def run(self):
# Terminate if shell_sh is active
if self.session['shell_sh']['status'] == Status.RUN:
log.warning(messages.module_audit_disablefunctionbypass.
error_sh_commands_enabled)
return
# Install if -just-run option hasn't been provided, else directly check the backdoor
script_url = self.args.get('just_run')
if not script_url:
script_url = self._install()
if not script_url:
return
elif not self._check_response(script_url):
log.warning(messages.module_audit_disablefunctionbypass.
error_s_unexpected_output % (script_url))
return
log.warning(messages.module_audit_disablefunctionbypass.
requests_not_obfuscated)
# Console loop
while True:
query = raw_input('CGI shell replacement $ ').strip()
if not query:
continue
if query == 'quit':
break
log.info(http.request('%s?c=%s' % (script_url, query)))
def run(self):
# Terminate if shell_sh is active
if self.session['shell_sh']['status'] == Status.RUN:
log.warning(messages.module_audit_disablefunctionbypass.error_sh_commands_enabled)
return
# Install if -just-run option hasn't been provided, else directly check the backdoor
script_url = self.args.get('just_run')
if not script_url:
script_url = self._install()
if not script_url:
return
elif not self._check_response(script_url):
log.warning(messages.module_audit_disablefunctionbypass.error_s_unexpected_output % (script_url))
return
log.warning(messages.module_audit_disablefunctionbypass.requests_not_obfuscated)
# Console loop
while True:
query = raw_input('CGI shell replacement $ ').strip()
if not query:
continue
if query == 'quit':
break
log.info(http.request('%s?c=%s' % (script_url, query)))
def stats():
req_uri = ('https://api.stackexchange.com/2.2/users/{}?order=desc&'
'sort=reputation&site=stackoverflow&filter={}'.format(
app.config['STACKOVERFLOW_USER_ID'],
'!0Z-LvhH.LNOKu1BHWnIjY_iHH'))
r = http.request('GET', req_uri)
resp = json.loads(r.data)
logger.info('stackoverflow info: {}'.format(resp['items'][0]))
return json.dumps(resp)
def _check_response(self, script_url):
script_query = '%s?c=' % (script_url)
query_random_str = strings.randstr(5)
command_query = '%secho%%20%s' % (script_query, query_random_str)
result_request = http.request(command_query)
return query_random_str in result_request
def wrap(**kwargs):
if self.client.is_expires():
raise WeiboAPIError('21327', 'expired_token')
return request(self.method,
'%s%s.json' % (self.client.api_url,
attr.replace('__', '/')),
self.client.access_token,
**kwargs)
def _check_response(self, script_url):
script_query = '%s?c=' % (script_url)
query_random_str = strings.randstr(5)
command_query = '%secho%%20%s' % (script_query, query_random_str)
result_request = http.request(command_query)
return query_random_str in result_request
def get_openid(self):
""" https://graph.qq.com/oauth2.0/me?access_token=YOUR_ACCESS_TOKEN """
if not self.openid:
if self.is_expires():
msg = "You must set a correct access key to request an openid"
raise SSOBaseException(msg)
ret = request('GET', '%s%s' % (self.auth_url, 'me'),
authorization=self.access_token)
self.openid = ret.openid
return self.openid
def stats():
r = http.request(
'GET', 'https://hacker-news.firebaseio.com/v0/user/{}.json'.format(
app.config['HN_USER']))
resp = json.loads(r.data)
print type(resp)
karma = int(resp.get('karma', 0))
links = len(resp.get('submitted', 0))
print links
return karma, links
def wrap(**kwargs):
if self.client.is_expires():
raise QQAPIError('100015', 'access token is revoked')
openid = self.client.get_openid()
return request(self.method,
'%s%s' % (self.client.api_url,
attr.replace('__', '/')),
self.client.access_token,
oauth_consumer_key=self.client.app_id,
format='json', openid=openid, **kwargs)
def request_access_token(self, code, redirect_uri=None):
"""
return access token as object:
{"access_token":"your-access-token","expires_in":12345678}
expires_in is standard unix-epoch-time
"""
redirect = redirect_uri if redirect_uri else self.redirect_uri
if not redirect:
raise WeiboAPIError('21305', 'Parameter absent: redirect_uri')
r = request('GET', '%s%s' % (self.auth_url, 'access_token'),
client_id=self.client_id, client_secret=self.client_secret,
redirect_uri=redirect, code=code, grant_type='authorization_code')
r.expires_in += int(time.time())
return r
def scrobbled():
"""no of tracks scrobbled
"""
fields = {
'method': 'user.getRecentTracks',
'user': app.config['LASTFM_USER'],
'api_key': app.config['LASTFM_API_KEY'],
'format': 'json'
}
url = 'http://ws.audioscrobbler.com/2.0'
r = http.request('GET', url, fields=fields)
resp = json.loads(r.data.decode('utf8'))
# interested in the total for now, till "'from': 'date' is used in request
scrobbled = int(resp['recenttracks']['@attr']['total'])
logger.info('lastfm tracks scrobbled: {}'.format(scrobbled))
return scrobbled
def request_access_token(self, code, redirect_uri=None,
grant_type='authorization_code', endpoint='token'):
"""
return access token as object:
{"access_token":"your-access-token","expires_in":12345678}
expires_in is standard unix-epoch-time
"""
redirect = redirect_uri if redirect_uri else self.redirect_uri
if not redirect:
raise SSOBaseException('Redirect uri is needed.')
query_dct = {'client_id': self.app_id, 'client_secret': self.app_key,
'redirect_uri': redirect, 'code': code,
'grant_type': grant_type}
ret = request('GET', '%s%s' % (self.auth_url, endpoint), **query_dct)
# ret is a string like this:
# "access_token=C8F28A60779B94518AF86E1FE8D92312&expires_in=7776000"
ret = SDataDict(dict((k, v[0]) for k, v in urlparse.parse_qs(ret).items()))
ret['expires_in'] = float(ret['expires_in']) + time.time()
return ret
def stats():
req = http.request(
'GET', 'https://www.goodreads.com/user/show/{}.xml?key={}'.format(
app.config['GOODREADS_USERID'], app.config['GOODREADS_KEY']))
r = dictify(ET.fromstring(req.data))
user = r['GoodreadsResponse']['user'][0]
friends_count = int(user['friends_count'][0]['_text'])
reviews_count = int(user['reviews_count'][0]['_text'])
fav_genres = user['favorite_books'][0]['_text'].split(', ')
shelves = user['user_shelves'][0]['user_shelf']
shelf_info = {
shelf['name'][0]['_text']: int(shelf['book_count'][0]['_text'])
for shelf in shelves}
stats = {
'friendsCount': friends_count,
'reviewsCount': reviews_count,
'books': {
'numberShelves': len(shelves),
'shelves': shelf_info,
},
'favoriteGenres': fav_genres,
}
return json.dumps(stats)
def stats():
req = http.request(
'GET', 'https://www.goodreads.com/user/show/{}.xml?key={}'.format(
app.config['GOODREADS_USERID'], app.config['GOODREADS_KEY']))
r = dictify(ET.fromstring(req.data))
user = r['GoodreadsResponse']['user'][0]
friends_count = int(user['friends_count'][0]['_text'])
reviews_count = int(user['reviews_count'][0]['_text'])
fav_genres = user['favorite_books'][0]['_text'].split(', ')
shelves = user['user_shelves'][0]['user_shelf']
shelf_info = {
shelf['name'][0]['_text']: int(shelf['book_count'][0]['_text'])
for shelf in shelves
}
stats = {
'friendsCount': friends_count,
'reviewsCount': reviews_count,
'books': {
'numberShelves': len(shelves),
'shelves': shelf_info,
},
'favoriteGenres': fav_genres,
}
return json.dumps(stats)
def run(self):
return request(self.base_url)
