def test_kb_list_shells_rfi_port_scan_2181(self):
"""
:see: https://github.com/andresriancho/w3af/issues/2181
"""
w3af_core = w3afCore()
vuln = MockVuln()
url = URL('http://moth/?a=1')
freq = FuzzableRequest(url)
exploit_mutant = QSMutant.create_mutants(freq, [''], [], False, {})[0]
shell = PortScanShell(vuln, w3af_core.uri_opener, w3af_core.worker_pool,
exploit_mutant)
kb.append('a', 'b', shell)
shells = kb.get_all_shells(w3af_core=w3af_core)
self.assertEqual(len(shells), 1)
unpickled_shell = shells[0]
self.assertEqual(shell, unpickled_shell)
self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener)
self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool)
self.assertEqual(unpickled_shell._exploit_mutant, exploit_mutant)
w3af_core.quit()
def test_kb_list_shells_xpath_2181(self):
"""
:see: https://github.com/andresriancho/w3af/issues/2181
"""
w3af_core = w3afCore()
vuln = MockVuln()
str_delim = '&'
true_cond = ''
use_difflib = False
is_error_response = IsErrorResponse(vuln, w3af_core.uri_opener,
use_difflib)
shell = XPathReader(vuln, w3af_core.uri_opener,
w3af_core.worker_pool, str_delim, true_cond,
is_error_response)
kb.append('a', 'b', shell)
shells = kb.get_all_shells(w3af_core=w3af_core)
self.assertEqual(len(shells), 1)
unpickled_shell = shells[0]
self.assertEqual(shell, unpickled_shell)
self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener)
self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool)
self.assertEqual(unpickled_shell.STR_DELIM, shell.STR_DELIM)
self.assertEqual(unpickled_shell.TRUE_COND, shell.TRUE_COND)
self.assertEqual(unpickled_shell.is_error_resp.use_difflib, use_difflib)
self.assertEqual(unpickled_shell.is_error_resp.url_opener,
w3af_core.uri_opener)
w3af_core.quit()
def executeCommand(self,shellId, command,params):
shells = kb.get_all_shells()
response = None
for shell in shells:
if shell.id == shellId and command is not None:
response = shell.generic_user_input(command,params)
if response is not None:
print "[*] Response: %s" %(response)
else:
print "[-] No response received. Check the shell that you've entered. Exists?"
def listShells(self):
shells = kb.get_all_shells()
print "[*] List of shells."
tableShells = PrettyTable(["Id","OS","System","User","System Name"])
for shell in shells:
tableShells.add_row([shell.id,
shell.get_remote_os(),
shell.get_remote_system(),
shell.get_remote_user(),
shell.get_remote_system_name()])
print tableShells
def test_pickleable_shells_get_all(self):
class FakeCore(object):
worker_pool = Pool(1)
uri_opener = ExtendedUrllib()
core = FakeCore()
original_shell = Shell(MockVuln(), core.uri_opener, core.worker_pool)
kb.append('a', 'b', original_shell)
unpickled_shell = list(kb.get_all_shells(core))[0]
self.assertEqual(original_shell, unpickled_shell)
self.assertEqual(unpickled_shell.worker_pool, core.worker_pool)
self.assertEqual(unpickled_shell._uri_opener, core.uri_opener)
core.worker_pool.terminate()
core.worker_pool.join()
core.uri_opener.end()
def test_kb_list_shells_file_upload_2181(self):
"""
:see: https://github.com/andresriancho/w3af/issues/2181
"""
w3af_core = w3afCore()
exploit_url = URL('http://w3af.org/')
shell = FileUploadShell(MockVuln(), w3af_core.uri_opener,
w3af_core.worker_pool, exploit_url)
kb.append('a', 'b', shell)
shells = kb.get_all_shells(w3af_core=w3af_core)
self.assertEqual(len(shells), 1)
unpickled_shell = shells[0]
self.assertEqual(shell, unpickled_shell)
self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener)
self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool)
self.assertEqual(unpickled_shell._exploit_url, shell._exploit_url)
w3af_core.quit()
def test_kb_list_shells_os_commanding_2181(self):
"""
:see: https://github.com/andresriancho/w3af/issues/2181
"""
w3af_core = w3afCore()
vuln = MockVuln()
vuln['separator'] = '&'
vuln['os'] = 'linux'
strategy = BasicExploitStrategy(vuln)
shell = OSCommandingShell(strategy, w3af_core.uri_opener,
w3af_core.worker_pool)
kb.append('a', 'b', shell)
shells = kb.get_all_shells(w3af_core=w3af_core)
self.assertEqual(len(shells), 1)
unpickled_shell = shells[0]
self.assertEqual(shell, unpickled_shell)
self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener)
self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool)
self.assertEqual(unpickled_shell.strategy.vuln, vuln)
w3af_core.quit()
def test_kb_list_shells_file_read_2181(self):
"""
:see: https://github.com/andresriancho/w3af/issues/2181
"""
w3af_core = w3afCore()
header_len, footer_len = 1, 1
vuln = MockVuln()
shell = FileReaderShell(vuln, w3af_core.uri_opener,
w3af_core.worker_pool, header_len, footer_len)
kb.append('a', 'b', shell)
shells = kb.get_all_shells(w3af_core=w3af_core)
self.assertEqual(len(shells), 1)
unpickled_shell = shells[0]
self.assertEqual(shell, unpickled_shell)
self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener)
self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool)
self.assertEqual(unpickled_shell._header_length, shell._header_length)
self.assertEqual(unpickled_shell._footer_length, shell._footer_length)
w3af_core.quit()
def test_kb_list_shells_eval_2181(self):
"""
:see: https://github.com/andresriancho/w3af/issues/2181
"""
w3af_core = w3afCore()
shellcodes = get_shell_code('php', 'ls')
shellcode_generator = shellcodes[0][2]
shell = EvalShell(MockVuln(), w3af_core.uri_opener,
w3af_core.worker_pool, shellcode_generator)
kb.append('a', 'b', shell)
shells = kb.get_all_shells(w3af_core=w3af_core)
self.assertEqual(len(shells), 1)
unpickled_shell = shells[0]
self.assertEqual(shell, unpickled_shell)
self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener)
self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool)
self.assertEqual(unpickled_shell.shellcode_generator.args,
shell.shellcode_generator.args)
w3af_core.quit()
def test_kb_list_shells_sqlmap_2181(self):
"""
Also very related with test_pickleable_shells
:see: https://github.com/andresriancho/w3af/issues/2181
"""
w3af_core = w3afCore()
target = Target(URL('http://w3af.org/'))
sqlmap_wrapper = SQLMapWrapper(target, w3af_core.uri_opener)
sqlmap_shell = SQLMapShell(MockVuln(), w3af_core.uri_opener,
w3af_core.worker_pool, sqlmap_wrapper)
kb.append('a', 'b', sqlmap_shell)
shells = kb.get_all_shells(w3af_core=w3af_core)
self.assertEqual(len(shells), 1)
unpickled_shell = shells[0]
self.assertEqual(sqlmap_shell, unpickled_shell)
self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener)
self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool)
self.assertIs(unpickled_shell.sqlmap.proxy._uri_opener,
w3af_core.uri_opener)
w3af_core.quit()
def test_kb_list_shells_file_read_2181(self):
"""
:see: https://github.com/andresriancho/w3af/issues/2181
"""
w3af_core = w3afCore()
header_len, footer_len = 1, 1
vuln = MockVuln()
shell = FileReaderShell(vuln, w3af_core.uri_opener,
w3af_core.worker_pool, header_len, footer_len)
kb.append('a', 'b', shell)
shells = kb.get_all_shells(w3af_core=w3af_core)
self.assertEqual(len(shells), 1)
unpickled_shell = shells[0]
self.assertEqual(shell, unpickled_shell)
self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener)
self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool)
self.assertEqual(unpickled_shell._header_length, shell._header_length)
self.assertEqual(unpickled_shell._footer_length, shell._footer_length)
w3af_core.quit()
def test_kb_list_shells_eval_2181(self):
"""
:see: https://github.com/andresriancho/w3af/issues/2181
"""
w3af_core = w3afCore()
shellcodes = get_shell_code('php', 'ls')
shellcode_generator = shellcodes[0][2]
shell = EvalShell(MockVuln(), w3af_core.uri_opener,
w3af_core.worker_pool, shellcode_generator)
kb.append('a', 'b', shell)
shells = kb.get_all_shells(w3af_core=w3af_core)
self.assertEqual(len(shells), 1)
unpickled_shell = shells[0]
self.assertEqual(shell, unpickled_shell)
self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener)
self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool)
self.assertEqual(unpickled_shell.shellcode_generator.args,
shell.shellcode_generator.args)
w3af_core.quit()
def test_kb_list_shells_sqlmap_2181(self):
"""
Also very related with test_pickleable_shells
:see: https://github.com/andresriancho/w3af/issues/2181
"""
w3af_core = w3afCore()
target = Target(URL('http://w3af.org/'))
sqlmap_wrapper = SQLMapWrapper(target, w3af_core.uri_opener)
sqlmap_shell = SQLMapShell(MockVuln(), w3af_core.uri_opener,
w3af_core.worker_pool, sqlmap_wrapper)
kb.append('a', 'b', sqlmap_shell)
shells = kb.get_all_shells(w3af_core=w3af_core)
self.assertEqual(len(shells), 1)
unpickled_shell = shells[0]
self.assertEqual(sqlmap_shell, unpickled_shell)
self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener)
self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool)
self.assertIs(unpickled_shell.sqlmap.proxy._uri_opener,
w3af_core.uri_opener)
w3af_core.quit()
def test_kb_list_shells_os_commanding_2181(self):
"""
:see: https://github.com/andresriancho/w3af/issues/2181
"""
w3af_core = w3afCore()
vuln = MockVuln()
vuln['separator'] = '&'
vuln['os'] = 'linux'
strategy = BasicExploitStrategy(vuln)
shell = OSCommandingShell(strategy, w3af_core.uri_opener,
w3af_core.worker_pool)
kb.append('a', 'b', shell)
shells = kb.get_all_shells(w3af_core=w3af_core)
self.assertEqual(len(shells), 1)
unpickled_shell = shells[0]
self.assertEqual(shell, unpickled_shell)
self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener)
self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool)
self.assertEqual(unpickled_shell.strategy.vuln, vuln)
w3af_core.quit()
def test_kb_list_shells_empty(self):
self.assertEqual(kb.get_all_shells(), [])
def test_kb_list_shells_empty(self):
self.assertEqual(kb.get_all_shells(), [])
