def run(self): # Terminate if shell_sh is active if self.session['shell_sh']['status'] == Status.RUN: log.warning(messages.module_audit_disablefunctionbypass. error_sh_commands_enabled) return # Install if -just-run option hasn't been provided, else directly check the backdoor script_url = self.args.get('just_run') if not script_url: script_url = self._install() if not script_url: return elif not self._check_response(script_url): log.warning(messages.module_audit_disablefunctionbypass. error_s_unexpected_output % (script_url)) return log.warning(messages.module_audit_disablefunctionbypass. requests_not_obfuscated) # Console loop while True: query = raw_input('CGI shell replacement $ ').strip() if not query: continue if query == 'quit': break log.info(http.request('%s?c=%s' % (script_url, query)))
def run(self): # Terminate if shell_sh is active if self.session['shell_sh']['status'] == Status.RUN: log.warning(messages.module_audit_disablefunctionbypass.error_sh_commands_enabled) return # Install if -just-run option hasn't been provided, else directly check the backdoor script_url = self.args.get('just_run') if not script_url: script_url = self._install() if not script_url: return elif not self._check_response(script_url): log.warning(messages.module_audit_disablefunctionbypass.error_s_unexpected_output % (script_url)) return log.warning(messages.module_audit_disablefunctionbypass.requests_not_obfuscated) # Console loop while True: query = raw_input('CGI shell replacement $ ').strip() if not query: continue if query == 'quit': break log.info(http.request('%s?c=%s' % (script_url, query)))
def stats(): req_uri = ('https://api.stackexchange.com/2.2/users/{}?order=desc&' 'sort=reputation&site=stackoverflow&filter={}'.format( app.config['STACKOVERFLOW_USER_ID'], '!0Z-LvhH.LNOKu1BHWnIjY_iHH')) r = http.request('GET', req_uri) resp = json.loads(r.data) logger.info('stackoverflow info: {}'.format(resp['items'][0])) return json.dumps(resp)
def _check_response(self, script_url): script_query = '%s?c=' % (script_url) query_random_str = strings.randstr(5) command_query = '%secho%%20%s' % (script_query, query_random_str) result_request = http.request(command_query) return query_random_str in result_request
def wrap(**kwargs): if self.client.is_expires(): raise WeiboAPIError('21327', 'expired_token') return request(self.method, '%s%s.json' % (self.client.api_url, attr.replace('__', '/')), self.client.access_token, **kwargs)
def get_openid(self): """ https://graph.qq.com/oauth2.0/me?access_token=YOUR_ACCESS_TOKEN """ if not self.openid: if self.is_expires(): msg = "You must set a correct access key to request an openid" raise SSOBaseException(msg) ret = request('GET', '%s%s' % (self.auth_url, 'me'), authorization=self.access_token) self.openid = ret.openid return self.openid
def stats(): r = http.request( 'GET', 'https://hacker-news.firebaseio.com/v0/user/{}.json'.format( app.config['HN_USER'])) resp = json.loads(r.data) print type(resp) karma = int(resp.get('karma', 0)) links = len(resp.get('submitted', 0)) print links return karma, links
def wrap(**kwargs): if self.client.is_expires(): raise QQAPIError('100015', 'access token is revoked') openid = self.client.get_openid() return request(self.method, '%s%s' % (self.client.api_url, attr.replace('__', '/')), self.client.access_token, oauth_consumer_key=self.client.app_id, format='json', openid=openid, **kwargs)
def request_access_token(self, code, redirect_uri=None): """ return access token as object: {"access_token":"your-access-token","expires_in":12345678} expires_in is standard unix-epoch-time """ redirect = redirect_uri if redirect_uri else self.redirect_uri if not redirect: raise WeiboAPIError('21305', 'Parameter absent: redirect_uri') r = request('GET', '%s%s' % (self.auth_url, 'access_token'), client_id=self.client_id, client_secret=self.client_secret, redirect_uri=redirect, code=code, grant_type='authorization_code') r.expires_in += int(time.time()) return r
def scrobbled(): """no of tracks scrobbled """ fields = { 'method': 'user.getRecentTracks', 'user': app.config['LASTFM_USER'], 'api_key': app.config['LASTFM_API_KEY'], 'format': 'json' } url = 'http://ws.audioscrobbler.com/2.0' r = http.request('GET', url, fields=fields) resp = json.loads(r.data.decode('utf8')) # interested in the total for now, till "'from': 'date' is used in request scrobbled = int(resp['recenttracks']['@attr']['total']) logger.info('lastfm tracks scrobbled: {}'.format(scrobbled)) return scrobbled
def request_access_token(self, code, redirect_uri=None, grant_type='authorization_code', endpoint='token'): """ return access token as object: {"access_token":"your-access-token","expires_in":12345678} expires_in is standard unix-epoch-time """ redirect = redirect_uri if redirect_uri else self.redirect_uri if not redirect: raise SSOBaseException('Redirect uri is needed.') query_dct = {'client_id': self.app_id, 'client_secret': self.app_key, 'redirect_uri': redirect, 'code': code, 'grant_type': grant_type} ret = request('GET', '%s%s' % (self.auth_url, endpoint), **query_dct) # ret is a string like this: # "access_token=C8F28A60779B94518AF86E1FE8D92312&expires_in=7776000" ret = SDataDict(dict((k, v[0]) for k, v in urlparse.parse_qs(ret).items())) ret['expires_in'] = float(ret['expires_in']) + time.time() return ret
def stats(): req = http.request( 'GET', 'https://www.goodreads.com/user/show/{}.xml?key={}'.format( app.config['GOODREADS_USERID'], app.config['GOODREADS_KEY'])) r = dictify(ET.fromstring(req.data)) user = r['GoodreadsResponse']['user'][0] friends_count = int(user['friends_count'][0]['_text']) reviews_count = int(user['reviews_count'][0]['_text']) fav_genres = user['favorite_books'][0]['_text'].split(', ') shelves = user['user_shelves'][0]['user_shelf'] shelf_info = { shelf['name'][0]['_text']: int(shelf['book_count'][0]['_text']) for shelf in shelves} stats = { 'friendsCount': friends_count, 'reviewsCount': reviews_count, 'books': { 'numberShelves': len(shelves), 'shelves': shelf_info, }, 'favoriteGenres': fav_genres, } return json.dumps(stats)
def stats(): req = http.request( 'GET', 'https://www.goodreads.com/user/show/{}.xml?key={}'.format( app.config['GOODREADS_USERID'], app.config['GOODREADS_KEY'])) r = dictify(ET.fromstring(req.data)) user = r['GoodreadsResponse']['user'][0] friends_count = int(user['friends_count'][0]['_text']) reviews_count = int(user['reviews_count'][0]['_text']) fav_genres = user['favorite_books'][0]['_text'].split(', ') shelves = user['user_shelves'][0]['user_shelf'] shelf_info = { shelf['name'][0]['_text']: int(shelf['book_count'][0]['_text']) for shelf in shelves } stats = { 'friendsCount': friends_count, 'reviewsCount': reviews_count, 'books': { 'numberShelves': len(shelves), 'shelves': shelf_info, }, 'favoriteGenres': fav_genres, } return json.dumps(stats)
def run(self): return request(self.base_url)