test_get_source_code(self):
temp_dir = tempfile.mkdtemp()
result = exec_payload(self.shell, 'get_source_code', args=(temp_dir,),
use_api=True)
self.assertEqual(len(self.EXPECTED_RESULT.keys()), 1)
expected_url = self.EXPECTED_RESULT.keys()[0]
downloaded_url = result.items()[0][0].url_string
self.assertEquals(expected_url, downloaded_url)
downloaded_file_path = result.items()[0][1][1]
downloaded_file_content = file(downloaded_file_path).read()
self.assertTrue(self.CONTENT in downloaded_file_content)
shutil.rmtree(temp_dir)
def _payload(self, payload_name, parameters):
'''
Run a payload by name.
@param payload_name: The name of the payload I want to run.
@param parameters: The parameters as sent by the user.
'''
result_str = ''
if payload_name in payload_handler.runnable_payloads(self):
om.out.debug( 'The payload can be run. Starting execution.' )
# TODO: The payloads are actually writing to om.out.console
# by themselves, so this is useless. In order for the
# result_str = ... to work, we would need a refactoring
# what usually gets here, are errors.
result_str = payload_handler.exec_payload( self, payload_name, parameters)
else:
result_str = 'The payload could not be run.'
return result_str
def test_firefox_stealer(self):
result = exec_payload(self.shell, 'firefox_stealer', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_mysql_config(self):
result = exec_payload(self.shell, 'mysql_config', use_api=True)
self.assertTrue(self.EXPECTED_RESULT in result)
def test_exec_payload_exec(self):
shell = FakeExecShell()
result = exec_payload(shell, 'os_fingerprint', use_api=True)
self.assertEquals({'os': 'Linux'}, result)
def test_rootkit_hunter(self):
result = exec_payload(self.shell, 'rootkit_hunter', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_mysql_config_directory(self):
result = exec_payload(self.shell,
'mysql_config_directory',
use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_iis_root_directory(self):
result = exec_payload(self.shell, 'iis_root_directory', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_ssh_config_files(self):
result = exec_payload(self.shell, 'ssh_config_files', use_api=True)
self.assertTrue('/etc/ssh/sshd_config' in result)
self.assertTrue('PermitRootLogin' in result['/etc/ssh/sshd_config'])
def test_php_sca(self):
result = exec_payload(self.shell, 'php_sca', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result.keys()[0])
def test_running_vm(self):
result = exec_payload(self.shell, 'running_vm', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_pixy(self):
temp_dir = tempfile.mkdtemp()
result = exec_payload(self.shell, "pixy", args=(temp_dir, temp_dir), use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_read_mail(self):
result = exec_payload(self.shell, 'read_mail', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_smb_config_files(self):
result = exec_payload(self.shell, 'smb_config_files', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_w3af_agent(self):
result = exec_payload(self.shell, 'w3af_agent', args=(get_local_ip(),),
use_api=True)
self.assertEquals('Successfully started the w3afAgent.', result)
def test_svn_config_files(self):
result = exec_payload(self.shell, 'svn_config_files', use_api=True)
self.assertTrue('/home/moth/.subversion/config' in result)
self.assertTrue('props' in result['/home/moth/.subversion/config'])
def test_log_reader(self):
result = exec_payload(self.shell, 'log_reader', use_api=True)
logs = set(result.keys())
self.assertTrue(self.EXPECTED_RESULT.issubset(logs), logs)
def test_arp_cache(self):
result = exec_payload(self.shell, 'arp_cache', use_api=True)
for ip_address, (mac, iface) in result.iteritems():
self.assertEquals(ip_address.count('.'), 3)
self.assertEquals(mac.count(':'), 5)
self.assertTrue(iface.startswith('eth'))
def test_os_fingerprint(self):
result = exec_payload(self.shell, 'os_fingerprint', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_kerberos_config_files(self):
result = exec_payload(self.shell,
'kerberos_config_files',
use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_kernel_version(self):
result = exec_payload(self.shell, 'kernel_version', use_api=True)
self.assertTrue(result['kernel_version'].startswith('3.2.'))
self.assertTrue('buildd' in result['kernel_version'])
def test_mail_config_files(self):
result = exec_payload(self.shell, 'mail_config_files', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, set(result.keys()))
def test_cpu_info(self):
result = exec_payload(self.shell, 'cpu_info', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_filesystem(self):
result = exec_payload(self.shell, "filesystem", use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result.keys())
def test_list_kernel_modules(self):
result = exec_payload(self.shell, 'list_kernel_modules', use_api=True)
self.assertTrue(set(
result.keys()).issuperset(self.EXPECTED_RESULT), result.keys())
def test_apache_config_files(self):
result = exec_payload(self.shell, 'apache_config_files', use_api=True)
self.assertEquals(set(self.EXPECTED_RESULT),
set(result['apache_config'].keys()))
def test_ssh_version(self):
result = exec_payload(self.shell, 'ssh_version', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_apache_run_group(self):
result = exec_payload(self.shell, 'apache_run_group', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_netcat_installed(self):
result = exec_payload(self.shell, 'netcat_installed', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
